Assessment of Android application's risk behavior based on a sandbox system
LI Zhoujun1, WU Chunming1, WANG Xiao2
1. School of Computer Science and Engineering, Beihang University, Beijing 100191, China;
2. National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100029, China
Abstract:Android has become the most popular operating system on mobile devices. However, the Android is an open source system with billions of applications. More users are choosing Android, so Android security problems are receiving much attention in the industry. Android of malware is already a major problem and cannot be avoided in the Android ecosystem. This paper describes a sandbox system based on Android 4.1.2 which can dynamically monitor and record application behavior. A risk assessment approach based on behavior analysis is given so that users can get an explicit risk prognosis for an application to improve their safety. Tests on malware and normal application samples verify the effectiveness of this risk assessment approach.
李舟军, 吴春明, 王啸. 基于沙盒的Android应用风险行为分析与评估[J]. 清华大学学报(自然科学版), 2016, 56(5): 453-460.
LI Zhoujun, WU Chunming, WANG Xiao. Assessment of Android application's risk behavior based on a sandbox system. Journal of Tsinghua University(Science and Technology), 2016, 56(5): 453-460.
[1] SCAP中文社区. Android漏洞信息库[Z/OL]. (2013-12-20). http://android.scap.org.cn. The SCAP Community of China. Android vulnerbilities database[Z/OL]. (2013-12-20). http://android.scap.org.cn. (in Chinese)
[2] 赛门铁克安全响应中心. 《互联网安全威胁报告》[Z/OL]. http://www.symantec.com/zh/cn/security_response/publications/threatreport.jsp. Symantec Security and Response Center. A survey of global security threat on the internet[Z/OL]. http://www.symantec.com/zh/cn/security_response/publications/threa-treport.jsp. (in Chinese)
[3] 张玉清, 王凯, 杨欢, 等. Android安全综述[J]. 计算机研究与发展, 2014,51(7):1385-1396. ZHANG Yuqing, WANG Kai, YANG Huan, et al. Survey of Android OS security[J].Journal of Computer Research and Development, 2014,51(7):1385-1396. (in Chinese)
[4] Enck W, Gilbert P, Chun B G, et al. TaintDroid:An information flow tracking system for real-time privacy monitoring on smartphones[J].Communications of the ACM, 2014,57(3):99-106.
[5] Reina A, Fattori A, Cavallaro L. A system call-centric analysis and stimulation technique to automatically reconstruct Android malware behaviors[C]//Proceedings of European Workshop on Systems Security. Prague, Czech Republic:EuroSec, 2013:135-141.
[6] Wei X, Gomez L, Neamtiu I, et al. ProfileDroid:Multi-layer profiling of Android applications[C]//Proceedings of the 18th Annual International Conference on Mobile Computing and Networking. Istanbul, Turkey:ACM, 2012:137-148.
[7] Yan L K, Yin H. DroidScope:Seamlessly reconstructing the OS and dalvik semantic views for dynamic Android malware analysis[C]//Proceedings of the 21st USENIX Conference on Security Symposium. Washington DC, USA:USENIX Security Symposium, 2012:569-584.
[8] Zhang Y, Yang M, Xu B, et al. Vetting undesirable behaviors in Android apps with permission use analysis[C]//Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. Hangzhou, China:ACM, 2013:611-622.
[9] Chen K Z, Johnson N M, D'Silva V, et al. Contextual policy enforcement in Android applications with permission event graphs[C]//Proceedings of 20th Annual Network & Distributed System Security Symposium. San Diego, USA:NDSS, 2013.
[10] Wu D J, Mao C H, Wei T E, et al. Droidmat:Android malware detection through manifest and API calls tracing[C]//Information Security (Asia JCIS), 2012 Seventh Asia Joint Conference. Tokyo, Japan:IEEE, 2012:62-69.
[11] Bläsing T, Batyuk L, Schmidt A D, et al. An android application sandbox system for suspicious software detection[C]//Malicious and Unwanted Software (MALWARE), 20105th International Conference. Nancy, France:IEEE, 2010:55-62.
[12] Wikipedia. Java native interface[Z/OL]. http://en.wikipedia.org/wiki/Java_Native_Interface.
[13] HAN T S, Kobayashi K. Mathematics of Information and Coding[M]. Washington, DC:American Mathematical Society, 2002.
[14] CM3. CaffeineMark[Z/OL]. http://www.benchmarkhq.ru/cm30/info.html.