Netinfo Security ›› 2016, Vol. 16 ›› Issue (7): 40-46.doi: 10.3969/j.issn.1671-1122.2016.07.007

• Orginal Article • Previous Articles     Next Articles

Research on Method of Android System Malware Behavior Monitoring Based on Multi-level and Cross-view Analysis

Jingya YANG, Senlin LUO, Shuai ZHU, Lewei QU   

  1. Information System and Security & Countermeasures Experimental Center, Beijing Institute of Technology, Beijing 100081, China
  • Received:2016-04-05 Online:2016-07-20 Published:2020-05-13

Abstract:

The existing methods applying to behavior monitoring of Android system need to either recompile the system or alter the applications which is monitored. Most of them are not comprehensive enough and cannot identify the hidden behaviors of malicious codes. According to the problems raised before, this paper proposes a method of Android system malware behavior monitoring which bases on multi-level and cross-view analysis. The paper uses the technology of process injection and loadable kernel, which monitors malware behavior in Java level, Native level and Kernel level. Then this paper obtains the result of behavior monitoring and identifies the hidden behaviors by cross-view analysis. Under Android simulator environment, the experiment uses 12 kinds of malware which can cover most of the malware behaviors. The results shows that the monitoring accuracy rate of malicious behavior reaches to 91.43%, and the method can detect the hidden behaviors effectively. So it has fine audit granularity and strong practicality.

Key words: Android system, behavior monitoring, cross-view

CLC Number: