基于Android平台恶意软件动态检测方法设计与实现
关键词 安卓 Dalvik字节码 重构 动态检测
毕业论文设计说明书外文摘要
Title Design and Implementation of the Method of Dynamic Android Malware Detection
Abstract
With the continuous development of mobile network,smart mobile phone has played an important role in people’s life. As you all know now Android system has been widely used.We mainly study and analyze the Android framework to learn about the security mechanisms of Android system.After studying characteristics of malware and compare existing methods represented by other papers,we represent a method of dynamic detection of Android malware —— decompile APK of the Android application,then repackage the APK with inserting log codes for sensitive API calling in Dalvik byte codes.We install the new APK to an AVD and analyse logs after running the APK to make conclusions whether the APK is a kind of malware according to the received information . We use Python to realize the method which we believe has certain practical significance.
Keywords Dynamic detection Android Dalvik Repackage
目 次
1 引言 1
1.1 研究背景 1
1.2 研究现状 2
1.3 研究内容 3
2 Android系统内部机制和相关安全机制 4
2.1 Android系统架构分析 4
2.2 Android安全机制分析5
2.3 Android恶意软件6
2.4 本章小结6
3 相关技术背景介绍8
3.2 APK的反编译9
3.3 Python语言10
3.4 本章小结10
4 恶意软件动态检测方法设计11
4.1 需要关注的敏感API设置11
4.2 Smali文件的树形结构解析12
4.3 函数调用重构13
4.4 使用Dalvik字节码的函数重构15
4.5 APK打包和签名18
4.6 本章小结18
5 方法实现和测试19
5.1环境配置19
5.2 具体操作20
5.3 方法测试21
5.4 本章小结23
结论 24
致谢 25
参考文献26
图2.1 Android框架图4
图4.2.1 Smali文件结构图12
图4.2.2 Smali文件解析流程图13
图4.2.3 Smali文件去注释效果图(前)14
图4.2.4 Smali文件去注释效果图(后)14
图4.4.1 构造函数代码插桩示例(插桩前)17
图4.4.2 构造函数代码插桩示例(插桩后)17
图4.4.3 实例函数改写(改写前)18
图4.4.4 实例函数改写(改写后)18
图5.1 方法实现流程图22
图5.2.1 测试所使用的Android模拟器23
图5.2.2 实现步骤一截图23
图5.2.3 实现步骤二截图24
图5.2.4 解包生成文件24
图5.2.5 实现步骤三截图24
下一篇:手机游戏推荐技术研究