Most of malicious behaviours of Android applications come from abuses of system resources,and the resources usage information serves to fast analysing the malicious behaviours.However,due to the characteristic of Android system using permission mechanism in its management,current system call-based method does not effective in monitoring Android applications resource usage.Aiming at this problem, we design and implement SysTracker,which is a technique based on system call and assisted with mapping relationship between API and system call to monitor the resource usage in Android applications.By intercepting and capturing the system call in Android applications and analysing the related information called by the system,the SysTracker restores the special system call sequence to corresponding API call with the help of mapping relation of API and system call,so as to recognise the resource usage information from the applications.Large-scale applications tests show that the recognition rate of SysTracker on API call reaches up to 99.2%,meanwhile,it is demonstrated by the analyses of a couple of applications that the SysTracker can intuitively reflect the situation of resources usage by the applications for quick identifying the malicious behaviours of the application.%安卓恶意应用行为大多源于对系统资源的非法使用,资源使用信息将有助于快速地分析恶意行为。然而,由于安卓系统使用权限机制对资源进行管理的特性,现有的基于系统调用监测安卓应用资源使用的方法并不行之有效。针对该问题,设计并实现了SysTracker:一种采用系统调用辅以API-系统调用映射关系来监测安卓应用资源使用的技术。SysTracker通过截获安卓应用程序中的系统调用,并对系统调用的相关信息进行解析,借助API-系统调用映射关系将特殊的系统调用序列还原为相应的API调用,从而识别出应用程序中资源使用信息。大规模的应用程序测试显示SysTracker对API调用的识别率高达99.2%。同时,通过对多款应用程序的分析表明,SysTracker能直观反映应用对资源使用的情况以快速识别出应用的恶意行为。
展开▼
