Android Security Threats Analysis Based On Dynamic And Static Taint Flow

As mobile devices become integrated into everyday life,mobile applications can create data leakage threats by accessing private data and networks.Therefore,it is necessary to design effective techniques to analyze and detect these threats.At present,the taint flow analysis for Android malware can mainly divided into two kinds---static and dynamic.Static analysis is based on the features which are extracted without executing the code,while dynamic analysis is based on the features which are extracted when the code executing.In general,static analysis is more efficient,it examines all data flows in detail and pinpoints the problematic data flow.However,static analysis may lead to false reports because of over-computation,and it may lead to miss reports because of hidden maliciousness when the applications are not running.Dynamic analysis can handle dynamic code loading and system calls which occur with the applications running,but it consumes much time and system resources.In this paper,we present a dynamic and static taint flow analysis method.This method is based on open source solutions,it can help security professionals understand the threat analysis process in the Android environment better.In this method,we first perform static taint analysis,filter out applications with suspicious sensitive privacy leaks.Then we upload the applications to the sandbox to run them automatically,we use a tool to analyze the applications,obtain log files,confirm malicious behaviors in the applications,and notify users the results.In the static taint flow analysis section,our method based on Flow Droid,it is a novel and highly accurate static taint flow analysis tool for Android applications.On the basis of the control flow and data flow analysis,and reachability analysis,we provide intra-procedural and inter-procedural analysis and the corresponding methods at the same time.Meanwhile,we have added various analysis of vulnerabilities,including API misuse,privilege escalation,denial of service,Fake ID and so on.We can also combine multiple.dex files for analysis,optimize for its accuracy and efficiency,and give the metrics of degree of maliciousness in the result part.In the dynamic taint flow analysis section,we use Taint Droid,an efficient system-level dynamic taint tracking and analysis system that can track multiple sensitive privacy data sources simultaneously.And feed it back in real time to users and security providers what is the applications doing.Finally,the ADB is used to combine the dynamic and static taint flow analysis parts to achieve automation.In experiment part,a variety of different data sets were tested.We test 1146 normal samples and 1260 known malicious samples both on our method and Flow Droid and after the combination of Flow Droid and Taint Droid.The results show that the proposed method significantly reduces the false positive rate and the false negative rate.The method proposed in this paper also has a good performance on Insecure Bank.In addition,a comparison test of our method and a set of popular tools on the Droid Bench,shows the accuracy of our method reached 96.49% which is 0.12 averagely higher than other tools,otherwise,the recall rate reached 95.65% which is 0.45 averagely higher than other tools,the value of F1-Measure is also optimal.According to the comprehensive experimental results,the proposed method can effectively improve the correct,accuracy and recall rate,as well as F1-Measure,which proves that the dynamic and static-based taint flow analysis is feasible and efficient.