| With the rapid development of smartphones,a large variety of applications are provided to accomplish people’s daily needs,which makes smartphones become the indispensable part of people’s life.When people use these applications,they have to save a lot of personal private information in their phones,which is coveted by attackers.In recent years,as the most popular mobile operation system on smartphones,Android has already become the main target of the malicious applications.These malware can not only steal users’ sensitive data,but also abuse system resources to interrupt devices’ normal usage,more seriously,make physical damage to the equipment.Nowadays,the research on Android malware has become one of the research hotspots in Information Security field.In this paper,we propose a new dynamic Android malware detection scheme based on analyzing application’s network behavior.In order to achieve this scheme,we not only analyze the weakness and of the existing Android malware detection schemes,but also do research on Android security mechanism,Android automated testing,Android application development and Python data analysis.The main achievements in this paper are listed as follows:1.Proposing a new Android automatic black box testing scheme,which combines Robotium and Monkey.The scheme uses Monkey to complete the click,touch or press operations,and it utilizes Robotium to do some sensitive operations(e.g.inputting the testing username or password).This black box testing scheme can achieve the goal to run the testing application automatically in our dynamic detection scheme,which can cover the sensitive operations highly.2.Developing a new Android network monitor application.This application runs on any Android device.When the application begins to monitor an Android device,it will capture all applications’ network flow information and saved the information into CSV files that are convenient to analyze.Comparing with other network monitors,our application’s efficiency is higher,and it is easier to perform this monitor,which only needs the device’s root permission.3.Proposing a new dynamic Android malware detection scheme based on analyzing application’s network behavior.In this scheme,the suspicious application will run automatically,and then the network monitor will capture its network behavior.After that,the IP information of the application’s network behavior will be selected as the detection feature.Next,we use the anomaly detection scheme to find the abnormal network behavior,if there existing abnormal network behaviors,the suspicious application will be confirmed as the malicious application.The experimental result shows that our scheme can detect the known repackaged malware very efficiently. |
PDF Full Text Request