CAJ | 학술논문

安卓恶意应用行为大多源于对系统资源的非法使用，资源使用信息将有助于快速地分析恶意行为。然而，由于安卓系统使用权限机制对资源进行管理的特性，现有的基于系统调用监测安卓应用资源使用的方法并不行之有效。针对该问题，设计并实现了SysTracker：一种采用系统调用辅以API-系统调用映射关系来监测安卓应用资源使用的技术。SysTracker通过截获安卓应用程序中的系统调用，并对系统调用的相关信息进行解析，借助API-系统调用映射关系将特殊的系统调用序列还原为相应的API调用，从而识别出应用程序中资源使用信息。大规模的应用程序测试显示SysTracker对API调用的识别率高达99．2％。同时，通过对多款应用程序的分析表明，SysTracker能直观反映应用对资源使用的情况以快速识别出应用的恶意行为。
안탁악의응용행위대다원우대계통자원적비법사용，자원사용신식장유조우쾌속지분석악의행위。연이，유우안탁계통사용권한궤제대자원진행관리적특성，현유적기우계통조용감측안탁응용자원사용적방법병불행지유효。침대해문제，설계병실현료SysTracker：일충채용계통조용보이API-계통조용영사관계래감측안탁응용자원사용적기술。SysTracker통과절획안탁응용정서중적계통조용，병대계통조용적상관신식진행해석，차조API-계통조용영사관계장특수적계통조용서렬환원위상응적API조용，종이식별출응용정서중자원사용신식。대규모적응용정서측시현시SysTracker대API조용적식별솔고체99．2％。동시，통과대다관응용정서적분석표명，SysTracker능직관반영응용대자원사용적정황이쾌속식별출응용적악의행위。
Most of malicious behaviours of Android applications come from abuses of system resources,and the resources usage information serves to fast analysing the malicious behaviours.However,due to the characteristic of Android system using permission mechanism in its management,current system call-based method does not effective in monitoring Android applications resource usage.Aiming at this problem, we design and implement SysTracker,which is a technique based on system call and assisted with mapping relationship between API and system call to monitor the resource usage in Android applications.By intercepting and capturing the system call in Android applications and analysing the related information called by the system,the SysTracker restores the special system call sequence to corresponding API call with the help of mapping relation of API and system call,so as to recognise the resource usage information from the applications.Large-scale applications tests show that the recognition rate of SysTracker on API call reaches up to 99.2%,meanwhile,it is demonstrated by the analyses of a couple of applications that the SysTracker can intuitively reflect the situation of resources usage by the applications for quick identifying the malicious behaviours of the application.