| Detection of user privacy leakage for Android malware has always been an important concern in the field of malware analysis.However,with the rise and popularity of application packing technology,malicious applications also begin to hide its attack behavior through packing technology to avoid the detection by analysis tools.Therefore,the traditional tools that be used to detect malware with the privacy leakage behavior are no longer able to analyze the privacy leakage behavior of packed malware effectively.In order to solve this problem and meet the requirements,this thesis proposes a black box test method based on dynamic binary instrumentation technology.By using the idea of control variable method,it determines whether the application has privacy leakage behavior by studying the connection between privacy Sources and Sinks.AppLance,a prototype system,is designed and implemented based on this approach.Under the premise of not damaging the integrity of Android system and applications,AppLance can analyze and detect the behaviors of the packed or packed malware to leak private information through explicit data flow or implicit data flow.In addition,due to the lack of an available packed malware test suite,this article also presents a hand-built sample suite of 80 applications that leak privacy data in various ways,as well as 400 packing samples based on these applications.Finally,three comparative experiments are designed to verify the effectiveness and efficiency of the method and the system. |
PDF Full Text Request