A memory detection device and method based on android virtual container

Abstract

The present invention provides a memory detection device based on an Android virtual container, which is located in a virtual container. The virtual container is located at the Android application layer and is isolated from the real system environment. The device includes: an application acquisition module for acquiring and parsing external The apk file in the storage; the application loading module is used to load and run the apk file; the memory acquisition module is used to obtain the data structure of the apk file in the memory through the system function when the apk file is running; the memory detection module is used for The data structure is used for malicious detection; the result output module is used to display the result of malicious detection. The invention realizes a virtual container in the Android application layer, obtains various data structures in the memory of the application to be tested in the virtual container for malicious detection, and does not need root authority, and can also detect the reinforced application.

Description

technical field [0001] The invention belongs to the technical field of mobile security, and in particular relates to an Android virtual container-based memory detection device and method. Background technique [0002] As mobile devices become more and more intelligent, people are increasingly inseparable from mobile devices in their lives. While smart devices bring convenience to our lives, they also bring a lot of security problems. Malicious applications on mobile devices emerge in endlessly. , especially the number of malicious applications on the Android platform is growing faster and faster. At present, the detection methods for the Android platform are mainly divided into static detection and dynamic detection: static detection is mainly by comparing the static feature library, from the structural characteristics of the application, the fingerprint , code structure, specific instructions and other multi-dimensional static features to match malicious applications. The a...

AI Technical Summary

Problems solved by technology

[0002] As mobile devices become more and more intelligent, people are increasingly inseparable from mobile devices in their lives. While smart devices bring convenience to our lives, they also bring a lot of security problems. Malicious applications on mobile devices emerge in endlessly. , especially the number of malicious applications on the Android platform is growing faster and faster. At present, the detection methods for the Android platform are mainly divided into static detection and dynamic detection: static detection is mainly by comparing the static feature library, from the structural characteristics of the application, the fingerprint , code structure, specific instructions and other multi-dimensional static features to match malicious applications. The advantage of this detection method is that every branch of the program can be traversed during the detection process, and the detection rate of common applications is high. The application of static detection technology cannot detect malicious code because the real code of the application cannot be obtained.

Dynamic detection is mainly based on the behavior monitoring of the application at runtime, and detects the corresponding malicious behavior according to the relevant model of malicious behavior. This method generally needs to modify the system source code or implement it through hooks. The implementation process requires root privileges. , and dynamic detection may not be able to traverse all branches of the program, resulting in specific malicious behaviors not being triggered, which will eventually lead to false positives

Images