發(fā)布時間：2019-01-03 16:56

【摘要】：隨著Android手機的硬件性能和市場占有率不斷提升，越來越多的黑客將目光投向Android手機。目前，關(guān)于移動終端安全問題的報告屢見不鮮，引起了研究學者的廣泛關(guān)注。本文深入研究基于Android平臺的可控僵尸網(wǎng)絡(luò)，掌握僵尸程序的實現(xiàn)方法和運行機理，探討各類僵尸網(wǎng)絡(luò)的控制策略，為Android手機安全防護軟件提供一個攻擊平臺。 本文通過獨立隔離實驗環(huán)境的建立、通信數(shù)據(jù)加密和僵尸程序自動銷毀三種策略實現(xiàn)系統(tǒng)的可控性，保證系統(tǒng)的安全性和無危害性。 本文通過對已有惡意代碼的研究與分析，完成了載體應(yīng)用和僵尸程序兩個模塊，僵尸程序通過代碼混淆手段隱藏在作為載體應(yīng)用的課程管理系統(tǒng)中。僵尸程序具有獲取用戶信息、后臺發(fā)短信、后臺打電話、向指定IP發(fā)起DDOS攻擊和數(shù)據(jù)處理五個功能。其中，數(shù)據(jù)處理模塊包含用戶信息上傳和控制命令解析兩個子模塊。 本文以WEB服務(wù)器作為Android平臺可控僵尸網(wǎng)絡(luò)的控制端，采用具有異步交互訪問功能的Tornado作為服務(wù)器框架，實現(xiàn)了信息展示與命令發(fā)布、數(shù)據(jù)庫設(shè)計以及通信控制三大模塊。信息展示與命令發(fā)布模塊用于控制者登錄、受控手機信息顯示和可視化命令發(fā)布。數(shù)據(jù)庫模塊采用MongoDB以JSON格式對用戶信息和控制命令進行存儲。通信控制模塊通過改進基于HTTP協(xié)議的輪詢機制，實現(xiàn)控制命令發(fā)布。 測試結(jié)果表明，本系統(tǒng)的Android手機端和WEB控制端的各個功能模塊均可穩(wěn)定運行，受控手機能夠根據(jù)控制命令執(zhí)行相關(guān)功能；含有僵尸程序的載體應(yīng)用在各版本Android手機的性能測試中也展示出了良好的性能；在真實環(huán)境下，系統(tǒng)也可以正常運行，能夠達到預(yù)期的效果。
[Abstract]:With the increasing hardware performance and market share of Android phones, more and more hackers are turning their attention to Android phones. At present, the report on the security of mobile terminals is common and has attracted the attention of researchers. In this paper, the controllable botnet based on Android platform is deeply studied, the realization method and running mechanism of botnet are grasped, and the control strategy of various botnet is discussed, which provides an attack platform for Android mobile phone security protection software. This paper realizes the controllability of the system through the establishment of the independent isolation experimental environment, the encryption of communication data and the automatic destruction of the zombie program, so as to ensure the security and no harm of the system. In this paper, two modules of carrier application and zombie program are completed through the research and analysis of existing malicious code. Zombie program is hidden in the curriculum management system as carrier application by means of code confusion. Zombie programs have access to user information, background messaging, background phone calls, DDOS attacks to the designated IP and data processing five functions. The data processing module includes two sub-modules: user information upload and control command parsing. In this paper, the WEB server is used as the control end of the controllable botnet on the Android platform, and the Tornado with asynchronous interactive access function is used as the server framework. The three modules of information display and command release, database design and communication control are realized. Information display and command release module is used to control the login, controlled mobile phone information display and visual command release. The database module uses MongoDB to store user information and control commands in JSON format. By improving the polling mechanism based on HTTP protocol, the communication control module can issue control commands. The test results show that each function module of the Android mobile phone and the WEB control end of the system can run stably, and the controlled mobile phone can perform the related functions according to the control command. The carrier with zombie program also shows good performance in the performance test of each version of Android mobile phone. In the real environment, the system can also run normally and achieve the desired results.
【學位授予單位】：哈爾濱工業(yè)大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前4條

1 張運凱,王方偉,張玉清,馬建峰;蠕蟲病毒的傳播機制研究[J];計算機應(yīng)用研究;2005年04期

2 懷進鵬;李沁;胡春明;;基于虛擬機的虛擬計算環(huán)境研究與設(shè)計[J];軟件學報;2007年08期

3 曉岸;;冷觀斯諾登事件的三個角度[J];世界知識;2013年13期

4 史創(chuàng)明,王立新;數(shù)字簽名及PKI技術(shù)原理與應(yīng)用[J];微計算機信息;2005年08期

，

本文編號：2399646