Memory detecting device and method based on Android virtual container

Abstract

The invention provides a memory detecting device based on an Android virtual container. The device is located in the virtual container, and the virtual container is located in an Android application layer and isolated from a real system environment. The device comprises an application acquisition module used for acquiring and analyzing the apk file in an external memory, an application loading module used for loading and running the apk file, a memory acquisition module used for obtaining the data structure of the apk file in the memory through a system function when the apk file is run, a memory detection module used for conducting malicious detection on the data structure and a result output module used for displaying the result of malicious detection. According the the device, the virtual container is achieved in the Android application layer, data structures of various classes in the memory are obtained from the virtual container to conduct malicious detection, root access is not needed, and detection can also be conducted on reinforced application.

Description

technical field [0001] The invention belongs to the technical field of mobile security, and in particular relates to an Android virtual container-based memory detection device and method. Background technique [0002] As mobile devices become more and more intelligent, people are increasingly inseparable from mobile devices in their lives. While smart devices bring convenience to our lives, they also bring a lot of security problems. Malicious applications on mobile devices emerge in endlessly. , especially the number of malicious applications on the Android platform is growing faster and faster. At present, the detection methods for the Android platform are mainly divided into static detection and dynamic detection: static detection is mainly by comparing the static feature library, from the structural characteristics of the application, the fingerprint , code structure, specific instructions and other multi-dimensional static features to match malicious applications. The a...

AI Technical Summary

Problems solved by technology

[0002] As mobile devices become more and more intelligent, people are increasingly inseparable from mobile devices in their lives. While smart devices bring convenience to our lives, they also bring a lot of security problems. Malicious applications on mobile devices emerge in endlessly. , especially the number of malicious applications on the Android platform is growing faster and faster. At present, the detection methods for the Android platform are mainly divided into static detection and dynamic detection: static detection is mainly by comparing the static feature library, from the structural characteristics of the application, the fingerprint , code structure, specific instructions and other multi-dimensional static features to match malicious applications. The advantage of this detection method is that every branch of the program can be traversed during the detection process, and the detection rate of common applications is high. The application of static detection technology cannot detect malicious code because the real code of the application cannot be obtained.

Dynamic detection is mainly based on the behavior monitoring of the application at runtime, and detects the corresponding malicious behavior according to the relevant model of malicious behavior. This method generally needs to modify the system source code or implement it through hooks. The implementation process requires root privileges. , and dynamic detection may not be able to traverse all branches of the program, resulting in specific malicious behaviors not being triggered, which will eventually lead to false positives

Images