【摘要】：隨著手機(jī)硬件的快速提升以及移動(dòng)網(wǎng)絡(luò)環(huán)境質(zhì)量的日益改善,手機(jī)在日常生活中的應(yīng)用越來(lái)越廣泛。手機(jī)的高普及率催生了手機(jī)應(yīng)用市場(chǎng)的繁榮,同時(shí)也帶來(lái)了大量的手機(jī)惡意應(yīng)用。在手機(jī)端的操作系統(tǒng)中,安卓系統(tǒng)長(zhǎng)期占據(jù)主導(dǎo)地位。相對(duì)于iOS系統(tǒng),安卓系統(tǒng)更為開(kāi)放,并且擁有大量審核機(jī)制不夠嚴(yán)謹(jǐn)?shù)牡谌绞袌?chǎng),這使得安卓平臺(tái)受到更多惡意應(yīng)用的侵?jǐn)_。安卓系統(tǒng)的安全受到安卓用戶的密切關(guān)注,安卓惡意應(yīng)用的檢測(cè)也成為了當(dāng)前研究的熱點(diǎn)問(wèn)題。目前關(guān)于安卓惡意應(yīng)用的檢測(cè)主要有四種方法：基于特征碼的方法、靜態(tài)分析、動(dòng)態(tài)分析和機(jī)器學(xué)習(xí)方法。其中基于特征碼的方法較為傳統(tǒng),受制于記錄已有惡意應(yīng)用特征碼的庫(kù)；靜態(tài)分析方法,覆蓋率高,但是無(wú)法處理動(dòng)態(tài)加載等技術(shù)；動(dòng)態(tài)分析,檢測(cè)成本較高,對(duì)執(zhí)行路徑的覆蓋率較低；機(jī)器學(xué)習(xí)方法的檢測(cè)結(jié)果依賴于數(shù)據(jù)集中應(yīng)用的選取。四種基本方法都有各自的缺點(diǎn),結(jié)合基本方法進(jìn)行惡意應(yīng)用的檢測(cè)是該研究領(lǐng)域當(dāng)前的趨勢(shì)。本文結(jié)合靜態(tài)分析和機(jī)器學(xué)習(xí)方法,將應(yīng)用中的敏感路徑作為特征,提出了基于敏感路徑識(shí)別的安卓應(yīng)用安全性分析方法。首先,針對(duì)惡意應(yīng)用中存在的惡意行為以及其觸發(fā)條件,我們提出敏感路徑的概念,敏感路徑由敏感觸發(fā)與敏感行為組成,敏感行為是指在執(zhí)行時(shí)需要進(jìn)行permission權(quán)限檢查的API函數(shù)以及與動(dòng)態(tài)加載相關(guān)的函數(shù),相應(yīng)的敏感觸發(fā)則是敏感行為發(fā)生的前提動(dòng)作,在以敏感行為為目標(biāo)的執(zhí)行路徑中若不存在與用戶交互相關(guān)的行為,則將執(zhí)行路徑的進(jìn)入點(diǎn)視為該行為的敏感觸發(fā),若存在,則將直接導(dǎo)致敏感行為執(zhí)行的用戶交互函數(shù)視為敏感觸發(fā),敏感路徑能夠表明敏感行為以及觸發(fā)該行為的動(dòng)作。其次,針對(duì)安卓應(yīng)用中存在大量組件間函數(shù)調(diào)用關(guān)系,我們提出一種基于APK文件生成應(yīng)用組件間函數(shù)調(diào)用關(guān)系圖的方法,使用FlowDroid工具得到應(yīng)用的函數(shù)調(diào)用關(guān)系圖,再結(jié)合Manifest文件中的Intent Filter,分析應(yīng)用程序內(nèi)所定義的Intent參數(shù),構(gòu)建應(yīng)用的組件間函數(shù)調(diào)用關(guān)系,從而完成組件間函數(shù)調(diào)用關(guān)系圖的構(gòu)建。再次,由于提取出的敏感路徑信息無(wú)法直接作為應(yīng)用的特征,我們提出一種對(duì)敏感路徑信息進(jìn)行抽象的特征提取方法,對(duì)于敏感觸發(fā),將觸發(fā)函數(shù)分為硬件觸發(fā)、用戶觸發(fā)、系統(tǒng)觸發(fā)三大類下的不同行為,對(duì)于敏感行為,根據(jù)API函數(shù)在執(zhí)行時(shí)所需要的permission權(quán)限進(jìn)行劃分,由此得到處理過(guò)后的敏感路徑信息,將應(yīng)用是否包含某種敏感路徑信息作為應(yīng)用的特征來(lái)構(gòu)建應(yīng)用特征矩陣。最后,我們從Google Play、豌豆莢、Drebin等來(lái)源收集了493個(gè)應(yīng)用的APK文件,在由這些應(yīng)用組成的數(shù)據(jù)集上進(jìn)行了實(shí)驗(yàn),并提出了三個(gè)研究問(wèn)題：該方法的效果、不同敏感級(jí)別的敏感路徑描述對(duì)結(jié)果的影響以及數(shù)據(jù)集中APK文件大小對(duì)結(jié)果的影響,實(shí)驗(yàn)結(jié)果表明：本文所提出的方法檢測(cè)準(zhǔn)確率跟傳統(tǒng)方法相比較高,高敏感級(jí)別的敏感路徑描述會(huì)提升分析效率但影響檢測(cè)的準(zhǔn)確率,APK文件的大小對(duì)檢測(cè)結(jié)果有一定的影響。
[Abstract]:With the rapid improvement of mobile phone hardware and the improvement of mobile network environment quality, mobile phones are widely used in daily life. The high popularity of mobile phones has led to the prosperity of mobile phone application market, but also brought a large number of malicious mobile phone applications. Compared with iOS system, Android system is more open and has a large number of third-party markets with inadequate audit mechanism, which makes Android platform subject to more malicious applications. Android system security is closely watched by Android users, Android malicious application detection has become a hot issue of current research. There are four main methods to detect malicious applications: feature-based methods, static analysis, dynamic analysis and machine learning methods. Among them, the feature-based methods are more traditional, which are restricted by the library which records the malicious applications'signatures; static analysis methods, which have high coverage, but can not handle dynamic loading and other technologies; dynamic analysis methods. Analysis shows that the detection cost is high and the coverage rate of the execution path is low; the detection results of machine learning methods depend on the selection of the application in the data set. Each of the four basic methods has its own shortcomings. Combining the basic methods to detect malicious applications is the current trend in this field. Sensitive paths in applications are the characteristics of security analysis for Android applications based on sensitive path recognition. Firstly, for malicious behaviors and their triggering conditions in malicious applications, we propose the concept of sensitive paths. The API function for permission permission permission checking and the function related to dynamic loading, and the corresponding sensitive trigger are the preconditions for the sensitive behavior to occur. If there is no user interaction-related behavior in the execution path aiming at the sensitive behavior, the entry point of the execution path is regarded as the sensitive trigger of the behavior. Then the user interaction function which directly leads to the execution of the sensitive behavior is regarded as a sensitive trigger, and the sensitive path can indicate the sensitive behavior and the action that triggers the behavior. FlowDroid tool is used to get the function call diagram of the application, and then combined with Intent Filter in Manifest file, the Intent parameters defined in the application are analyzed to build the function call relationship between the components of the application, thus completing the construction of the function call diagram between components. Thirdly, the sensitive path information extracted can not be directly made. In order to extract the characteristics of sensitive paths, we propose an abstract feature extraction method. For sensitive triggers, the trigger functions are divided into three categories: hardware trigger, user trigger and system trigger. For sensitive behaviors, the permission privileges required by the API functions are divided according to the permission privileges. Finally, we collected 493 APK files from Google Play, Peapod, Drebin and other sources, and carried out experiments on the data set composed of these applications, and proposed three research questions. Question: The effect of this method, the influence of different sensitive path descriptions on the results, and the influence of APK file size in the data set on the results. The experimental results show that the detection accuracy of the proposed method is higher than that of traditional methods, and the high sensitive path descriptions can improve the analysis efficiency but affect the detection. Accuracy, APK file size has a certain impact on the detection results.
【學(xué)位授予單位】：南京大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2016
【分類號(hào)】：TP309;TP316

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 李玉斌;API函數(shù)在Visual Basic中的應(yīng)用[J];電子科技;2005年03期

2 劉志芳;杜瑞慶;;淺談C語(yǔ)言中函數(shù)入門(mén)的講解[J];中國(guó)科技信息;2007年13期

3 張鋒;;淺談C++中的虛函數(shù)[J];湖南工業(yè)職業(yè)技術(shù)學(xué)院學(xué)報(bào);2008年01期

4 李艷芳;;C語(yǔ)言函數(shù)的教學(xué)探討[J];湖南科技學(xué)院學(xué)報(bào);2009年12期

5 潘莉;;C語(yǔ)言函數(shù)教學(xué)探討[J];科技信息;2011年10期

6 黎路;;C語(yǔ)言函數(shù)教學(xué)探析[J];福建電腦;2011年11期

7 鄭麗英;C~（＋＋）的多態(tài)機(jī)制及虛函數(shù)實(shí)現(xiàn)技術(shù)[J];甘肅工業(yè)大學(xué)學(xué)報(bào);1995年02期

8 郭招娣;API函數(shù)在VB中的應(yīng)用[J];計(jì)算機(jī)應(yīng)用與軟件;2003年09期

9 石小云;C語(yǔ)言函數(shù)疑難問(wèn)題探索[J];株洲師范高等�？茖W(xué)校學(xué)報(bào);2004年02期

10 沈曉紅;梁惺彥;;API函數(shù)在VB中的應(yīng)用[J];南通大學(xué)學(xué)報(bào)(自然科學(xué)版);2005年04期

相關(guān)會(huì)議論文 前1條

1 潘新紅;李慶忠;;用結(jié)構(gòu)化函數(shù)內(nèi)聯(lián)方法處理結(jié)構(gòu)上遞歸的NewsML查詢[A];全國(guó)第十五屆計(jì)算機(jī)科學(xué)與技術(shù)應(yīng)用學(xué)術(shù)會(huì)議論文集[C];2003年

相關(guān)重要報(bào)紙文章 前6條

1 北京信息工程學(xué)院 張澤虹;C函數(shù)編程技巧[N];中國(guó)電腦教育報(bào);2006年

2 孫顧天 笨笨;深入理解函數(shù)和過(guò)程的精髓[N];電腦報(bào);2008年

3 ;名師講解經(jīng)典必考題型（二）[N];電腦報(bào);2005年

4 鄭州 牛霜霞;用MFC編制Windows打印程序[N];中國(guó)計(jì)算機(jī)報(bào);2000年

5 廣東 林志航;PB調(diào)用API函數(shù)技巧三則[N];電腦報(bào);2001年

6 航天部二院 陳峰;OpenGL中文本的顯示[N];計(jì)算機(jī)世界;2000年

相關(guān)碩士學(xué)位論文 前10條

1 劉陽(yáng);函數(shù)抽取重構(gòu)的檢測(cè)與分析[D];北京理工大學(xué);2015年

2 譚慧;內(nèi)核函數(shù)執(zhí)行時(shí)間和路徑的分析展現(xiàn)[D];北京理工大學(xué);2014年

3 繆小川;基于敏感路徑識(shí)別的安卓應(yīng)用安全性分析方法[D];南京大學(xué);2016年

4 楊羨環(huán);基于函數(shù)調(diào)用序列的漏洞定位方法研究[D];華中科技大學(xué);2013年

5 杜香燕;支持路由協(xié)議分析的內(nèi)核函數(shù)調(diào)用圖工具設(shè)計(jì)[D];首都師范大學(xué);2014年

6 湯衛(wèi)東;動(dòng)態(tài)函數(shù)調(diào)用分析及其在內(nèi)核模塊逆向工程的應(yīng)用[D];清華大學(xué);2014年

7 趙丹;基于靜態(tài)類型分析的Java程序函數(shù)調(diào)用圖構(gòu)建方法研究[D];湖南大學(xué);2006年

8 劉星;基于函數(shù)調(diào)用圖的惡意代碼同源分析[D];國(guó)防科學(xué)技術(shù)大學(xué);2012年

9 黃雙玲;面向C/C++程序函數(shù)調(diào)用關(guān)系的靜態(tài)分析方法研究[D];中國(guó)科學(xué)技術(shù)大學(xué);2015年

10 張苗;進(jìn)化測(cè)試中嵌套If-Else和函數(shù)調(diào)用結(jié)構(gòu)的適值函數(shù)設(shè)計(jì)[D];西安電子科技大學(xué);2008年

，

本文編號(hào)：2185886