本文選題：Android平臺　切入點(diǎn)：惡意軟件檢測　出處：《北京工業(yè)大學(xué)》2014年碩士論文

【摘要】：近年來，隨著移動互聯(lián)網(wǎng)的快速發(fā)展，智能手機(jī)生產(chǎn)成本的下降，很多電腦功能也慢慢往手機(jī)端遷移，使得智能手機(jī)的功能越來越強(qiáng)大。和PC（PersonalComputer）端相比，智能終端更輕便、更貼近用戶，漸漸融入人們的日常工作生活，并成為其不可或缺的一部分。智能手機(jī)以其便攜的優(yōu)勢滿足了人們隨時獲取資訊、發(fā)展社交等需求的同時，隨著其普及率越來越高，也成為了黑客和惡意軟件攻擊的重要目標(biāo)。在各智能手機(jī)平臺中，Android平臺所受惡意軟件威脅最為嚴(yán)重。 本文以Android平臺為研究對象，通過對Android操作系統(tǒng)的安全機(jī)制的分析，總結(jié)研究了目前Android平臺安全方案以及相應(yīng)惡意軟件檢測技術(shù)。通過分析對比手機(jī)平臺和計算機(jī)的各自特點(diǎn)，在充分考慮Android平臺特性的基礎(chǔ)上，將計算機(jī)領(lǐng)域的惡意軟件檢測方法應(yīng)用到Android平臺，設(shè)計一種基于權(quán)限的惡意軟件檢測方法；通過挖掘用戶對安全軟件的不同應(yīng)用需求，拓展安全軟件的使用場景，設(shè)計了一種多模式的Android平臺安全系統(tǒng)模型。本文的主要工作包括： （1）設(shè)計一種多模式的Android平臺安全系統(tǒng)模型，該系統(tǒng)能很好地照顧到不同用戶的需求，實(shí)現(xiàn)在不同應(yīng)用場景下進(jìn)行不同檢測模式的靈活切換。系統(tǒng)將終端檢測、本地PC端檢測、云端檢測相結(jié)合，使用戶無論采用何種檢測模式，都能夠?qū)崿F(xiàn)對手機(jī)進(jìn)行有效檢測。 （2）設(shè)計一種基于ADB(Android Debug Bridge，Android調(diào)試橋)的本地PC端檢測方式，可以在沒有網(wǎng)絡(luò)、手機(jī)端沒有安裝安全軟件的情況下，將手機(jī)端的文件傳輸?shù)絇C端進(jìn)行檢測�？朔水�(dāng)手機(jī)不能連接網(wǎng)絡(luò)時，傳統(tǒng)的基于云端檢測的安全系統(tǒng)將無法使用的弊端。 （3）通過使用相關(guān)工具，對APK進(jìn)行反編譯，進(jìn)而生成靜態(tài)分析報告。 （4）在系統(tǒng)主要檢測算法設(shè)計上，通過研究Android的權(quán)限控制機(jī)制，結(jié)合機(jī)器學(xué)習(xí)方法，設(shè)計一種基于權(quán)限的惡意軟件檢測方法。由于手機(jī)端資源有限，在手機(jī)端應(yīng)用該算法時，采用PCA（Principal Component Analysis，主成分分析方法）算法進(jìn)行降維處理，這時對未知樣本的檢測準(zhǔn)確率為92.5%，誤報率為7.5%；PC端則不做降維處理，，對未知樣本檢測準(zhǔn)確率為94.05%，誤報率為6%。
[Abstract]:In recent years, with the rapid development of mobile Internet, the production cost of smart phone has decreased, and many computer functions have been moving to the mobile side, which makes the function of smart phone more and more powerful. Compared with PC personal computer, smart terminal is more portable. Getting closer to users, gradually integrating into people's daily work and life, and becoming an integral part of it. Smart phones, with their portable advantages, meet people's needs for access to information, social development, and so on at any time. With its increasing popularity, it has also become an important target of hackers and malware attacks. Android platform is the most seriously threatened by malware in various smartphone platforms. This paper takes the Android platform as the research object, through the analysis of the security mechanism of the Android operating system, summarizes and studies the current Android platform security scheme and the corresponding malware detection technology. On the basis of fully considering the characteristics of Android platform, the malware detection method in computer domain is applied to Android platform, and a malware detection method based on authority is designed. A multi-mode Android platform security system model is designed by extending the usage scenario of security software. The main work of this paper is as follows:. 1) Design a multi-mode Android platform security system model, this system can meet the needs of different users, and realize the flexible switching of different detection modes in different application scenarios. The combination of cloud detection enables users to carry out effective detection of mobile phones no matter what detection mode they adopt. Design a local PC side detection method based on ADB(Android Debug Bridge), which can be used in the case of no network and no security software installed on the mobile phone. When the mobile phone can not connect to the network, the traditional security system based on cloud detection can not be used. Through the use of related tools, decompilation of APK, and then generate static analysis report. 4) in the system main detection algorithm design, through the research Android authority control mechanism, unifies the machine learning method, designs a kind of malware detection method based on the authority. The PCA(Principal Component Analysis (PCA) algorithm is used to reduce the dimension. At this time, the detection accuracy of unknown samples is 92.5, the false alarm rate is 7.5%, the accuracy of detecting unknown samples is 94.05, and the false alarm rate is 6%.
【學(xué)位授予單位】：北京工業(yè)大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 宋杰;黨李成;郭振朝;趙萌;;Android OS手機(jī)平臺的安全機(jī)制分析和應(yīng)用研究[J];計算機(jī)技術(shù)與發(fā)展;2010年06期

本文編號：1683500