Research On The Method Of Dynamic Monitoring The Malware On Android System

With the popularity of smart phones,the number of mobile malware has rapidly increased,especially in recent years,mobile phones based on Android have dominated the smart phone market,and the number of malicious software for Android systems has been rising rapidly.Mobile phone malware mainly collects personal privacy information such as geographical location,contact,and SMS of mobile phone users,which seriously threatens the personal privacy of mobile phone users.Effective monitoring of malicious software and restoration of behavioral information can provide a strong basis for subsequent removal of malicious software.This thesis studies the Android system architecture and Android signature mechanism,and analyzes the security issues of Android system,and studies principles and advantages and disadvantages of the application layer monitoring mechanism,the application framework layer monitoring mechanism,the kernel layer monitoring mechanism,this thesis uses the behavior monitoring method based on the kernel layer to monitor the behavior of the application.It focuses on studying dynamic behavior monitoring method based on the kernel layer and application security evaluation policy.A dynamic monitoring approach for malware based on Android is designed.The dynamic behavior of the software is reconstructed by analyzing the system call of the application execution process.Combined with application system call behavior and parameter information,a static security defense policy based on permission list and a dynamic security evaluation policy based on context information are proposed.The thesis focuses on dynamic security evaluation policy and designs specific security evaluation strategies for the four different malicious behaviors of malicious software: rights leakage,collusion attack,financial attack,and privacy data stealing.In order to reduce the mobile terminal load,the MonkeyRunner tool is adopted to automatically installing and uninstalling the APK combining with the PC terminal.Experiments which select the most representative malware class in Malgenome Project data set for validation and testing have been conducted on the AVD to verify the proposed scheme.The results show that the approach can effectively monitor malware behavior and warn Android mobile users.