本文選題：網(wǎng)絡(luò)流量采集　切入點(diǎn)：Android程序遍歷　出處：《濟(jì)南大學(xué)》2017年碩士論文

【摘要】：隨著移動(dòng)終端的廣泛使用,尤其是智能手機(jī)的迅速普及,移動(dòng)智能終端給現(xiàn)代社會(huì)巨大的變革。然而隨著移動(dòng)應(yīng)用的普及和用戶數(shù)量爆發(fā)式增長(zhǎng),移動(dòng)智能終端的安全也面臨著巨大挑戰(zhàn)。在移動(dòng)終端惡意軟件檢測(cè)領(lǐng)域,近年來(lái)學(xué)術(shù)界和產(chǎn)業(yè)界關(guān)注的除了靜態(tài)特征碼和動(dòng)態(tài)行為分析方法之外,基于網(wǎng)絡(luò)流量特征的檢測(cè)方法日益被業(yè)界關(guān)注和研究。但這種檢測(cè)技術(shù)由于用到機(jī)器學(xué)習(xí)技術(shù)甚至是深度學(xué)習(xí)技術(shù),因此獲取海量的、有標(biāo)記的網(wǎng)絡(luò)流量數(shù)據(jù)成為了研究的首要任務(wù)。針對(duì)以上問(wèn)題,為達(dá)到快速收集指定應(yīng)用程序網(wǎng)絡(luò)流量數(shù)據(jù)的目的。本文設(shè)計(jì)并實(shí)現(xiàn)了基于集群架構(gòu)的移動(dòng)終端網(wǎng)絡(luò)流量采集與服務(wù)平臺(tái)。該平臺(tái)分為三部分,第一部分是存儲(chǔ)服務(wù)器,用于存儲(chǔ)應(yīng)用程序文件和網(wǎng)絡(luò)流量文件;第二部分是控制及服務(wù)系統(tǒng),用于整個(gè)平臺(tái)的控制;第三部分是采集集群,由采集流量計(jì)算機(jī)(采集機(jī))組成,用于采集移動(dòng)終端網(wǎng)絡(luò)流量。每一臺(tái)采集計(jì)算機(jī)中部署多線程網(wǎng)絡(luò)流量采集程序,采集計(jì)算機(jī)中開(kāi)啟多個(gè)線程,每一個(gè)線程通過(guò)程序?qū)崿F(xiàn)全自動(dòng)的應(yīng)用程序網(wǎng)絡(luò)流量收集任務(wù)。并且針對(duì)收集的網(wǎng)絡(luò)流量文件,本平臺(tái)可以對(duì)其進(jìn)行進(jìn)一步的處理,例如提取網(wǎng)絡(luò)流量中的DNS數(shù)據(jù)包、TCP流,提取目的地址為惡意地址的TCP流,網(wǎng)絡(luò)流量可視化等。應(yīng)用技術(shù)方面,平臺(tái)使用Python語(yǔ)言搭建了基于集群架構(gòu)的Android系統(tǒng)網(wǎng)絡(luò)流量采集系統(tǒng),并且編寫了專門的Android應(yīng)用程序界面遍歷腳本和采用PHP語(yǔ)言編寫的WEB端的管理系統(tǒng)。前者使得自動(dòng)化采集到的網(wǎng)絡(luò)流量更加接近真實(shí)環(huán)境下產(chǎn)生的網(wǎng)絡(luò)流量,后者則方便研究人員操作該平臺(tái)。本文利用平臺(tái)共采集68000余個(gè)安卓應(yīng)用程序,采集到網(wǎng)絡(luò)流量字節(jié)數(shù)大約21GB,經(jīng)過(guò)進(jìn)一步處理得到大約106萬(wàn)個(gè)TCP網(wǎng)絡(luò)流和88萬(wàn)個(gè)DNS請(qǐng)求,從DNS數(shù)據(jù)包中提取得到大約1萬(wàn)個(gè)請(qǐng)求的域名,再經(jīng)過(guò)檢測(cè)發(fā)現(xiàn)744個(gè)屬于惡意域名,進(jìn)一步提取出純惡意網(wǎng)絡(luò)流量大約1GB。目前該數(shù)據(jù)集不僅在本校實(shí)驗(yàn)室中使用,還共享給了內(nèi)布拉斯加大學(xué)林肯分校、湖南大學(xué)等研究團(tuán)隊(duì)。
[Abstract]:With the wide use of mobile terminals, especially the rapid popularization of smart phones, mobile intelligent terminals have brought great changes to modern society.However, with the popularity of mobile applications and the explosive growth of the number of users, the security of mobile intelligent terminals is also facing great challenges.In the field of mobile terminal malware detection, in recent years, in addition to static signature and dynamic behavior analysis methods, the detection methods based on network traffic characteristics have been paid more and more attention and research in academia and industry.However, due to the use of machine learning technology and even deep learning technology, obtaining massive and marked network traffic data becomes the primary task of the research.In view of the above problems, in order to achieve the purpose of fast collection of network traffic data for specified applications.This paper designs and implements a mobile terminal network traffic collection and service platform based on cluster architecture.The platform is divided into three parts, the first part is the storage server, which is used to store application files and network traffic files; the second part is the control and service system for the control of the whole platform; the third part is the collection cluster.By the collection flow computer (acquisition machine), used to collect mobile terminal network traffic.A multithread network traffic collection program is deployed in each acquisition computer, and multiple threads are opened in the acquisition computer. Each thread realizes the automatic network traffic collection task of the application program through the program.For the collected network traffic files, the platform can further process them, such as extracting DNS data packets from network traffic, extracting TCP flows with malicious address, network traffic visualization and so on.In terms of application technology, the platform uses Python language to build a network traffic acquisition system of Android system based on cluster architecture, and compiles a special Android application interface traversal script and a WEB management system written by PHP language.The former makes the automatically collected network traffic closer to the network traffic generated in real environment, while the latter is convenient for researchers to operate the platform.This paper uses the platform to collect more than 68000 Android applications, collects about 21GB of network traffic bytes, and gets about 10.6m TCP network streams and 880,000 DNS requests after further processing.Ten thousand requested domain names were extracted from DNS packets, and 744 domain names were found to be malicious domain names after detection, and the pure malicious network traffic was further extracted about 1 GB.The data set is not only used in our laboratory, but also shared with research teams at the University of Nebraska, Lincoln and Hunan University.
【學(xué)位授予單位】：濟(jì)南大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP393.06;TP311.52

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 諸葛建偉;段海新;谷亮;;中國(guó)互聯(lián)網(wǎng)信息安全地下產(chǎn)業(yè)鏈調(diào)查[J];信息安全與通信保密;2012年09期

相關(guān)博士學(xué)位論文 前6條

1 韓曉光;惡意代碼檢測(cè)關(guān)鍵技術(shù)研究[D];北京科技大學(xué);2015年

2 董航;移動(dòng)應(yīng)用程序檢測(cè)與防護(hù)技術(shù)研究[D];北京郵電大學(xué);2014年

3 趙大偉;移動(dòng)網(wǎng)絡(luò)安全若干關(guān)鍵問(wèn)題研究[D];北京郵電大學(xué);2014年

4 張?jiān)?安卓平臺(tái)安全性增強(qiáng)關(guān)鍵技術(shù)的研究[D];復(fù)旦大學(xué);2014年

5 劉芳;信息可視化技術(shù)及應(yīng)用研究[D];浙江大學(xué);2013年

6 何躍鷹;互聯(lián)網(wǎng)規(guī)制研究[D];北京郵電大學(xué);2012年

相關(guān)碩士學(xué)位論文 前7條

1 楊文;基于支持向量機(jī)的Android惡意軟件檢測(cè)方法研究[D];南京理工大學(xué);2015年

2 魏向宇;基于程序結(jié)構(gòu)特征的變形惡意程序靜態(tài)檢測(cè)[D];南京大學(xué);2014年

3 嚴(yán)愷;基于云計(jì)算的移動(dòng)醫(yī)療系統(tǒng)研究[D];中南大學(xué);2014年

4 李嘉;移動(dòng)智能終端軟件行為安全分析[D];南京理工大學(xué);2014年

5 王同欣;分布式計(jì)算框架Antnest的任務(wù)調(diào)度設(shè)計(jì)與實(shí)現(xiàn)[D];華中科技大學(xué);2012年

6 童瑞霞;基于動(dòng)態(tài)反饋機(jī)制的集群負(fù)載均衡算法研究[D];武漢理工大學(xué);2011年

7 王桂榮;計(jì)算機(jī)集群技術(shù)的研究與應(yīng)用[D];天津大學(xué);2003年

，

本文編號(hào)：1722730