| 基于系统调用的安卓寄生木马的检测 |
| |
| 引用本文: | 朱雪梅,赵泽茂,张帆.基于系统调用的安卓寄生木马的检测[J].南阳理工学院学报,2014(6):45-48. |
| |
| 作者姓名: | 朱雪梅 赵泽茂 张帆 |
| |
| 作者单位: | 杭州电子科技大学通信工程学院,浙江杭州310018 |
| |
| 摘 要: | 在基于安卓操作系统的手机中,很多安全检测软件对独立存在的木马有很好的防范能力,却很难检测出依附于正常程序的寄生木马,文中提出一种新的安卓寄生木马检测方法,通过检测手机发送的数据包实时确定发送包的端口,再根据已确定的端口和系统提供的信息,将会发现通过该端口发送包的进程,接着追踪到创建该进程的应用程序,最后通过分析程序的系统调用序列判断其是否有寄生木马,仿真实验显示该方法可以有效地检测出安卓寄生木马。
|
| 关 键 词: | 安卓操作系统 数据包 木马检测 系统调用 |
DETECTION OF ANDROID PARASITIC TROJAN BASED ON SYSTEM CALL |
| |
| ZHU Xue-mei,ZHAO Ze-mao,ZHANG Fan.DETECTION OF ANDROID PARASITIC TROJAN BASED ON SYSTEM CALL[J].Journal of Nanyang Institute of Technology,2014(6):45-48. |
| |
| Authors: | ZHU Xue-mei ZHAO Ze-mao ZHANG Fan |
| |
| Institution: | (School of Communication Engineering, Hangzhou Dianzi University, Hangzhou 310018, China) |
| |
| Abstract: | Many safety testing software has a good ability to prevent, but it is difficult to detect the parasitic Trojan horse attached to the normal process. This paper presents a new detection method for android parasitic Trojan, which determines the port that sends packets in real time by detecting the package sent by phone. Then according to the information provided by system and the identified port, we will find the process of sending packets through the port, subsequently, trace to the application who creates the process, final- ly, through the analysis of program system call sequence to determine whether they contain parasitic Trojans. The simulation experiment shows the method can effectively detect the Android parasitic Trojan. |
| |
| Keywords: | Android system packets Trojan horse detection system call |
| 本文献已被 CNKI 维普 等数据库收录! |
|
