【摘要】：在移動(dòng)智能終端得到迅速普及的同時(shí),移動(dòng)終端應(yīng)用程序也得到了迅速地發(fā)展,其中不乏惡意應(yīng)用程序。惡意應(yīng)用開發(fā)者在熱門應(yīng)用程序中加入惡意代碼,將其發(fā)布在第三方應(yīng)用市場(chǎng)和各大論壇上,借助開放的平臺(tái)使之迅速擴(kuò)散。此外,部分涉及敏感信息的應(yīng)用程序也對(duì)用戶的信息安全產(chǎn)生了一定的威脅。惡意應(yīng)用程序的敏感行為及其造成的風(fēng)險(xiǎn)已經(jīng)嚴(yán)重威脅到用戶的數(shù)據(jù)安全與財(cái)產(chǎn)安全。針對(duì)以上問題,本文建立了一套基于行為監(jiān)測(cè)的移動(dòng)應(yīng)用安全測(cè)評(píng)系統(tǒng),包含評(píng)估模塊系統(tǒng)和與之對(duì)應(yīng)的規(guī)則庫(kù)建立模塊系統(tǒng),同時(shí)本文實(shí)現(xiàn)了該測(cè)評(píng)系統(tǒng)并驗(yàn)證了其有效性。本文的主要成果如下:(1)本文首先總結(jié)并分析了目前已有的規(guī)則庫(kù)建立技術(shù)與應(yīng)用程序評(píng)估技術(shù)存在的弊端,對(duì)本文關(guān)注的應(yīng)用程序編程接口(Application Programming Interface,簡(jiǎn)稱API)進(jìn)行了分析與分類,并對(duì)其危險(xiǎn)性進(jìn)行了初步界定。本文提出的規(guī)則庫(kù)建立技術(shù)著眼于關(guān)注應(yīng)用程序客觀存在的API調(diào)用之間隱含的繼承關(guān)系,利用轉(zhuǎn)移概率對(duì)人為定義的危險(xiǎn)系數(shù)進(jìn)行修正,避免人為建立規(guī)則庫(kù)時(shí)因建立者知識(shí)體系不完備而造成的規(guī)則庫(kù)的不完備性、不準(zhǔn)確性和臆想性,為評(píng)估提供準(zhǔn)確的規(guī)則庫(kù)數(shù)據(jù)集。同時(shí),本文提出的規(guī)則庫(kù)建立技術(shù)打破了目前使用較為廣泛的基于監(jiān)督式學(xué)習(xí)方法的機(jī)器學(xué)習(xí)模式,一定程度上提高了規(guī)則庫(kù)建立的自動(dòng)化程度。(2)本文將應(yīng)用程序調(diào)用API的行為序列進(jìn)行分析后將其抽象為有向圖,并與規(guī)則庫(kù)中的規(guī)則圖進(jìn)行匹配,根據(jù)匹配結(jié)果對(duì)其安全性進(jìn)行評(píng)估。借助有向圖,匹配效率得到大幅度提升。此外,為了防止惡意應(yīng)用程序的反偵查行為,即為了避開匹配與評(píng)估而加入冗余邏輯,本文提出了包含間接匹配的評(píng)估算法,即:對(duì)于非直接匹配但完全包含規(guī)則圖的行為序列執(zhí)行危險(xiǎn)性加權(quán)處理,從而確保不重不漏,保證評(píng)估結(jié)果的準(zhǔn)確性。本評(píng)估方法打破了現(xiàn)有的以專家意見為主的評(píng)估方式,同時(shí)區(qū)別于目前已有的“非黑即白”的評(píng)估方法,能夠客觀地給出定量的評(píng)估結(jié)果,表征移動(dòng)終端應(yīng)用程序行為的危險(xiǎn)程度。
[Abstract]:With the rapid popularization of mobile intelligent terminals, mobile terminal applications have been developed rapidly, including malicious applications. Malicious application developers add malicious code to popular applications, publish it to third-party application markets and forums, and use open platforms to spread it rapidly. In addition, some applications involving sensitive information also pose a threat to the information security of users. The sensitive behavior and the risk of malicious application have seriously threatened the data security and property security of users. To solve the above problems, this paper establishes a mobile application security evaluation system based on behavior monitoring, including the evaluation module system and the corresponding rule base building module system. At the same time, this paper implements the evaluation system and verifies its effectiveness. The main achievements of this paper are as follows: (1) this paper first summarizes and analyzes the shortcomings of the existing rule-base building technology and application evaluation technology, and focuses on the application programming interface (Application Programming Interface,. API) is analyzed and classified, and its risk is preliminarily defined. The rule base building technique proposed in this paper focuses on the implicit inheritance relationship between the API calls that exist objectively in the application, and modifies the artificially defined risk coefficient by using the transition probability. Avoid the incompleteness, inaccuracy and hypocrisy of rule base caused by incomplete knowledge system, and provide accurate rule base data set for evaluation. At the same time, the rule base building technology proposed in this paper breaks the machine learning model which is widely used at present, which is based on supervised learning method. To some extent, the automation degree of rule base is improved. (2) this paper analyzes the behavior sequence of application program calling API and abstracts it into directed graph, and matches the rule graph in rule base. The security is evaluated according to the matching results. With the help of directed graph, the matching efficiency is greatly improved. In addition, in order to prevent the anti-detection behavior of malicious applications, that is, to avoid matching and evaluation by adding redundant logic, this paper proposes an evaluation algorithm which includes indirect matching. That is to say, the risk weighting processing is performed for the behavior sequence which is not directly matched but contains the rule graph completely, so as to ensure the accuracy of the evaluation results and ensure that there is no repetition and no leakage. This evaluation method breaks down the existing evaluation method which is mainly based on expert opinion, and is different from the existing "black or white" evaluation method, and can give quantitative evaluation results objectively. Represents the degree of risk of mobile terminal application behavior.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2016
【分類號(hào)】：TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前4條

1 樊曉光;褚文奎;張鳳鳴;;軟件安全性研究綜述[J];計(jì)算機(jī)科學(xué);2011年05期

2 童振飛;楊庚;;Android平臺(tái)惡意軟件的靜態(tài)行為檢測(cè)[J];江蘇通信;2011年01期

3 陳鑫;王曉晗;黃河;;基于威脅分析的多屬性信息安全風(fēng)險(xiǎn)評(píng)估方法研究[J];計(jì)算機(jī)工程與設(shè)計(jì);2009年01期

4 酈萌;安全性苛求系統(tǒng)中關(guān)于軟件安全性評(píng)價(jià)的研究[J];計(jì)算機(jī)工程與科學(xué);2002年02期

相關(guān)碩士學(xué)位論文 前1條

1 李佳;Android平臺(tái)惡意軟件檢測(cè)評(píng)估技術(shù)研究[D];北京郵電大學(xué);2012年

，

本文編號(hào)：2358555