基于集成學習的Android惡意代碼檢測研究
發(fā)布時間:2018-08-24 10:02
【摘要】:近幾年中,隨著科技的飛速發(fā)展,以搭載Android操作系統(tǒng)為主的移動智能終端已經(jīng)成為每個人生活中必不可少的組成部分。越來越多的個人因此被保存在智能終端中,這些數(shù)據(jù)一但發(fā)生泄漏,將會對用戶的隱私安全和財產(chǎn)安全產(chǎn)生極大威脅。隨著惡意應(yīng)用的泛濫,各大安全廠商也將Android安全防護作為重點研究內(nèi)容,并取得了一定的成效。但是,在灰色產(chǎn)業(yè)鏈巨大利益的誘惑之下,惡意代碼的自我保護技術(shù)和抗檢測、抗分析技術(shù)也在飛速發(fā)展,這為Android安全的研究帶來了極大阻力。因此,研究對Android惡意應(yīng)用進行識別的檢測算法顯得尤為重要,一種有效的檢測Android惡意應(yīng)用的機制能夠為用戶的隱私和財產(chǎn)安全帶來有效的保障。本文通過對當前國內(nèi)外Android惡意代碼檢測技術(shù)的分析和研究,在動態(tài)檢測和靜態(tài)檢測的基礎(chǔ)上提出了一種基于集成學習的Android惡意代碼檢測機制,本文主要內(nèi)容敘述如下:1)對Android系統(tǒng)架構(gòu)、APK結(jié)構(gòu)以及應(yīng)用運行機制進行研究;針對當前Android惡意應(yīng)用識別方法進行了分析和整理;分別對比了當前Android惡意應(yīng)用靜態(tài)檢測方案和動態(tài)檢測方案;2)通過對傳統(tǒng)的靜態(tài)Android惡意代碼檢測算法進行分析和研究,提出了一種基于樹突狀細胞算法(DCA)的Android惡意代碼檢測算法。該算法以Android的應(yīng)用安裝包文件內(nèi)Dalvik匯編代碼以及危險API調(diào)用作為特征,實現(xiàn)了Android惡意代碼靜態(tài)特征檢測;3)通過對傳統(tǒng)的動態(tài)Android惡意代碼檢測算法的研究,提出了一種基于系統(tǒng)服務(wù)調(diào)用共生矩陣的Android惡意代碼動態(tài)檢測算法。該算法可以避開靜態(tài)檢測所遇到的多態(tài)變形、代碼混淆等難題,通過檢測系統(tǒng)運行時的系統(tǒng)服務(wù)調(diào)用序列,實現(xiàn)對惡意Android應(yīng)用的動態(tài)檢測;4)依據(jù)以上理論成果,提出了一種基于集成學習的Android惡意代碼檢測系統(tǒng)。該系統(tǒng)實現(xiàn)了動態(tài)檢測方法與靜態(tài)檢測方法的優(yōu)勢互補,并通過基于旋轉(zhuǎn)森林的集成學習算法提高了系統(tǒng)的穩(wěn)定性和檢測效率。此外,在進行算法理論研究的基礎(chǔ)上,搭建了實驗仿真環(huán)境對從Andro Mal Share獲取的750例惡意Android應(yīng)用以及從Google Play獲取的1250例正常應(yīng)用進行了測試,并在集成規(guī)模為L20的情況下獲得了99.3%的檢測率。
[Abstract]:In recent years, with the rapid development of science and technology, mobile intelligent terminal with Android operating system has become an indispensable part of everyone's life. As a result, more and more individuals are stored in smart terminals. Once the data is leaked, it will pose a great threat to the privacy and property security of users. With the spread of malicious applications, the major security manufacturers also focus on Android security protection, and achieved certain results. However, under the temptation of the huge benefit of grey industry chain, the self-protection technology, anti-detection and anti-analysis technology of malicious code are also developing rapidly, which brings great resistance to the research of Android security. Therefore, it is particularly important to study the detection algorithm for Android malicious applications. An effective mechanism for detecting Android malicious applications can provide effective protection for user privacy and property security. Based on the analysis and research of Android malicious code detection technology at home and abroad, this paper proposes a Android malicious code detection mechanism based on integrated learning based on dynamic detection and static detection. The main contents of this paper are as follows: (1) Research on Android system architecture and application running mechanism, analysis and arrangement of current Android malicious application identification methods; This paper compares the current Android malicious application static detection scheme with the dynamic detection scheme. By analyzing and researching the traditional static Android malicious code detection algorithm, a Android malicious code detection algorithm based on dendritic cell algorithm (DCA) is proposed. This algorithm takes Dalvik assembly code in Android application package file and dangerous API call as the feature, and realizes the static feature detection of Android malicious code by studying the traditional dynamic Android malicious code detection algorithm. A dynamic detection algorithm for Android malicious code based on system service call co-occurrence matrix is proposed. The algorithm can avoid the difficulties of static detection such as polymorphic deformation and code confusion. By detecting the system service call sequence while the system is running, the dynamic detection of malicious Android application can be realized. A Android malicious code detection system based on integrated learning is proposed. The system realizes the complementary advantages of the dynamic detection method and the static detection method, and improves the stability and detection efficiency of the system through the integrated learning algorithm based on rotating forest. In addition, on the basis of the theoretical study of the algorithm, a simulation environment is built to test 750 malicious Android applications obtained from Andro Mal Share and 1250 normal applications obtained from Google Play. A detection rate of 99.3% was obtained when the integrated scale was L 20.
【學位授予單位】:天津理工大學
【學位級別】:碩士
【學位授予年份】:2017
【分類號】:TP309;TP316
[Abstract]:In recent years, with the rapid development of science and technology, mobile intelligent terminal with Android operating system has become an indispensable part of everyone's life. As a result, more and more individuals are stored in smart terminals. Once the data is leaked, it will pose a great threat to the privacy and property security of users. With the spread of malicious applications, the major security manufacturers also focus on Android security protection, and achieved certain results. However, under the temptation of the huge benefit of grey industry chain, the self-protection technology, anti-detection and anti-analysis technology of malicious code are also developing rapidly, which brings great resistance to the research of Android security. Therefore, it is particularly important to study the detection algorithm for Android malicious applications. An effective mechanism for detecting Android malicious applications can provide effective protection for user privacy and property security. Based on the analysis and research of Android malicious code detection technology at home and abroad, this paper proposes a Android malicious code detection mechanism based on integrated learning based on dynamic detection and static detection. The main contents of this paper are as follows: (1) Research on Android system architecture and application running mechanism, analysis and arrangement of current Android malicious application identification methods; This paper compares the current Android malicious application static detection scheme with the dynamic detection scheme. By analyzing and researching the traditional static Android malicious code detection algorithm, a Android malicious code detection algorithm based on dendritic cell algorithm (DCA) is proposed. This algorithm takes Dalvik assembly code in Android application package file and dangerous API call as the feature, and realizes the static feature detection of Android malicious code by studying the traditional dynamic Android malicious code detection algorithm. A dynamic detection algorithm for Android malicious code based on system service call co-occurrence matrix is proposed. The algorithm can avoid the difficulties of static detection such as polymorphic deformation and code confusion. By detecting the system service call sequence while the system is running, the dynamic detection of malicious Android application can be realized. A Android malicious code detection system based on integrated learning is proposed. The system realizes the complementary advantages of the dynamic detection method and the static detection method, and improves the stability and detection efficiency of the system through the integrated learning algorithm based on rotating forest. In addition, on the basis of the theoretical study of the algorithm, a simulation environment is built to test 750 malicious Android applications obtained from Andro Mal Share and 1250 normal applications obtained from Google Play. A detection rate of 99.3% was obtained when the integrated scale was L 20.
【學位授予單位】:天津理工大學
【學位級別】:碩士
【學位授予年份】:2017
【分類號】:TP309;TP316
【相似文獻】
相關(guān)期刊論文 前10條
1 袁萌;;Android計劃為什么要懸賞1000萬[J];信息系統(tǒng)工程;2007年12期
2 林耕宇;;觀摩50名Google Android程序開發(fā)競賽作品[J];電子與電腦;2008年08期
3 樹子;;Android中文版不完全體驗[J];互聯(lián)網(wǎng)天地;2009年04期
4 Jason Whitmire;;產(chǎn)業(yè)軟件專家如何協(xié)助解決Android的分裂困境[J];電子與電腦;2010年02期
5 蔣彬;;10款A(yù)ndroid手機必備應(yīng)用——Android操作系下的軟件評測[J];微電腦世界;2010年04期
6 ;PCWorld Windows Phone 7挑戰(zhàn)Android 毅然崛起的AndroidⅠ洗心革面的Windows Phone 7[J];微電腦世界;2010年08期
7 韓青;;Android平臺發(fā)展的動力與挑戰(zhàn)[J];中國電子商情(基礎(chǔ)電子);2010年09期
8 方智勇;;Android手機這樣用[J];電腦迷;2010年15期
9 缺少浪漫;;Android的另一面[J];電腦迷;2010年13期
10 ;ZTE and Three Release Android ,
本文編號:2200474
本文鏈接:http://sikaile.net/kejilunwen/ruanjiangongchenglunwen/2200474.html
最近更新
教材專著
