are st stead eadily ily gai gainin ning g popu popular larit ity y, cre creati ating ng new app applic licati ation on are areas as as the their ir capabilities increase in terms of computational power, sensors and communication. Emerging new features of mobile devices give opportunity to new threats. Android is one of the newer operating systems targeting smartphones. While being based on a Linux kernel, Android has unique properties and specific limitations due to its mobile nature. This makes it harder to detect and react upon malware attacks if using conventional techniques. In this paper, we propose an Android Application Sandbox (AASandbox) which is able to perform both static and dynamic analysis on Android programs to automatically detect suspicious applications. Static analysis scans the software for malicious patterns without installing it. Dynamic analysis executes the application in a fully isolated environment, i.e. sandbo san dbox, x, whi which ch int interv ervene eness and log logss low low-le -level vel int inter eract action ionss wit with h the sys system tem for fur furth ther er analysis. Both the sandbox and the detection algorithms can be deployed in the cloud, providing a fast and distributed detection of suspicious software in a mobile software store akin to Google’s Android Market. Additionally, AASandbox might be used to improve the efficiency of classical anti-virus applications available for the Android operating system.is. Both the sandbox and the detection algorithms can be deployed in the cloud, providing a fast and distributed detection of suspicious software in a mobile software store akin to Google’s Android Market. Additionally, AASandbox might be used to improve the efficiency of classical anti-virus applications available for the Android operating system.
FUNCTIONAL REQUIREMENTS Incoming/outgoing network data The data transfer conducted by the android smartphone is retrive dfrom the phonelog. File read and write operations The file read write performed by the device is observed Started services and loaded classes through DexClassLoader The process running minimized in the background are monitered Information leaks via the network, file and SMS Any information leaks authorized or un authorized will be taken care of and listed in the log.In the dynamic analysis, system calls can be traced and corresponding reports are logged. These can be used for further investigations, either performed manually or automatically. Circumvented permissions The permissions issued to each runing processes will be monitered Sent SMS and phone calls The call and SMS log of the phone is retrived
SYSTEM DESIGN
Android kernel
APK repository
Tomcat Application server
logfile
My SQL databse
AVD emulator loaderwith APK
Log files
parser
Android application statitics
APK repository front end
Ubuntu Enterprise Infrastructure cloud
OUTPUT Web Log
The android application sandbox considers each individual process as a user in the system.rather each process is considered as different sessions under the user.Each user is provided a user ID ; likewise there is a group ID for each user groups. We maintain an apk repository where we populate some normal applications to be monitered. When the user select one application application it is loaded in the emulator in a different cloud instance .Th .Thee APK repository Tomcat Tomcat application server and mysql databse is maintained in one instance of cloud and the emulator loading the virtual instance of the apk is loaded in the second instance.Both these instances are maintained in an ubuntu enterprise cloud. The selected APK is monitered rather a log of all the actions or processes taking place while the App runs. The log files are parsed and the resulting A AVD VD log is obtained as the output which gives us an idea about any malicious activities taking place inside the android device.