| Android Operating System,as a major mobile operating system,always takes the main share of the mobile operating system market.Therefore,the number of malware and repackaged applications aiming at Android platform is rocketing with each passing year.Exploring methods,targeting at detecting Android malware and analyzing Android repackaged application,becomes one of the hot spots of mobile security.There exist two major approaches for detecting Android malware and analyzing Android repackaged application: the code based analysis and the graphical user interface based analysis.Towards mitigating the high false positive rate issue and improving the performance of the static code analysis,I propose an Android malware detection system,CGIDroid,based on the isomorphism of sensitive API call graph.The experiment shows that CGIDroid can determine the maliciousness of a suspicious Android application and divide suspect malware samples into corresponding malware families with a high accuracy of 96.77% overall and even defend a certain extent of obfuscation.Towards analyzing the robustness of the graphical user interface based Android repackaged application detection system,I put forward three novel detection evasion methods.I leverage the dynamic resource loading and the dynamic code loading technique to interfere with the static user interface based Android repackaged application detection system.Moreover,I devise a novel floating window attack to invalidate the dynamic user interface based Android repackaged application detection system.The result implies that the robustness of the graphical user interface based Android repackaged application detection system needs to be improved and malicious attackers can easily evade the state-of-art Android repackaged application detection systems. |
PDF Full Text Request