Android program real-time behavior analysis method and system based on kernel

A behavioral analysis and behavioral technology, applied in the field of data processing, can solve problems such as undetectable and unguaranteed accuracy of behavioral analysis, and achieve the effects of low performance loss, good readability, and high accuracy

Inactive Publication Date: 2018-02-13
NANJING UNIV
View PDF1 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But these application analysis methods have their own shortcomings
The technical solution based on the Dalvik virtual machine cannot detect the behavior in the local code, and because it is at the same level as the application, it is easy to be detected and avoided by malware
The technical solution based on the virtual machine introspection method can detect the behavior in the local code, but because this type of method runs in a virtual environment, the malware will show different behaviors due to the difference in the execution environment, and the existing malware can detect Their operating environment and the use of anti-forensics technology to circumvent, which makes the accuracy of behavior analysis under the virtual machine introspection scheme cannot be guaranteed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android program real-time behavior analysis method and system based on kernel
  • Android program real-time behavior analysis method and system based on kernel
  • Android program real-time behavior analysis method and system based on kernel

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The technical solutions provided by the present invention will be described in detail below in conjunction with specific examples. It should be understood that the following specific embodiments are only used to illustrate the present invention and are not intended to limit the scope of the present invention.

[0047] figure 1 The overall architecture of the Android program real-time behavior analysis system based on the kernel provided by the present invention is mainly composed of four modules——initialization module, monitoring analysis module, information log recording module, and behavior reconstruction module. First of all, the initialization module will load the information of the Android interface definition language file required for parsing the Android inter-process communication into the memory, and the information exists in the form of a hash table in the memory. At the same time, the initialization module uses the loadable module technology, in the kernel In...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a kernel-based Android application real-time behavior analysis method and a behavior analysis system capable for implementing the method. The method comprises a system call monitoring initialization step, a kernel system call interception monitoring and parsing step, a parsing result-based information logging step and an information log-based application behavior reconstruction step. A system call is intercepted and parsed in a kernel, so that an application file, a network as well as inter-process communication and other particular behaviors of the Android system are reconstructed; the whole behavior analysis process is monitored in real time in the kernel, so that the accuracy of behavior obtaining is guaranteed; meanwhile, the kernel has the highest authority, so that malware is hard to evade the kernel; according to the method, no code in the Android system is modified, so that the performance loss is low; practice proves that a result of the method can serve as key evidence to be obtained and provides a reference for malware detection.

Description

technical field [0001] The invention belongs to the technical field of data processing, and in particular relates to a kernel-based Android program real-time behavior analysis method and system. Background technique [0002] As the popularity of smart mobile devices has increased, so has the malware targeting these devices. As an open source platform, Android has become an operating system with wide influence in the world, and currently occupies 80% of the market share. Therefore, the number of malicious software targeting the Android platform is also very large. At the same time, these malicious software have fast growing trend. There is a large amount of important user privacy information on Android devices, so this type of malware poses a huge threat to mobile phone security. [0003] In view of the above situation, it is very necessary to detect and discriminate malware. This requires understanding the behavior of malware. In recent years, the behavior analysis method...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F21/55
CPCG06F21/552G06F21/566
Inventor 伏晓阮豪骆斌周业茂
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap