發(fā)布時(shí)間：2018-04-03 23:20

  本文選題：Android安全　切入點(diǎn)：重打包惡意軟件　出處：《中國(guó)礦業(yè)大學(xué)》2017年碩士論文

【摘要】：隨著智能手機(jī)的快速發(fā)展,具備各種功能的手機(jī)軟件幾乎覆蓋了人們?nèi)粘Ｉ畹姆椒矫婷?這使得智能手機(jī)已經(jīng)成為了人們生活中不可或缺的工具。人們?cè)谑褂眠@些手機(jī)軟件的同時(shí),會(huì)不可避免地將個(gè)人隱私信息儲(chǔ)存在手機(jī)中,這些隱私信息也就成為了攻擊者們所垂涎的目標(biāo)。近些年來(lái),作為最流行的智能手機(jī)操作系統(tǒng),Android系統(tǒng)已經(jīng)成為了惡意軟件攻擊的主要目標(biāo)。這些惡意軟件不僅會(huì)盜取用戶隱私數(shù)據(jù),還會(huì)濫用系統(tǒng)資源,擾亂設(shè)備的正常使用甚至對(duì)設(shè)備造成物理?yè)p害。而對(duì)Android惡意軟件檢測(cè)的研究在近年來(lái)成為了信息安全領(lǐng)域的研究熱點(diǎn)之一。本文中分析了現(xiàn)有Android惡意軟件檢測(cè)方案的不足,通過(guò)對(duì)Android安全機(jī)制、Android自動(dòng)化測(cè)試、Android軟件開(kāi)發(fā)以及Python數(shù)據(jù)分析的學(xué)習(xí)與研究,設(shè)計(jì)了一種新的基于網(wǎng)絡(luò)行為分析的Android惡意軟件動(dòng)態(tài)檢測(cè)方案。本文的主要成果如下:1.設(shè)計(jì)了一種Android自動(dòng)化黑盒測(cè)試方法,該方法結(jié)合了Robotium和Monkey兩種Android自動(dòng)化測(cè)試技術(shù),在應(yīng)用程序的普通按鍵和觸碰操作中選擇Monkey方法用來(lái)進(jìn)行自動(dòng)化操作,在應(yīng)用程序的敏感操作中,例如登錄賬號(hào)等,則選擇Robotium方法來(lái)進(jìn)行精確的自動(dòng)化操作。該黑盒測(cè)試方法可以滿足在動(dòng)態(tài)檢測(cè)方案的需求,實(shí)現(xiàn)了對(duì)敏感操作的高度覆蓋。2.開(kāi)發(fā)了一個(gè)Android網(wǎng)絡(luò)監(jiān)聽(tīng)軟件,該軟件運(yùn)行在搭載著Android操作系統(tǒng)的終端設(shè)備上,軟件在執(zhí)行網(wǎng)絡(luò)監(jiān)聽(tīng)操作時(shí)可以獲取該終端上所有應(yīng)用程序的網(wǎng)絡(luò)流量信息,并在監(jiān)聽(tīng)操作終止時(shí)將這些數(shù)據(jù)信息以CSV的文件格式保存在本地,可以很方便地對(duì)這些數(shù)據(jù)進(jìn)行后續(xù)的操作分析。相比于其他一些獲取Android應(yīng)用程序網(wǎng)絡(luò)流量的方法,該軟件效率更高而且更容易被部署,其只需要操作系統(tǒng)的root權(quán)限即可完成所有的網(wǎng)絡(luò)監(jiān)聽(tīng)操作。3.提出了一種基于網(wǎng)絡(luò)行為分析的Android惡意軟件檢測(cè)方案,該方案的原理是在被檢測(cè)的應(yīng)用程序上自動(dòng)化模擬用戶的各種操作行為,利用Android網(wǎng)絡(luò)監(jiān)聽(tīng)工具獲取該過(guò)程中的網(wǎng)絡(luò)行為信息,從中篩選出與被檢測(cè)程序相關(guān)的數(shù)據(jù)信息并提取出IP地址信息作為檢測(cè)的特征值,利用所設(shè)計(jì)的異常檢測(cè)方法判斷出該應(yīng)用程序的網(wǎng)絡(luò)行為中是否存在異常,進(jìn)而判斷該程序是否為惡意軟件。通過(guò)評(píng)估實(shí)驗(yàn)驗(yàn)證,該方案能夠高準(zhǔn)確度地檢測(cè)出Android重打包惡意軟件。
[Abstract]:With the rapid development of smart phones, mobile phone software with various functions covers almost every aspect of people's daily life, which makes smartphone has become an indispensable tool in people's life.When people use these mobile phone software, they will inevitably store the personal privacy information in the mobile phone, which will become the target that the attackers coveted.In recent years, Android, the most popular smartphone operating system, has become the main target of malware attacks.These malware will not only steal user privacy data, but also abuse system resources, disturb the normal use of equipment and even cause physical damage to equipment.In recent years, the research on Android malware detection has become one of the hotspots in the field of information security.In this paper, the shortcomings of the existing malware detection schemes are analyzed, and the study and research on the Android security mechanism and the Python data analysis are given.A new dynamic detection scheme for Android malware based on network behavior analysis is designed.The main results of this paper are as follows: 1.A Android automatic black box test method is designed. This method combines Robotium and Monkey with two kinds of Android automatic testing techniques. Monkey method is selected to automate the operation in the common key and touch operation of the application program.In the application of sensitive operations, such as login account, select the Robotium method for accurate automation.The black box test method can meet the requirements of dynamic detection scheme and achieve a high coverage of sensitive operation. 2.A Android network monitoring software is developed. The software runs on terminal devices with Android operating system. The software can obtain network traffic information of all applications on the terminal while performing network monitoring operation.At the end of the listening operation, the data information is saved in the file format of CSV, which can be used to analyze the data conveniently.Compared with other methods to obtain network traffic of Android application, the software is more efficient and easier to deploy. It only needs the root permission of the operating system to complete all network listening operations.In this paper, a Android malware detection scheme based on network behavior analysis is proposed. The principle of this scheme is to simulate the user's operation behavior automatically on the detected application program.The network behavior information in the process is obtained by using the Android network monitoring tool, and the data information related to the detected program is screened out from it, and the IP address information is extracted as the characteristic value of the detection.The proposed anomaly detection method is used to determine whether there is any anomaly in the network behavior of the application, and then to determine whether the program is malware or not.The scheme can detect Android repackaged malware with high accuracy.
【學(xué)位授予單位】：中國(guó)礦業(yè)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP309;TP316

【參考文獻(xiàn)】

相關(guān)期刊論文 前8條

1 侯勤勝;曹天杰;;安卓惡意軟件的分析與檢測(cè)[J];河南科技大學(xué)學(xué)報(bào)(自然科學(xué)版);2015年05期

2 彭國(guó)軍;李晶雯;孫潤(rùn)康;肖云倡;;Android惡意軟件檢測(cè)研究與進(jìn)展[J];武漢大學(xué)學(xué)報(bào)(理學(xué)版);2015年01期

3 楊歡;張玉清;胡予濮;劉奇旭;;基于多類特征的Android應(yīng)用惡意行為檢測(cè)系統(tǒng)[J];計(jì)算機(jī)學(xué)報(bào);2014年01期

4 楊歡;張玉清;胡予濮;劉奇旭;;基于權(quán)限頻繁模式挖掘算法的Android惡意應(yīng)用檢測(cè)方法[J];通信學(xué)報(bào);2013年S1期

5 Jianlin Xu;Yifan Yu;Zhen Chen;Bin Cao;Wenyu Dong;Yu Guo;Junwei Cao;;MobSafe:Cloud Computing Based Forensic Analysis for Massive Mobile Applications Using Data Mining[J];Tsinghua Science and Technology;2013年04期

6 劉劍;孫可欽;汪孫律;;基于控制流挖掘的Android系統(tǒng)代碼漏洞分析[J];清華大學(xué)學(xué)報(bào)(自然科學(xué)版);2012年10期

7 戴威;鄭滔;;基于Android權(quán)限機(jī)制的動(dòng)態(tài)隱私保護(hù)模型[J];計(jì)算機(jī)應(yīng)用研究;2012年09期

8 劉昌平;范明鈺;王光衛(wèi);鄭秀林;宮亞峰;;Android手機(jī)的輕量級(jí)訪問(wèn)控制[J];計(jì)算機(jī)應(yīng)用研究;2010年07期

相關(guān)博士學(xué)位論文 前2條

1 曾述可;基于靜態(tài)分析的Android操作系統(tǒng)隱私保護(hù)機(jī)制評(píng)估方法研究[D];中國(guó)科學(xué)技術(shù)大學(xué);2014年

2 楊歡;協(xié)議漏洞挖掘及Android平臺(tái)惡意應(yīng)用檢測(cè)技術(shù)研究[D];西安電子科技大學(xué);2014年

，

本文編號(hào)：1707350