【摘要】：近年來(lái),Android智能手機(jī)日益普及,伴隨著3G、4G網(wǎng)絡(luò)的興起和發(fā)展,智能手機(jī)已經(jīng)成為了人們?nèi)粘９ぷ�、生活必不可少的部分。智能手機(jī)實(shí)現(xiàn)了網(wǎng)上支付、網(wǎng)上理財(cái)?shù)裙δ�。智能手機(jī)功能越強(qiáng)大,潛在危機(jī)越多。而不法分子正是看到了這些潛在危機(jī),著手謀取利益,企圖盜竊用戶隱私信息及錢財(cái),惡意軟件則充當(dāng)了這些不法分子的犯罪工具。Android系統(tǒng)的開(kāi)源性也助長(zhǎng)了惡意軟件的產(chǎn)生,給用戶帶來(lái)安全問(wèn)題。本文在充分研究惡意軟件行為特征以及當(dāng)前惡意軟件檢測(cè)方法的基礎(chǔ)上,提出了基于隱Markov模型的Android系統(tǒng)惡意行為檢測(cè)方法。在檢測(cè)的方式上選擇了以軟件行為作為檢測(cè)要素的動(dòng)態(tài)檢測(cè)方法,避免了其他惡意軟件檢測(cè)方法的不斷更新惡意代碼庫(kù)問(wèn)題,同時(shí)也可以對(duì)未知的惡意軟件進(jìn)行檢測(cè)。在檢測(cè)內(nèi)容上本文的研究注重于短信、電話、網(wǎng)絡(luò)、位置信息,這些都給用戶的隱私構(gòu)成了較大的威脅。檢測(cè)模型采用了基于隱Markov模型,利用評(píng)估方法實(shí)現(xiàn)對(duì)惡意軟件的判斷。同時(shí)利用隱Markov模型良好的學(xué)習(xí)能力,實(shí)現(xiàn)了機(jī)器自主學(xué)習(xí)的功能。通過(guò)不斷的學(xué)習(xí)來(lái)提高對(duì)惡意軟件判斷的準(zhǔn)確性。在實(shí)現(xiàn)檢測(cè)方法中,本文建立了以用戶判斷為基礎(chǔ)的檢測(cè)模型。在模型參數(shù)選擇時(shí),為了體現(xiàn)用戶使用習(xí)慣,在平衡對(duì)惡意行為檢測(cè)的效率和對(duì)系統(tǒng)資源的占用這兩個(gè)因素的前提下,本文選取了若干能夠反映用戶使用習(xí)慣的行為參數(shù)來(lái)建立模型�？紤]到智能手機(jī)硬件配置的局限性,為了降低對(duì)系統(tǒng)資源的占用率,實(shí)現(xiàn)了輕量級(jí)的惡意行為檢測(cè)軟件。本系統(tǒng)的亮點(diǎn)如下:1.模型的參數(shù)不需要通過(guò)第三方的分析軟件來(lái)獲得,僅借助于Android系統(tǒng)自身的廣播機(jī)制和優(yōu)良的框架層監(jiān)控體系來(lái)實(shí)現(xiàn)參數(shù)的獲取。2.基于Android系統(tǒng)的廣播機(jī)制來(lái)實(shí)現(xiàn)軟件行為獲取,實(shí)現(xiàn)了系統(tǒng)不用常駐后臺(tái)運(yùn)行,只有收到相關(guān)廣播時(shí)才啟動(dòng)。3.在判斷模型中,除了系統(tǒng)自動(dòng)判斷還加入了用戶的判斷:設(shè)立黑白名單,不僅提高了在判斷惡意行為時(shí)的效率,也提高了檢測(cè)方法的靈活性,同時(shí)還降低了對(duì)系統(tǒng)資源的占用率。系統(tǒng)最后進(jìn)行了測(cè)試,應(yīng)用正常短信軟件與可以在后臺(tái)發(fā)送指定短信的惡意程序進(jìn)行對(duì)比測(cè)試,測(cè)試結(jié)果表明系統(tǒng)能夠識(shí)別出區(qū)別于用戶使用習(xí)慣的惡意行為,達(dá)到了預(yù)期的效果。
[Abstract]:In recent years, Android smartphone is becoming more and more popular. With the rise and development of 3G 4G network, smart phone has become an indispensable part of people's daily work and life. Smart phone to achieve online payment, online financing and other functions. The more powerful the smartphone, the more potential crises. And the lawbreakers saw these potential crises, set out to seek profits, and attempted to steal user privacy information and money. Malware, on the other hand, served as a criminal tool for these criminals. The open source of the Android system also contributed to the production of malicious software. Bring security problems to users. Based on the study of malicious software behavior characteristics and current malware detection methods, this paper proposes a malicious behavior detection method for Android system based on hidden Markov model. In the way of detection, the dynamic detection method based on software behavior is chosen to avoid the problem of updating the malicious code base of other malware detection methods, and at the same time, it can detect unknown malware. In the detection of content, this paper focuses on SMS, telephone, network, location information, which pose a great threat to the privacy of users. The detection model is based on the hidden Markov model and the evaluation method is used to judge the malware. At the same time, the function of machine autonomous learning is realized by using the good learning ability of hidden Markov model. Through continuous learning to improve the accuracy of malware judgment. In the implementation of the detection method, the detection model based on user judgment is established. In the selection of model parameters, in order to reflect the usage habits of users, under the premise of balancing the efficiency of malicious behavior detection and the occupation of system resources, In this paper, we select some behavior parameters that can reflect the usage habits of users to build the model. Considering the limitations of smart phone hardware configuration, a lightweight malicious behavior detection software is implemented in order to reduce the utilization of system resources. The highlights of the system are as follows: 1. The parameters of the model do not need to be obtained by the analysis software of the third party, but only by the broadcast mechanism of the Android system and the excellent framework layer monitoring system to obtain the parameters. 2. The broadcast mechanism based on Android system realizes the acquisition of software behavior. It realizes that the system does not need to live in the background to run. In the judgment model, in addition to the automatic judgment of the system, users' judgment is added: the establishment of black-and-white lists not only improves the efficiency in judging malicious acts, but also enhances the flexibility of detection methods. At the same time, the utilization rate of system resources is reduced. Finally, the system is tested, using the normal SMS software and the malicious program which can send the specified SMS in the background. The test results show that the system can recognize the malicious behavior which is different from the user's usage habits. The expected effect has been achieved.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP316;TP274

【參考文獻(xiàn)】

相關(guān)期刊論文 前8條

1 馮博;戴航;慕德俊;;Android惡意軟件檢測(cè)方法研究[J];計(jì)算機(jī)技術(shù)與發(fā)展;2014年02期

2 胡文君;趙雙;陶敬;馬小博;陳亮;;一種針對(duì)Android平臺(tái)惡意代碼的檢測(cè)方法及系統(tǒng)實(shí)現(xiàn)[J];西安交通大學(xué)學(xué)報(bào);2013年10期

3 劉偉;孫其博;;Android平臺(tái)惡意軟件行為模式研究[J];軟件;2012年11期

4 王瑋;;基于Android系統(tǒng)的惡意程序原理分析[J];信息網(wǎng)絡(luò)安全;2012年10期

5 童振飛;楊庚;;Android平臺(tái)惡意軟件的靜態(tài)行為檢測(cè)[J];江蘇通信;2011年01期

6 蔡羅成;;Android后臺(tái)監(jiān)聽(tīng)實(shí)現(xiàn)機(jī)制淺析[J];信息安全與通信保密;2010年06期

7 王志國(guó);侯銀濤;石榮剛;;Android智能手機(jī)系統(tǒng)的文件實(shí)時(shí)監(jiān)控技術(shù)[J];計(jì)算機(jī)安全;2009年12期

8 管云濤;段海新;;自動(dòng)的惡意代碼動(dòng)態(tài)分析系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[J];小型微型計(jì)算機(jī)系統(tǒng);2009年07期

相關(guān)會(huì)議論文 前1條

1 楊衛(wèi)軍;秦海權(quán);王鵬;;Android移動(dòng)應(yīng)用軟件檢測(cè)平臺(tái)[A];第27次全國(guó)計(jì)算機(jī)安全學(xué)術(shù)交流會(huì)論文集[C];2012年

相關(guān)碩士學(xué)位論文 前8條

1 呂曉慶;Android軟件動(dòng)態(tài)行為監(jiān)測(cè)系統(tǒng)的設(shè)計(jì)和實(shí)現(xiàn)[D];北京郵電大學(xué);2013年

2 劉超;Android異常檢測(cè)系統(tǒng)的研究與實(shí)現(xiàn)[D];北京交通大學(xué);2013年

3 劉偉;基于行為模式的Android平臺(tái)入侵檢測(cè)系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[D];北京郵電大學(xué);2013年

4 王菲飛;基于Android平臺(tái)的手機(jī)惡意代碼檢測(cè)與防護(hù)技術(shù)研究[D];北京交通大學(xué);2012年

5 左玲;基于Android惡意軟件檢測(cè)系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[D];電子科技大學(xué);2012年

6 李佳;Android平臺(tái)惡意軟件檢測(cè)評(píng)估技術(shù)研究[D];北京郵電大學(xué);2012年

7 路程;Android平臺(tái)惡意軟件檢測(cè)系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[D];北京郵電大學(xué);2012年

8 劉澤衡;基于Android智能手機(jī)的安全檢測(cè)系統(tǒng)的研究與實(shí)現(xiàn)[D];哈爾濱工業(yè)大學(xué);2011年

，

本文編號(hào)：2220996