A Packing Checking Method Based on the Dynamic Behavior of APK Packing Software

Abstract

The invention discloses a shell checking method based on dynamic behaviors of APK (android package) packing software. According to the method, aiming at a shell procedure, dynamic behavior monitoring is performed on call of a system function and a characteristic function through a Hook function of the android system; when the monitored functions are called, skip is performed to the Hook function for recording, and the type of the corresponding shell procedure is obtained through feature comparison, wherein call behaviors of the APK packer software on the general system function and the characteristic function are detected respectively through the Hook function, and features of a packing call general system function and features of a packing call characteristic function are constructed; corresponding feature libraries can be constructed. During shell checking, certain packing program is started; dynamic behavior monitoring is performed on function call of the packing program through the Hook function, features of function call are recorded and matched with the feature libraries, and a shell checking result is obtained. According to the method, the types of mainstream APK shells can be detected effectively, and the accuracy and efficiency for analyzing packing malicious codes are improved.

Description

technical field [0001] The invention belongs to mobile client App security technology, relates to the packing of an Android application program installation package (APK, AndroidPackage), and in particular relates to a shell checking method based on the dynamic behavior of APK packing software. Background technique [0002] With the increasing popularity of mobile technology applications, the mobile software industry has developed rapidly. At the same time, there are more and more Trojan horses and virus malicious code software targeting mobile terminals. Cheetah Mobile Security data shows that in 2014, 280 million Android phones were infected with viruses worldwide, with an average of 800,000 Android phones being infected every day. China topped the list with nearly 120 million phones being infected. According to the report of 360 Internet Security Center, in 2014, only 360 Internet Security Center intercepted a total of 3.26 million new malicious program samples on the And...

AI Technical Summary

Problems solved by technology

This method of checking files based on static file features has relatively large limitations. The problem is that the result of file checking can be confused by modifying the binary file to erase the feature code or modifying the feature code, so that the accuracy of the file checking result can be improved. Low, low shell checking efficiency

Images