| With the arrival of the mobile Internet era, the popularity of intelligent terminals has reached a new height.More and more data will be stored in intelligent terminals by users. Howerver, the openness of of the Android platform which make it be the prime target for malware attacks, and the malware has the characteristics of high concealment, diversification and rapid growth. The research of dynamic monitoring on Android application that it can not only protect the phone system, but also can help associated vendors and testers analyze application's security level to achieve the requirements of the Ministry of industry.In a long period of time,the reasearch has important theoretical value and practical significance.The primary contributions of this thesis include:1) In this thesis, we realized the dynamic monitoring on sensitive operation, summarized the different methods on system monitoring, and made the dynamic monitoring more clear.2) The thesis researched current mobile phone system security threats, accessed relevant information, summarized the research status on Android security at home and abroad. In anddtion,we compared the realization of static analysis and dynamic analysis which are the two main methods on android securityand determine the way of dynamic injection to monitor system.3) The thesis studied some knowledge on injecting memory dynamically, understood the security mechanisms of Android, researched android's cross-process communication mechanism and applications'dynamic linking and loading mechanism under Android platform.The thesis also described the ELF file parsing process, determined the target process of injection, the case of Hooking key functions. The system used the ptrace function trace the debug process, provided the theoretical basis for the design of dynamic monitoring.4) The thesis designed and realized the android application dynamic monitoring system. According to the current problems of the Android platform, we listed the different modules' implementation scenarios.The whole system is divided into two different modules:Native layer and application layer. Native layer module is the core of the whole system, which can inject the custom coed into the target process,hook key methodin the process,intercepted and analyzed data. Application layer realizes the interaction with users, provides data for users and configurates the relevant file. PC-side is the system auxiliary module, which can make the post data storage and data analysis easier.5) Finally,we have tested the entire system of functionality, compatibility and performance. According to the results of the analysis, the monitoring system can effectively monitor the application of sensitive behavior and the leakage of sensitive data.Compared with the previous research, the realization of dynamic monitoring on Android application makes focus on monitoring efficiency and improving the method of monitoring files in this thesis and increases the compatibility between different systems. |
PDF Full Text Request