發(fā)布時間：2018-08-29 15:11

【摘要】：隨著智能手機的高度普及和手機性能的增強,人們各式各樣的信息也逐漸從PC端轉(zhuǎn)移到了手機端。目前最流行的智能手機為Android手機,這是由于其具有開源的平臺和良好的接口。這種開放性使得Android平臺廣受各大廠商和用戶的追捧,但是這也給Android平臺帶來巨大安全威脅。手機勒索軟件就是最具代表性的一種安全威脅。這種流氓軟件通過鎖屏或加密文件的方式使用戶不能正常的訪問自己的設(shè)備或文件,并以此為籌碼向用戶勒索解鎖或解密的費用。針對這種Android勒索軟件,本文提出了一種主動實時的檢測方法,能在用戶失去對設(shè)備或文件的控制權(quán)之前,檢測并消除勒索軟件惡意行為的危害。首先,本文對Android勒索軟件樣本進(jìn)行了詳細(xì)的分析,并對其特征進(jìn)行了總結(jié),發(fā)現(xiàn)這些惡意應(yīng)用存在以下特征:顯示勒索信息、鎖定手機屏幕、加密用戶文件。然后,根據(jù)Android勒索軟件這些特征,對Android勒索軟件主動實時檢測方法進(jìn)行設(shè)計。檢測方法分為三個階段,分別是應(yīng)用過濾、靜態(tài)特征分析和動態(tài)行為實時監(jiān)控,這三個階段分別實現(xiàn)了對應(yīng)用捕捉過濾、勒索文本與鎖屏策略檢測和加密行為檢測。最后,本文對Android勒索軟件的主動實時方法進(jìn)行實現(xiàn),并使用收集到的675個勒索軟件樣本和9238個正常應(yīng)用,通過三個實驗對系統(tǒng)進(jìn)行全面的測試。測試實驗顯示,本系統(tǒng)在檢測勒索軟件方面有很高的準(zhǔn)確性和很低的誤報率。同時系統(tǒng)在移動設(shè)備上資源消耗低,具有很高的實用性。
[Abstract]:With the popularity of smart phones and the enhancement of mobile phone performance, all kinds of information is gradually transferred from PC to mobile phone. The most popular smartphone is the Android phone, due to its open source platform and good interface. This kind of openness makes the Android platform popular with the major manufacturers and users, but it also brings a huge security threat to the Android platform. Mobile blackmail software is the most representative of a security threat. This kind of rogue software can not access their equipment or files normally by locking screen or encrypting files, and it is used as a bargaining chip to extort the cost of unlocking or decrypting. For this Android blackmail software, this paper proposes an active real-time detection method, which can detect and eliminate the harm of malicious behavior of extortion software before the user loses control of the device or file. Firstly, this paper analyzes the sample of Android extortion software in detail, and summarizes its features. It is found that these malicious applications have the following characteristics: displaying extortion information, locking the mobile phone screen, and encrypting user files. Then, according to the characteristics of Android blackmail software, the active real-time detection method of Android blackmail software is designed. The detection method is divided into three stages: application filtering, static feature analysis and real-time monitoring of dynamic behavior. These three phases implement application capture filtering, extortion text and screen locking strategy detection and encryption behavior detection respectively. Finally, this paper implements the active real-time method of Android blackmail software, and uses the collected 675 samples of extortion software and 9238 normal applications to test the system through three experiments. The test results show that the system has high accuracy and low false alarm rate in detecting extortion software. At the same time, the system has low resource consumption and high practicability on mobile devices.
【學(xué)位授予單位】：武漢大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP316;TP309

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 林耕宇;;觀摩50名Google Android程序開發(fā)競賽作品[J];電子與電腦;2008年08期

2 樹子;;Android中文版不完全體驗[J];互聯(lián)網(wǎng)天地;2009年04期

3 Jason Whitmire;;產(chǎn)業(yè)軟件專家如何協(xié)助解決Android的分裂困境[J];電子與電腦;2010年02期

4 蔣彬;;10款A(yù)ndroid手機必備應(yīng)用——Android操作系下的軟件評測[J];微電腦世界;2010年04期

5 ;PCWorld Windows Phone 7挑戰(zhàn)Android 毅然崛起的AndroidⅠ洗心革面的Windows Phone 7[J];微電腦世界;2010年08期

6 韓青;;Android平臺發(fā)展的動力與挑戰(zhàn)[J];中國電子商情(基礎(chǔ)電子);2010年09期

7 方智勇;;Android手機這樣用[J];電腦迷;2010年15期

8 缺少浪漫;;Android的另一面[J];電腦迷;2010年13期

9 ;ZTE and Three Release Android ，

本文編號：2211586