Dynamic Analysis Of Android Software Based On Logs And Components

With the development of Android system,applications based on Android system appear constantly and have brought great convenience to our people's daily.But Android system and its applications are threatened by malwares,causing the phenomenon that the system files are accessed maliciously some applications are crashed inexplicably and are attacked by phishing websites.Users are faced with personal information leakage,even the loss of property,so it is necessary for safety testing on Android applications.There are two main methods of application security detection,namely,static analysis and dynamic analysis.Compared with static analysis,dynamic analysis is done by running applications and finding loopholes in applications.Dynamic analysis is targeted and with high accuracy.Therefore this paper focuses on the researches of dynamic analysis.Dynamic analysis has many check points,such as network data,logs,components,local files,local databases and server-side databases,since the components are the outermost layer characterization of Android applications,most vulnerability occurred on the components.Log is most capable of reacting the behavioral characteristics,so the detection point of this motion detection is set to logs and components,the contents of this article includes the following two aspects.In order to detect malicious software,the article design and implement the dynamic behavior detection system based on logs.The detection system is mainly through counting the information of system call,using machine learning algorithm K-Means ++ to do Classification process to identify whether the application contains malicious behavior or not.According to the program,we design the detection system which contains client and server.The client runs on the Android system,mainly collecting system calls information.The server run on the PC,mainly completing the extraction and filteration of data and the specifications treatment,also doing analysis using a correlation algorithm.In order to detect application components loopholes,the article design and improve the dynamic behavior of components-based detection system.The detection mainly analyses the parameter type of Android application components,namely the Intent object contains,construct the Intent object containing specific parameters,and pass it to the component to start.There are many types of loopholes.This paper selects three dangerous large and widespread vulnerabilities:local denial of service vulnerability,Intent-based vulnerabilities and file directory traversal vulnerability.According to the program,we design the detection system which consists of client and server,The client runs on the Android system,which is responsible for passing Intent object to be detected application and start the components.The server's responsibility is to analyze the type of object data and constract the intent object,which ensure the communication of client and server.The attacks by malware are mainly based on the vulnerabilities in the system and application.The harm of components vulnerabilities is the most direct and wide,so the timely excavations of the component vulnerabilities can effectively reduce the harm of malware.The combination of the two systems on the one hand can timely kill malicious software,and on the other hand can reduce the pathway of malware,which can effectively protect the user's safety.