{"title":"Android恶意软件识别的反病毒API","authors":"Rafael Fedler, Marcel Kulicke, J. Schütte","doi":"10.1109/MALWARE.2013.6703688","DOIUrl":null,"url":null,"abstract":"On the Android platform, antivirus software suffers from significant deficiencies. Due to platform limitations, it cannot access or monitor an Android device's file system, or dynamic behavior of installed apps. This includes the downloading of malicious files after installation, and other file system alterations. That has grave consequences for device security, as any app - even without openly malicious code in its package file - can still download and execute malicious files without any danger of being detected by antivirus software. In this paper, we present a proposal for an antivirus interface to be added to the Android API. It allows for three primary operations: (1) on-demand file system scanning and traversal, (2) on-change file system monitoring, (3) a set of basic operations that allow for scanning of arbitrary file system objects without disclosing their contents. This interface can enable Android antivirus software to deploy techniques for malware recognition similar to those of desktop antivirus systems. The proposed measures comply with Android's security architecture and user data privacy is maintained. Through our approach, antivirus software on the Android platform would reach a level of effectiveness significantly higher than currently, and comparable to that of desktop antivirus software.","PeriodicalId":325281,"journal":{"name":"2013 8th International Conference on Malicious and Unwanted Software: \"The Americas\" (MALWARE)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":"{\"title\":\"An antivirus API for Android malware recognition\",\"authors\":\"Rafael Fedler, Marcel Kulicke, J. Schütte\",\"doi\":\"10.1109/MALWARE.2013.6703688\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"On the Android platform, antivirus software suffers from significant deficiencies. Due to platform limitations, it cannot access or monitor an Android device's file system, or dynamic behavior of installed apps. This includes the downloading of malicious files after installation, and other file system alterations. That has grave consequences for device security, as any app - even without openly malicious code in its package file - can still download and execute malicious files without any danger of being detected by antivirus software. In this paper, we present a proposal for an antivirus interface to be added to the Android API. It allows for three primary operations: (1) on-demand file system scanning and traversal, (2) on-change file system monitoring, (3) a set of basic operations that allow for scanning of arbitrary file system objects without disclosing their contents. This interface can enable Android antivirus software to deploy techniques for malware recognition similar to those of desktop antivirus systems. The proposed measures comply with Android's security architecture and user data privacy is maintained. Through our approach, antivirus software on the Android platform would reach a level of effectiveness significantly higher than currently, and comparable to that of desktop antivirus software.\",\"PeriodicalId\":325281,\"journal\":{\"name\":\"2013 8th International Conference on Malicious and Unwanted Software: \\\"The Americas\\\" (MALWARE)\",\"volume\":\"37 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"20\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 8th International Conference on Malicious and Unwanted Software: \\\"The Americas\\\" (MALWARE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MALWARE.2013.6703688\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 8th International Conference on Malicious and Unwanted Software: \"The Americas\" (MALWARE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MALWARE.2013.6703688","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
On the Android platform, antivirus software suffers from significant deficiencies. Due to platform limitations, it cannot access or monitor an Android device's file system, or dynamic behavior of installed apps. This includes the downloading of malicious files after installation, and other file system alterations. That has grave consequences for device security, as any app - even without openly malicious code in its package file - can still download and execute malicious files without any danger of being detected by antivirus software. In this paper, we present a proposal for an antivirus interface to be added to the Android API. It allows for three primary operations: (1) on-demand file system scanning and traversal, (2) on-change file system monitoring, (3) a set of basic operations that allow for scanning of arbitrary file system objects without disclosing their contents. This interface can enable Android antivirus software to deploy techniques for malware recognition similar to those of desktop antivirus systems. The proposed measures comply with Android's security architecture and user data privacy is maintained. Through our approach, antivirus software on the Android platform would reach a level of effectiveness significantly higher than currently, and comparable to that of desktop antivirus software.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
