| 引用本文: |
-
罗梵峰,马璐萍,谢静,黄庆佳.Android动态分析规避的防御技术综述[J].信息安全学报,已采用 [点击复制]
- Luo FanFeng,MA Luping,XIE Jing,HUANG Qingjia.A Survey of Defensive Techniques for Android Dynamic Analysis Evasion[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 动态分析是抵御Android恶意软件的重要手段,但近年来针对动态分析的规避技术不断涌现,恶意软件呈现隐蔽性和多样性特点,导致现有动态分析效能显著下降,对用户数据安全与财产构成严重威胁。为应对持续演进的动态分析规避技术,学术界提出多种防御方法,致力于实现对规避型恶意代码的高效识别与深度分析。尽管已有研究对相关技术进行综述,但普遍未能充分结合Android平台特性,或缺乏对静态分析与混合分析在防御中应用的关注。为系统应对这一挑战,本文回顾了当前规避技术分类与防御方法的发展历史,对2017年至2024年间针对Android动态分析规避的防御技术进行了全面且系统的回顾与总结。本文提出二维分类框架,从检测规避、缓解规避、检测并缓解规避这一防御目标维度,梳理和探讨了现有静态分析、动态分析和混合分析三类程序分析技术的具体方法及其融合策略;在此基础上对防御技术所依赖的动态分析规避数据集与评估方法进行评价与总结,梳理环境探测与条件触发基准测试,为后续研究与实证分析提供借鉴;讨论为了达成不同防御目标需要的程序分析方法选择的差异,并梳理防御技术如何回应Android应用程序开发特点;最后展望未来重要研究方向。本文为Android动态分析规避防御领域的研究人员和实践者提供了清晰的技术全景、系统的评估依据和明确的未来发展指引,以期为本领域的后续研究提供指导性参考。 |
| 关键词: Android,动态分析规避,程序分析,恶意软件 |
| DOI: |
| 投稿时间:2025-03-10修订日期:2025-09-19 |
| 基金项目:中国科学院战略重点研究计划(No.XDA0360203) |
|
| A Survey of Defensive Techniques for Android Dynamic Analysis Evasion |
|
Luo FanFeng, MA Luping, XIE Jing, HUANG Qingjia
|
| (Institute of Information Engineering, Chinese Academy of Sciences) |
| Abstract: |
| Dynamic analysis is a crucial technique for defending against Android malware. However, the recent proliferation of eva-sion techniques targeting dynamic analysis has increased the stealth and diversity of malware, undermining the effec-tiveness of existing dynamic analysis methods and posing a serious threat to user data security and financial assets. To counter these continuously evolving dynamic evasion techniques, the academic community has proposed various defen-sive methods aimed at the efficient identification and in-depth analysis of evasive malware. While several surveys on these techniques exist, they often fail to fully consider the specific characteristics of the Android platform or overlook the potential of static and hybrid analysis in defensive strategies. To systematically address this challenge, this paper presents a comprehensive and systematic review and summary of defensive techniques against Android dynamic analysis evasion published between 2017 and 2024, after reviewing the historical development of evasion technique classifications and their corresponding defense methods. The paper proposes a two-dimensional classification framework. Along the dimen-sion of defensive objectives—namely, detecting evasion, mitigating evasion, and both detecting and mitigating eva-sion—it categorizes and discuss the specific methods and integration strategies of three program analysis techniques: static, dynamic, and hybrid analysis. Building on this framework, this paper evaluates and summarize the datasets and evaluation methodologies used by these defensive techniques. The paper also survey the benchmarks for environment detection and conditional triggers to provide a reference for future research and empirical studies. Furthermore, this paper discusses the trade-offs in selecting program analysis methods to achieve different defensive goals and examines how these techniques address the unique characteristics of Android application development. Finally, it identifies key future research directions. This paper provides researchers and practitioners in the field of Android dynamic analysis evasion defense with a clear technological landscape, a systematic basis for evaluation, and explicit guidance for future develop-ment, intending to serve as a foundational reference for subsequent research in the domain. |
| Key words: Android, dynamic analysis evasion, program analysis, malware |
