Design And Implementation Of A Software Dynamic Behavior Monitoring System Based On The Android Sandbox

The rapid development of mobile Internet technology dramatically changes customers' behavior. Now mobile intelligent terminal can not only achieve the function of the original communication but also network chat, E-mail, web browsing, taking a taxi, shopping, watching video,reservation, online payment, etc. The intelligent terminal brings great convenience to people's daily life, but at the same time, it also brings a great security threat to us. According to a survey in June 2015 researched by the market research company Kantar, China's smart phone operating system Android accounted for 74%, is currently the highest market share of smart phone operating system, the hacker is focus on the Android system too. Due to the Android market supervision is not power enough,a lot of the applications without security detection come into the market.When customers download and install this kind of applications, they usually cannot effectively distinguish whether the application is malicious or not.In order to improve the efficiency of the quality detection of Android applications, this paper designed and implemented the software dynamic behavior monitoring system based on the Android sandbox, the SDBM system. For mobile internet security services, the system can help the mobile internet security researchers convenient to get the reference evaluation results and analysis the dynamic behavior, help to analysis the application in the further step. For app stores, this system can help them detect the dynamic behavior of the application before put it in the app store. For national security assessment institution, the system can be used to audit the application and supervision the whole Android market.Now the major monitoring tools restricted by the Android mobile. In this paper, by modifying the Android system source code, monitored the API and deployed the Android emulator on the server, so the monitoring task can be done on the server, not affected by the hardware conditions.In this paper, the main work includes several aspects:Firstly, the current popular of the Android software dynamic analysis methods, static analysis methods were studied, compared and analyzed.The market research and requirement analysis of the SDBM system are based on the current security mechanism of the Android system safety problems.Secondly, design and implement the SDBM system. Analysis, design and implement the important part of the whole system, such as the user interaction module, user management module, log module, task scheduling module, data storage module, the APK installation and start-up module and malicious behavior trigger module. Combining with the current popular dynamic monitoring tools, modify the Android source code to mark the sensitive API's call. Different running applications are isolated by the Android sandbox. Automatically installing the applications and simulating the runtime environment to monitoring the applications.Thirdly, the system will be deployed on the server to test after the implementation. The test part including the function test compatibility test and performance test. After the test, this paper will conclude the problem the system exists and proposed the solutions.