【摘要】：隨著這幾年移動互聯(lián)網(wǎng)的快速發(fā)展,智能手機(jī)的快速普及,尤其是Android平臺的智能手機(jī)市場占有率逐年遞增。由于Android平臺自身特性和市場特性,也使得目前在Android平臺上軟件的惡意行為給用戶帶來巨大損失。因此,Android平臺軟件行為研究是大勢所趨。針對PC和WEB的軟件行為研究已經(jīng)日益成熟,而Android平臺較PC端在軟件、硬件方面都存在差異,因此,Android平臺軟件行為相關(guān)研究有必要進(jìn)行專門研究。目前,針對軟件行為相關(guān)研究,國內(nèi)外已進(jìn)行了大量工作。有基于特征代碼的檢測、基于行為檢測的方法�；谛袨闄z測的方法根據(jù)是否運(yùn)行應(yīng)用程序又可分為靜態(tài)檢測和動態(tài)檢測。靜態(tài)檢測方式原理簡單,識別方式較為簡單,有很多弊端。因此,主要研究動態(tài)檢測,在動態(tài)檢測的研究中,可以分為應(yīng)用級檢測和系統(tǒng)級檢測。傳統(tǒng)應(yīng)用級檢測沒有考慮到系統(tǒng)環(huán)境因素,也會面臨一部分特征代碼檢測遇到的問題。而傳統(tǒng)系統(tǒng)級檢測多數(shù)情況下會對系統(tǒng)內(nèi)核進(jìn)行更改,使系統(tǒng)不穩(wěn)定,并且大部分研究都是分析既定規(guī)則沒有對評判規(guī)則進(jìn)行機(jī)器學(xué)習(xí)、參數(shù)優(yōu)化的過程。因此,本文要做的是從動態(tài)檢測著手,對系統(tǒng)運(yùn)行時的環(huán)境數(shù)據(jù)進(jìn)行挖掘,在不破壞Android系統(tǒng)內(nèi)核層的穩(wěn)定性前提下,找出系統(tǒng)環(huán)境數(shù)據(jù)背后隱藏的應(yīng)用程序行為,并使得監(jiān)測模型隨著不斷檢測可以實(shí)現(xiàn)自我修正,逐漸提高識別準(zhǔn)確率。論文主要進(jìn)行了以下工作:1)定義不同軟件行為,對其采樣大量的系統(tǒng)環(huán)境數(shù)據(jù),進(jìn)行聚類量化,生成單一屬性數(shù)據(jù)的特征序列集合。2)對多個維度屬性特征數(shù)據(jù)進(jìn)行編碼,生成系統(tǒng)環(huán)境數(shù)據(jù)特征綜合起來的時間序列。3)對不同軟件行為下的編碼序列的碼元出現(xiàn)的頻率進(jìn)行統(tǒng)計,以此作為隱馬爾科夫模型建模的初始發(fā)射矩陣來進(jìn)行隱馬爾科夫模型建模。4)對系統(tǒng)環(huán)境數(shù)據(jù)的特征序列,使用建立好的隱馬爾可夫模型對后續(xù)行為產(chǎn)生的系統(tǒng)環(huán)境數(shù)據(jù)進(jìn)行隱馬爾科夫估值計算,從而實(shí)現(xiàn)對后續(xù)行為的識別,同時在后續(xù)識別過程中不斷優(yōu)化模型。5)通過實(shí)驗(yàn)對比的方式驗(yàn)證該方法具有一定有效性。通過對系統(tǒng)環(huán)境數(shù)據(jù)的綜合分析建立隱馬爾科夫模型進(jìn)行軟件行為識別的方式比傳統(tǒng)方式有一定優(yōu)越性,也為Android平臺軟件安全性研究提供基礎(chǔ)研究。
[Abstract]:With the rapid development of mobile Internet in recent years, the rapid popularity of smart phones, especially the Android platform's smartphone market share has increased year by year. Because of its own characteristics and market characteristics of the Android platform, the malicious behavior of the software on the Android platform has brought huge losses to the users. Therefore, the Android platform software line The research is the trend of the situation. The research of software behavior for PC and WEB has become more mature, and the Android platform is different from the software and hardware. Therefore, the research on the behavior related to the Android platform software is necessary. At present, a lot of work has been carried out at home and abroad for the research on software behavior. The method of behavior detection based on behavior detection. The method based on behavior detection can be divided into static detection and dynamic detection based on whether the application program is running or not. The principle of static detection is simple, the recognition method is simple and there are many disadvantages. Therefore, the main research of dynamic detection can be divided into application level in the research of dynamic detection. Detection and system level detection. The traditional application level detection does not take into account the system environment factors, but also faces some characteristic code detection problems. While the traditional system level detection will change the system kernel in most cases, make the system unstable, and most of the research is the analysis of the established rules that do not carry out the evaluation rules. The process of learning and parameter optimization, therefore, this article is to start from dynamic detection, mining the environment data of the system running, without destroying the stability of the Android kernel layer, to find out the hidden application behavior behind the system environment data, and make the monitoring model self repair with constant detection. In this paper, the recognition accuracy is gradually improved. The main work of this paper is as follows: 1) defining different software behavior, sampling a large number of system environment data, clustering and quantifying, generating the feature sequence set.2 of single attribute data. Sequence.3) the frequency of encoding sequence in different software behavior is counted, as the initial emission matrix of the hidden Markoff model to model the implicit Markoff model to model.4) the characteristic sequence of the system environmental data, and the system environment number produced by the established hidden Markov model for the subsequent behavior is used. According to the calculation of hidden Markov estimation, the recognition of follow-up behavior is realized, and the model.5 is continuously optimized in the follow-up identification process. The method is proved to be effective through experimental comparison. By the comprehensive analysis of the system environmental data, the hidden Marco model is established to carry out the way of software behavior recognition. The unified method has some advantages, and also provides a basic research for the software security research of Android platform.
【學(xué)位授予單位】：昆明理工大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP316;TP311.5

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 李海生;黃媛潔;宋璇;杜軍平;陳國潤;丁富強(qiáng);;手機(jī)基站定位數(shù)據(jù)可視分析[J];大數(shù)據(jù);2017年01期

2 徐利敏;魏翔;;Android平臺說話人認(rèn)證系統(tǒng)的并行計算與設(shè)計[J];計算機(jī)工程與應(yīng)用;2017年03期

3 秦中元;徐毓青;梁彪;張群芳;黃杰;;一種Android平臺惡意軟件靜態(tài)檢測方法[J];東南大學(xué)學(xué)報(自然科學(xué)版);2013年06期

4 郭小芳;李鋒;;多元時間序列聚類算法分析[J];河南師范大學(xué)學(xué)報(自然科學(xué)版);2012年06期

5 卜哲;徐子先;;基于Android系統(tǒng)的智能終端軟件行為分析方法[J];信息網(wǎng)絡(luò)安全;2012年03期

6 朱連江;馬炳先;趙學(xué)泉;;基于輪廓系數(shù)的聚類有效性分析[J];計算機(jī)應(yīng)用;2010年S2期

7 ;A malware detection model based on a negative selection algorithm with penalty factor[J];Science China(Information Sciences);2010年12期

8 曾永紅;俞利;;歸一化積相關(guān)算法的精度優(yōu)化策略研究[J];微計算機(jī)信息;2010年16期

9 孟憲蘋;宋菲;李俊;;基于序列模式挖掘的入侵檢測系統(tǒng)的研究[J];計算機(jī)技術(shù)與發(fā)展;2008年03期

10 周東清,張海鋒,張紹武,胡祥培;基于HMM的分布式拒絕服務(wù)攻擊檢測方法[J];計算機(jī)研究與發(fā)展;2005年09期

相關(guān)博士學(xué)位論文 前2條

1 蘆天亮;基于人工免疫系統(tǒng)的惡意代碼檢測技術(shù)研究[D];北京郵電大學(xué);2013年

2 吳義堅(jiān);基于隱馬爾科夫模型的語音合成技術(shù)研究[D];中國科學(xué)技術(shù)大學(xué);2006年

相關(guān)碩士學(xué)位論文 前5條

1 周帆;基于安卓內(nèi)存的證據(jù)挖掘與關(guān)聯(lián)分析[D];南京郵電大學(xué);2016年

2 任杰麟;基于SNS的威客平臺關(guān)鍵技術(shù)的研究與應(yīng)用[D];西南石油大學(xué);2015年

3 王進(jìn)磊;基于移動云計算的學(xué)習(xí)資源管理與平臺構(gòu)建[D];河南師范大學(xué);2014年

4 朱曦;基于改進(jìn)K均值聚類的證券時間序列奇異點(diǎn)研究[D];昆明理工大學(xué);2013年

5 劉超;Android異常檢測系統(tǒng)的研究與實(shí)現(xiàn)[D];北京交通大學(xué);2013年

，

本文編號：2136260