Design And Implementation Of Application Behavior Security Monitoring And Analysis System Based On Android

With the explosive development of mobile Internet,Android system as an open source mobile operating system is popular among major mobile phone manufacturers,which occupies a large share in the mobile Internet market.At the same time,the number of applications based on the Android platform also exhibits upward trend of mobile Internet.And since that,there exists security vulnerabilities,hackers use them as an attack portal,and made huge threat to users.So in the field of mobile security,the most important thing is how to discover application security vulnerabilities in an efficient way.This thesis mainly discusses how to mine security vulnerabilities which exist in the current Android application.On the basis of analyzing all kinds of security vulnerabilities,this thesis proposes three static analysis techniques including control flow based on Smali code,reverse tracking tainted data and path analysis of the Intent.Then,the Smali pile technology and the Fuzzing test technology are studied to analyze the application program dynamically.Finally,this thesis realizes the application,which includes behavior security monitoring and analysis system based on Android platform.Initially,this thesis introduces the research background and significance,and studies the current Android application security vulnerabilities mining technology and puts forward the existing deficiency.Secondly,this research introduces the Android platform architecture,the related knowledge of Android application development as well as the security mechanism provided by the Android platform and other content.And then,based on the research of the security vulnerabilities in the application,this thesis presents a security vulnerability mining method by combining the static analysis and dynamic analysis.In the static analysis phase,control flow graph is proposed based on Smali code,and the control flow is obtained by analyzing the jumping process in the running of the program.And then this thesis depicts tainted data reverse tracking technology based on register data of Smali.It starts from the output of the data points,combined with the control flow,and reversely track the data from register,finally forms the application?s data stream.Aimed at the communication between the components of the application,this research analyzes the path analysis of Intent,sets up the control flow and data flow between the components.The results of static analysis are mainly to get the relevant information of the application,including permission information of the application,data flow,security vulnerabilities factor and so on.In the dynamic analysis phase,the semi-valid data is obtained through the mutated Fuzzing test.And then the Smali code is constructed and inserted at the key point of the static analysis.Finally,we could monitor the behavior of the application and combine the results of the static analysis and security vulnerability library by running the program,to provide the application security analysis report.Finally,based on the above analysis technology principle,we build overall system prototype and make some tests on it,achieve the static analysis module and dynamic analysis module of Android applications respectively.From the test results,it indicates that behavior security monitoring based on the Android application and analysis system could mine information disclosure and other common security vulnerabilities that exist in application effectively.