Dynamic Testing Method Of Android Malicious Application Based On File Access Rules

With the high-speed development of mobile Internet and the era of 4G,the price of the hardware is declining.This makes the rapid increase in the intelligent terminal.Android operating system as a mainstream operating system occupies a large market share,but the openness of the Android platform not only owned large usersbut also brought a lot of security problems.The current application for Android malware detection techniques mainly include static security detection and dynamic safety testing.Static test method is effective for known viruses.That can not detect whether malicious path is truly implemented.In order to make up the lack of static security detection,the dynamic security detectiondetect whether it trigger malicious behaviourin the process of running.But the dynamic test method has nothing to do with the injection of so library and the modification of.odex file.From the perspective of file access rules,this paper research the dynamic testing technology for Android malicious applications.By studying the kernel custom technology,that can monitore the behaviores of file access,which improve the detection depth.At the same time,to achieve the fast of the application under test and the effective judgment,this article embarks from the three latitude and custom file access rules library,which can improve the detection rate and reducing the rate of false positives.The main content of this paper are the following:(1)We put forword a dynamic testing method of Android malicious application based on file access rules.Firstly,this mehtod custom a Android kernel which can collect all file behaviors under the run of application.Then all the informationes are cleaned and structurd,which can remove irrelevant information and form prescribed format.Lastly,all the information compared with file rule base,determed whether that is malicious applications.(2)To detect the problem of insufficient depth,this paper will deploy monitory point to file operations within the kernel layer,such as open files,close the file,read files,written files,delete files,etc.Then we set monitory point to the kernel function which can realize the monitoring of the file system.and solved the problem of the deep malicious code injection undetectable.(3)To detect the problem of low efficiency,low detection rate,this article custom file access rule base,the rule library from three latitudes: no temporal policy set S,single file sequence policy set Q,timing strategy set U.That can coverage all behaviors of files and improve the detection rate.Through large scale experiments:it finds that dynamic testing method of Android malicious application based on file access rules has high detection rate and low false positives rate aiming at the problems of malicious code injection and.odex file modification.