本文選題：廣告插件 + 安全分析　； 參考：《北京郵電大學(xué)》2016年碩士論文

【摘要】：隨著移動互聯(lián)網(wǎng)產(chǎn)業(yè)快速發(fā)展,Android移動智能終端的普及,移動應(yīng)用創(chuàng)新不斷,移動應(yīng)用內(nèi)容已覆蓋人們生活的各個方面。用戶對移動應(yīng)用的需求,使得更多開發(fā)人員加入應(yīng)用開發(fā)的行列,也使得通過移動應(yīng)用嵌入廣告并通過廣告分成獲得收益的商業(yè)模式大為流行。并且隨著移動應(yīng)用廣告的產(chǎn)業(yè)規(guī)模不斷擴(kuò)大,移動應(yīng)用廣告面臨的安全風(fēng)險凸顯。一些移動應(yīng)用廣告存在一些安全性問題,如流量消耗、惡意扣費、隱私竊取等問題,所以很有必要對應(yīng)用中廣告插件的安全性進(jìn)行分析并對應(yīng)用中的廣告插件進(jìn)行檢測。論文首先對目前的廣告插件的研究現(xiàn)狀進(jìn)行總結(jié)分析,并從廣告插件的安全性和廣告插件檢測兩個方面分別作了分析。針對廣告插件的安全分析方面的研究,現(xiàn)階段主要集中在權(quán)限使用、函數(shù)調(diào)用的分析上,而且許多研究只針對其中某一項進(jìn)行分析,缺少對廣告插件安全性的全面分析。本文則針對廣告插件的安全漏洞與風(fēng)險、用戶信息收集、權(quán)限使用、及其他不良行為等方面進(jìn)行了全面的分析。最后根據(jù)分析結(jié)果,針對廣告插件的檢測總結(jié)提出了一種基于文件詞數(shù)特征的檢測思路。通過調(diào)研現(xiàn)有的廣告插件檢測方法,其中主要包括基于白名單的方式和基于語義分析并結(jié)合機(jī)器學(xué)習(xí)的方式,本文在分析這兩種方法優(yōu)缺點的基礎(chǔ)上,并結(jié)合了安全的分析結(jié)果,提出了一種基于反編譯數(shù)字序列的廣告插件檢測方法。該方法首先反編譯待檢測的應(yīng)用,對反編譯獲得的每個文件進(jìn)行詞數(shù)統(tǒng)計并記錄下文件的路徑信息,再根據(jù)廣告包名的形式和路徑信息對應(yīng)用模塊進(jìn)行劃分,可獲得每個模塊的詞數(shù)序列,并以此為特征借助機(jī)器學(xué)習(xí)的方法實現(xiàn)對廣告插件的檢測。這些詞數(shù)序列特征在一定程度上能夠避免獲取語義特征不足的情況,同時也能解決白名單方法中抗混淆的不足。通過實驗對比,結(jié)果表明,該特征在檢測廣告插件方面具有很好的性能,具有更高的準(zhǔn)確率。所以根據(jù)這種方法設(shè)計并實現(xiàn)了針對廣告插件檢測的系統(tǒng)。最后該系統(tǒng)實現(xiàn)了針對廣告插件的精確檢測。
[Abstract]:With the rapid development of mobile Internet industry and the popularity of Android mobile intelligent terminals, mobile applications are innovating constantly, and the content of mobile applications has covered all aspects of people's lives. Users' demand for mobile applications makes more developers join the ranks of application development. It also makes the business models which embed advertisements through mobile applications and get profits from advertising become popular. And with the continuous expansion of mobile application advertising industry, mobile application advertising security risks are highlighted. There are some security problems in some mobile application advertisements, such as traffic consumption, malicious charge deduction, privacy theft and so on. Therefore, it is necessary to analyze the security of advertising plug-in in the application and to detect the advertisement plug-in in the application. Firstly, this paper summarizes and analyzes the current research status of advertising plug-in, and analyzes the security of advertising plug-in and the detection of advertising plug-in respectively. The research on the security analysis of advertisement plug-in is mainly focused on the analysis of permission and function call at present, and many researches only focus on one of them, which is lack of comprehensive analysis of the security of advertising plug-in. This paper makes a comprehensive analysis of the security vulnerabilities and risks of advertising plug-ins, user information collection, access to authority, and other bad behavior. Finally, according to the analysis results, a new method based on the feature of file word number is proposed for the detection of advertisement plug-in. By investigating the existing methods of advertising plug-in detection, including whiteling-based approach and semantic analysis combined with machine learning, this paper analyzes the advantages and disadvantages of these two methods. Combined with the result of security analysis, a method of advertisement plug-in detection based on decompiler digital sequence is proposed. The method first decompiled the application to be detected, counted the number of words and recorded the path information of each file, then divided the application modules according to the form and path information of the advertisement package name. The word sequence of each module can be obtained, and based on this feature, the advertisement plug-in can be detected by the method of machine learning. To some extent, these word sequence features can avoid the lack of semantic features and solve the problem of anti-confusion in the whitelist method. The experimental results show that the feature has better performance and higher accuracy in the detection of advertising plug-ins. According to this method, the system of advertisement plug-in detection is designed and implemented. Finally, the system realizes the accurate detection of advertising plug-in.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2016
【分類號】：TP316;TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前4條

1 翟世俊;姚一楠;;移動互聯(lián)網(wǎng)安全發(fā)展趨勢及對策分析[J];移動通信;2015年11期

2 張玉清;王凱;楊歡;方U喚，

本文編號：1794813