【摘要】：Android界面劫持是一種通過劫持用戶使用過程中的界面輸入流竊取用戶隱私信息的攻擊方式。本文首先通過實驗驗證了該攻擊在安卓多個版本上的有效性,繼而分析了包含界面劫持攻擊的惡意應(yīng)用的4個必備特征,提出了一種基于代碼特征以及多組件數(shù)據(jù)流跟蹤的靜態(tài)檢測方法 AHDetector(activity hijacking detector)。AHDetector方法包括4個步驟:通過分析manifest配置文件,判斷被檢測應(yīng)用是否申請了外傳數(shù)據(jù)的敏感權(quán)限;根據(jù)代碼特征判斷被檢測應(yīng)用中是否同時存在界面劫持攻擊必備的3種功能組件:后臺掃描組件,劫持界面組件以及隱私外傳組件;通過分析組件間的調(diào)用關(guān)系,判斷應(yīng)用中具有掃描功能的組件與接受界面輸入的組件之間是否存在調(diào)用關(guān)系;通過組件間數(shù)據(jù)流分析,確定劫持界面組件和隱私外傳組件之間是否存在隱私數(shù)據(jù)的傳遞。繼而判定被檢測應(yīng)用是否包含界面劫持攻擊。為了驗證AHDetector的檢測效果,本文設(shè)計實現(xiàn)了覆蓋界面劫持功能組件所有邏輯路徑的18個樣例來測試方法的有效性,同時采用了4個應(yīng)用鎖樣例來檢測誤判性。測試結(jié)果表明,AHDetector能夠有效的檢測出應(yīng)用中所有的界面劫持攻擊行為,同時不會誤判,而6個常見的惡意應(yīng)用在線檢測平臺(Andrubis、Virus Total、visual Threat、安全管家在線檢測、騰訊安全實驗室在線檢測、網(wǎng)秦安全)則不能檢測出界面劫持攻擊行為。
[Abstract]:Android interface hijacking is an attack way to steal user privacy information by hijacking user interface input stream. In this paper, the effectiveness of the attack in several versions of Android is verified by experiments, and then the four essential features of malicious applications including interface hijacking attacks are analyzed. A static detection method, AHDetector (activity hijacking detector). AHDetector, which is based on code features and multi-component data stream tracking, is proposed. The method includes four steps: by analyzing the manifest configuration file, we can determine whether the detected application has applied for the sensitive authority of the outgoing data; According to the code features, it is determined whether there are three necessary functional components in the detected application: background scan component, hijack interface component and privacy transmission component. It determines whether there is a call relationship between the components with scanning function and the components receiving interface input, and determines whether there is a transfer of privacy data between hijack interface components and private outgoing components through the analysis of data flow between components. Then it is determined whether the detected application contains an interface hijacking attack. In order to verify the detection effect of AHDetector, this paper designs and implements 18 samples covering all logical paths of interface hijacking function component to test the validity of the method. At the same time, 4 lock samples are used to detect misjudgment. The test results show that AHDetector can effectively detect all the interface hijack attacks in the application without misjudgment, and six common malicious applications online detection platform (Andrubis,Virus Total,visual Threat, security housekeeper online detection, Tencent security laboratory online detection, Net Qin security) cannot detect the interface hijack attack behavior.
【作者單位】： 中南大學(xué)信息科學(xué)與工程學(xué)院;
【基金】：國家自然科學(xué)基金資助項目(61672543) 長沙市移動互聯(lián)網(wǎng)產(chǎn)業(yè)項目(2015年)
【分類號】：TP316;TP309

【相似文獻】

相關(guān)期刊論文 前10條

1 林耕宇;;觀摩50名Google Android程序開發(fā)競賽作品[J];電子與電腦;2008年08期

2 樹子;;Android中文版不完全體驗[J];互聯(lián)網(wǎng)天地;2009年04期

3 Jason Whitmire;;產(chǎn)業(yè)軟件專家如何協(xié)助解決Android的分裂困境[J];電子與電腦;2010年02期

4 蔣彬;;10款A(yù)ndroid手機必備應(yīng)用——Android操作系下的軟件評測[J];微電腦世界;2010年04期

5 ;PCWorld Windows Phone 7挑戰(zhàn)Android 毅然崛起的AndroidⅠ洗心革面的Windows Phone 7[J];微電腦世界;2010年08期

6 韓青;;Android平臺發(fā)展的動力與挑戰(zhàn)[J];中國電子商情(基礎(chǔ)電子);2010年09期

7 方智勇;;Android手機這樣用[J];電腦迷;2010年15期

8 缺少浪漫;;Android的另一面[J];電腦迷;2010年13期

9 ;ZTE and Three Release Android ，

本文編號：2249649