Development of anomaly detection technique on Android Dalvik

• Main Authors: Chi-Han Lee, 李奇翰
• Other Authors: Mong-Fong Horng
• Format: Others
• Language: zh-TW
• Published: 2011
• Online Access: http://ndltd.ncl.edu.tw/handle/82033264719663172460

碩士 === 國立高雄應用科技大學 === 電子工程系 === 99 === Mobile devices are increasingly popular. However, the information security on mobile devices has not gradually been focused. Malicious applications easily downloading from Internet, attack the possible vulnerabilities on the mobile system. These attacks not only causes threats in system, also damages private user information. Android is a new-developed operating system for mobile devices and will become one of significant development trends of mobile devices. Android operates applications in an execution environment as called as Dalvik virtual machine(Dalvik VM). How to monitor and detect the malicious applications in Dalvik environment is the target problem investigated in this thesis. Based on the evidence of the self-duplication of malicious programs, the system memory is consumed in an abnormal manner. Thus when malicious codes hidden in the application, Dalvik memory usage will be unusual. This paper proposes a memory monitor tool, to analyze exception memory usage of Dalvik applications. based on the analysis, the security of applicatons is evaluated. With this tool, the security of unknown applications will be examined ensure the Android system security.