The malicious code causes huge damage. It not only steals users’ personal privacy, invades users’ rights, but also causes serious economic loss. Typical malicious code occupies with advanced technology such as hiding files, hiding progress and self-starting. However, all of these typical methods of attacking could destroy the integrity of system data. This paper proposes a method of data detecting integrity combined file data with memory data on Android system and solves the problems of not all-inclusive detection, relying on hardware, huge consumption of system and hard to transplant in existing methods. This method use the algorithm of MD5 Hash to detect the integrity of data based on credible baseline database. Firstly, the method ensures the integrity of ifle. Then the method detects the integrity of memory data. At last we obtain the result of detecting integrity of data. At the end of this paper, several experiments are done in the Android simulator environment. And the paper uses 7 malicious codes which attack detection of data in our experiments. The experiment shows that the rate of detecting is 100% and the CPU occupancy rate below 5%. This method has high accuracy, strong practicability, and does not rely on hardware.%恶意代码产生的危害巨大,不仅会窃取用户个人隐私、侵犯用户的权益,更会给用户造成严重的经济损失。典型的恶意代码采用高级技术实现文件、进程的隐藏和自启动等,但是,这些典型的攻击手段都会破坏系统的完整性。文章针对现有Android系统完整性检测方法存在的检测不全面、依赖硬件、系统消耗大、难以移植等缺点,提出了一种结合文件数据和内存数据的数据完整性检测方法。该方法基于可信的基线数据库,采用MD5哈希算法对文件数据完整性进行检测,在保证文件完整性的条件下,再进行内存数据完整性检测,最后获得数据完整性检测结果。文章最后在Android模拟器环境下,利用7种攻击数据完整性的恶意代码进行实验。实验结果表明,该方法针对几种典型恶意代码检测率为100%,CPU占用率小于5%,且不依赖硬件,准确率高,实用性强。
展开▼
