An easy-to-deploy behavior monitoring scheme for Android applications

doi:10.7523/j.issn.2095-6134.2015.05.016

›› 2015, Vol. 32 ›› Issue (5): 689-694.DOI: 10.7523/j.issn.2095-6134.2015.05.016

Previous Articles Next Articles

An easy-to-deploy behavior monitoring scheme for Android applications

WANG Xueqiang^1,2,3, LEI Lingguang^1,2, WANG Yuewu^1,2

1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
2. Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, Beijing 100093, China;
3. University of Chinese Academy of Sciences, Beijing 100049, China

Received:2014-08-20 Revised:2014-11-27 Online:2015-09-15

Abstract

Abstract:

Malicious applications pose tremendous threats to Android platform. More than 90% of malicious codes are introduced in the form of Android apps. Hence, behavior monitoring scheme for Android applications are required in order to resolve the problem. However, most of the schemes are based on system customization and hard to deploy on devices for Android's fragmentation problem. In this paper, an easy-to-deploy Android application monitoring method on the basis of process hijacking is proposed after analysis of Android process model and code execution details. The method depends on Dalvik interpreter entry point and system call interception. The authors created a fully usable prototype of the system, and the evaluation results show that the system is easy to deploy, provides a whole-scale behavior of Android applications, and incurs little performance overhead.

Key words: Android APP, behavior monitoring, Dalvik hijacking, dynamic instrumentation

CLC Number:

TP309

WANG Xueqiang, LEI Lingguang, WANG Yuewu. An easy-to-deploy behavior monitoring scheme for Android applications[J]. , 2015, 32(5): 689-694.

References

[1] Gartner. Gartner says smartphone sales accounted for 55 percent of overall mobile phone sales in third quarter of 2013[EB/OL].(2013-11-14)[2014-07-20]. http://www.gartner.com/newsroom/id/2623415.

[2] Cisco. Cisco 2014 annual security report[R/OL]. Cisco_2014_ASR.pdf. (2014)[2014-07-20].https://www.cisco.com/web/offer/gist_ty2_asset/

[3] Enck W, Ongtang M, McDaniel P. On lightweight mobile phone application certification[C]//Proceedings of the 2009 ACM Conference on Computer and Communication Security (CCS). 2009:235-245.

[4] Felt A P, Chin E, Hanna S, et al. Android permissions demystied[C]//Proceedings of the 2011 ACM Conference on Computer and Communication Security (CCS). 2011:627-638.

[5] Grace M C, Zhou Y, Wang Z, et al. Systematic detection of capability leaks in stock android smartphones[C]//19th Annual Network and Distributed System Security Symposium (NDSS). Internet Society, 2012.

[6] Jiang X X. Security alert:new sophisticated Android malware DroidKungFu found in alternative Chinese app markets[EB/OL].(2011-06-23)[2014-07-20]. http://www.csc.ncsu.edu/faculty/jiang/DroidKungFu.html.

[7] Bläsing T, Batyuk L, Schmidt A D, et al. An android application sandbox system for suspicious software detection[C]//5th International Conference on Malicious and Unwanted Software (MALWARE). 2010:55-62.

[8] Burguera I, Zurutuza U, Tehrani S N. Crowdroid:behavior-based malware detection system for android[C]//Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM). ACM, 2011:15-26.

[9] Enck W, Gilbert P, Chun B G, et al. TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones[C]//Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI). 2010:393-407.

[10] Xu R, Saïdi H, Anderson R. Aurasium:Practical policy enforcement for android applications[C]//Proceedings of the 21st USENIX Conference on Security Symposium. USENIX Association, 2012:539-552.

An easy-to-deploy behavior monitoring scheme for Android applications

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 1

Recommended Articles

Metrics

Comments