本文選題：安卓惡意應用 + 敏感路徑��； 參考：《軟件學報》2017年09期

【摘要】：安卓系統(tǒng)在手機端操作系統(tǒng)中長期占據(jù)主導地位,但由于安卓系統(tǒng)開放共享的特性和不夠嚴謹?shù)牡谌绞袌鰧徍藱C制,安卓平臺受到眾多惡意應用的侵擾.結合靜態(tài)程序分析和機器學習方法,提出了基于敏感路徑識別的安卓應用安全性分析方法.首先,針對惡意應用中存在的惡意行為以及觸發(fā)條件,定義了敏感路徑;其次,針對安卓應用中存在大量組件間函數(shù)調用關系問題,提出了一種生成應用組件間函數(shù)調用關系圖的方法;再次,由于提取出的敏感路徑信息無法直接作為識別特征,實現(xiàn)了一種基于敏感路徑信息抽象的特征提取方法;最后,從Google Play、豌豆莢、Drebin等來源收集了493個應用APK文件作為實驗數(shù)據(jù)集,該方法的準確率為97.97%,高于基于API-Feature的檢測方法(90.47%).此外,在惡意應用和良性應用檢測的精度、召回率、F度量等方面,該方法均優(yōu)于API-Feature方法.另外,實驗結果表明:APK文件大小會影響實驗的結果,尤其體現(xiàn)在分析時間上(0~4MB大小的APK平均分析用時89s;文件增大后,平均分析用時增長明顯).
[Abstract]:Android has long dominated the mobile operating system, but the Android platform has been plagued by malicious applications because of its open and shared nature and its lack of rigorous third-party market auditing. Combined with static program analysis and machine learning, a security analysis method for Android applications based on sensitive path recognition is proposed. Firstly, a sensitive path is defined for malicious behavior and trigger conditions in malicious applications; secondly, there are a large number of function call relationships among components in Android applications. This paper proposes a method to generate function call graph between components. Thirdly, because the extracted sensitive path information can not be used as recognition feature directly, a feature extraction method based on the abstraction of sensitive path information is implemented. 493 APK files were collected from Google Playand Pea pod Drebin as experimental data sets. The accuracy of this method is 97.97, which is higher than that of API-feature based detection method (90.47%). In addition, this method is superior to the API-feature method in the detection accuracy, recall rate and F metric of malicious and benign applications. In addition, the experimental results show that the size of the 1: APK file will affect the results of the experiment, especially in the analysis time (the average analysis time of the APK with the size of 0 ~ 4MB is 89s; the average analysis time increases obviously when the file increases).
【作者單位】： 計算機軟件新技術國家重點實驗室(南京大學);南京大學計算機科學與技術系;南京郵電大學計算機學院;
【基金】：國家重點基礎研究發(fā)展計劃(973)(2014CB340702) 國家自然科學基金(61272080,91418202,61403187)~~
【分類號】：TP309;TP316
，

本文編號：2060526