【摘要】：Android系統以其開源的特點,很快成為市場占有率最高的智能手機操作平臺,同時也引來了惡意攻擊者的關注,安全問題日益突出。因此,針對Android系統惡意行為檢測與安全防護方法的研究具有十分重要的現實意義。在傳統的安全防護方法中,只針對形式上的單個應用程序加以防護,不能對邏輯上的惡意應用有良好的防護效果,如權限提升攻擊。針對目前Android安全防護方法研究現狀,本文將攻擊圖模型引入到Android安全防護方法中,結合權限提升攻擊的原理,構建提權攻擊圖。利用提權攻擊圖,直觀的展現了各Android應用中風險組件之間潛在的調用關系。通過PageRank算法量化每個節(jié)點所具有的風險值,并對PageRank算法進行了改進,提出了一種基于多路徑和敏感權限的改進算法MPageRank。MPageRank對PageRank進行了兩方面的改進:(1)結合權限提升攻擊中,通常采用多條路徑發(fā)起攻擊的實際情況,提出基于多路徑的改進算法GPageRank。與均勻分配權值的PageRank算法相比,GPageRank算法根據節(jié)點的出度,非分均勻的獲得不同比重的權值,使得提權攻擊圖中節(jié)點風險值的分配更具有針對性。(2)在GPageRank算法的基礎上,根據擴展的權限中,權限敏感程度的不同,提出了基于多路徑和敏感權限的改進算法MPageRank。在MPageRank算法中通過為不同級別的權限賦予不同的敏感值,減少了不敏感的權限對風險值計算的干擾,進一步提高了風險值的準確性和可信性。同時,將提權攻擊圖作為Android權限提升攻擊防護模型的核心,設計安全防護模型。通過計算組件之間調用序列的風險值,對具有較高風險的調用序列進行攔截。最后,本文通過Genymotion Android虛擬機設備,驗證了安全防護模型的有效性,并以正確率、誤報率和漏報率作為評價標準,對PageRank、GPageRank和MPageRank三個算法進行性能測試。實驗結果表明,通過MPageRank計算提權攻擊圖中節(jié)點的風險值,在正確率、誤報率和漏報率三個方面都優(yōu)于算法PageRank、GPageRank,能夠對Android權限提升攻擊給予更好的防護。
[Abstract]:With its open source features, Android system has quickly become the largest smartphone operating platform with the highest market share. Meanwhile, it has attracted the attention of malicious attackers, and the security problem is becoming increasingly prominent. Therefore, the research of malicious behavior detection and security protection in Android system is of great practical significance. In the traditional security protection method, only a single application in form is protected, but not the logical malicious application, such as privilege escalation attack. In view of the current research situation of Android security protection method, this paper introduces the attack graph model into the Android security protection method, combines the principle of privilege enhancement attack, constructs the lifting right attack graph. By using the weighted attack graph, the potential call relationship between the risk components in each Android application is displayed intuitively. The risk value of each node is quantified by PageRank algorithm, and the PageRank algorithm is improved. This paper proposes an improved algorithm MPageRank.MPageRank based on multipath and sensitive authority to improve PageRank in two aspects: (1) in combination with the actual situation of multi-path attack, we usually use multiple paths to launch an attack. An improved algorithm GPageRank. based on multipath Compared with the PageRank algorithm with uniform weight distribution, the GPageRank algorithm obtains the weights of different weights according to the node outlier, which makes the allocation of the node risk value in the weighted attack graph more targeted. (2) on the basis of GPageRank algorithm, According to the difference of authority sensitivity in extended permissions, an improved algorithm MPageRank. based on multipath and sensitive permissions is proposed. In the MPageRank algorithm, by assigning different sensitive values to different levels of permissions, the interference of insensitive permissions to the calculation of risk values is reduced, and the accuracy and credibility of risk values are further improved. At the same time, the attack graph is regarded as the core of the Android privilege enhancement attack protection model, and the security protection model is designed. By calculating the risk value of call sequence between components, the call sequence with high risk is intercepted. Finally, the validity of the security protection model is verified by Genymotion Android virtual machine, and the performance tests of PageRank,GPageRank and MPageRank are carried out using the correct rate, false alarm rate and false alarm rate as the evaluation criteria. The experimental results show that the MPageRank algorithm is better than the algorithm PageRank,GPageRank, in protecting the Android privilege enhancement attack in three aspects: correct rate, false alarm rate and false alarm rate.
【學位授予單位】：哈爾濱工程大學
【學位級別】：碩士
【學位授予年份】：2016
【分類號】：TP316;TP309

【參考文獻】

相關期刊論文 前10條

1 賀菲菲;賀炎;齊靜娜;;移動搜索結果過濾技術的研究[J];物聯網技術;2015年10期

2 趙光澤;李暉;孟楊;;Android平臺WebView組件安全及應用加固研究[J];信息網絡安全;2015年10期

3 董超;楊超;馬建峰;張俊偉;;Android系統中第三方登錄漏洞與解決方案[J];計算機學報;2016年03期

4 賈同彬;蔡陽;王躍武;高能;;一種面向普通用戶的Android APP安全性動態(tài)分析方法研究[J];信息網絡安全;2015年09期

5 朱佳偉;喻梁文;關志;陳鐘;;Android權限機制安全研究綜述[J];計算機應用研究;2015年10期

6 楊晶;金偉信;吳作順;;基于Android系統的權限管理優(yōu)化方案研究[J];電子質量;2015年03期

7 徐劍;武爽;孫琦;周福才;;面向Android應用程序的代碼保護方法研究[J];信息網絡安全;2014年10期

8 徐冰泉;張源;楊珉;;GrantDroid:一種支持Android權限即時授予的方法[J];計算機應用與軟件;2014年08期

9 張金鑫;楊曉輝;;基于權限分析的Android應用程序檢測系統[J];信息網絡安全;2014年07期

10 包佳敏;胡愛群;;Android系統文件監(jiān)聽技術的研究[J];信息網絡安全;2014年03期

，

本文編號：2368385