發(fā)布時間：2018-03-28 09:01

  本文選題：Android系統(tǒng)　切入點：重打包　出處：《北京交通大學(xué)》2017年碩士論文

【摘要】：近年來,Android平臺因其開放性以及良好的用戶體驗等特點使得Android應(yīng)用的數(shù)量快速增長。與此同時,也吸引了越來越多惡意開發(fā)者的目光。惡意開發(fā)者對市場中的應(yīng)用修改,如更改廣告庫、修改代碼、插入惡意代碼等,然后將修改過后的應(yīng)用重新打包并發(fā)布到市場中,以此來獲取利益。這種重打包行為不僅侵犯合法開發(fā)者的權(quán)益,而且會給用戶帶來巨大的安全隱患,因此如何檢測市場中的重打包應(yīng)用就顯得十分重要。目前主要利用靜態(tài)分析方式和動態(tài)分析方式對應(yīng)用程序進行分析。針對第三方市場中重打包應(yīng)用越來越多的現(xiàn)象,通過對現(xiàn)有方法的研究與學(xué)習(xí),本文提出了一種新型的基于函數(shù)調(diào)用圖的檢測Android重打包應(yīng)用的方法,主要利用函數(shù)調(diào)用圖的相似度來確定兩個應(yīng)用的相似性。以下是本文的主要工作:(1)通過對檢測Android重打包應(yīng)用常用的靜態(tài)分析方法和動態(tài)分析方法,以及國內(nèi)外現(xiàn)有的檢測技術(shù)進行研究與總結(jié),提出了基于函數(shù)調(diào)用圖的重打包應(yīng)用檢測方法。首先,對應(yīng)用進行反編譯并提取Smali代碼,對Smali代碼進行分析,生成函數(shù)調(diào)用圖,在生成函數(shù)調(diào)用圖時,將函數(shù)中的操作碼作為結(jié)點的屬性;然后,對函數(shù)調(diào)用圖進行處理,過濾掉第三方庫,如:系統(tǒng)庫、廣告庫等,隨后保留與界面相關(guān)的API;最后,用Motifs模式中的結(jié)構(gòu)子圖表示函數(shù)調(diào)用圖,根據(jù)子圖的相似度確定應(yīng)用的相似度,從而判斷是否為重打包應(yīng)用。(2)根據(jù)本文所設(shè)計的檢測方法,對5500個Android市場中的應(yīng)用和1500個惡意應(yīng)用進行檢測,在Android市場中一共檢測出385個重打包應(yīng)用,檢測率為96.5%,在1500個惡意應(yīng)用中檢測到重打包應(yīng)用672個,重打包率44.8%。實驗結(jié)果表明,本文的檢測方法準(zhǔn)確率較高并且具有良好的可擴展性。
[Abstract]:In recent years, the Android platform for its openness and good user experience and other characteristics so that the number of Android rapid growth. At the same time, also attracted more and more attention. The malicious developers malicious developers on the app in the market changes, such as changing advertising base, modify the code, insert malicious code, and then the application of the modified repackaged and released to the market, in order to obtain benefits. This packaging behavior not only violated the legitimate rights and interests of developers, but also bring huge hidden trouble to the user, so how to detect the market re packaged applications is very important. The main use of static analysis and dynamic analysis methods of application were analyzed. According to the application of more and more heavy pack third party phenomenon in the market, through the research and study of the existing methods, this paper presents a new type of Android method for the detection of call graph based on the application of re packaging, mainly by the similarity function call graph to determine the similarity of the two applications. The following is the main work of this paper: (1) based on the detection of Android packaged applications commonly used static analysis method and dynamic analysis method, research and summarize at home and abroad the existing detection technology, this paper puts forward the application package detection method based on call graph. Firstly, decompile and extract the Smali code on the application of Smali code analysis, generating function call graph, generated in the function call graph, the function of the operation code as the node attributes; then, processing the function call graph, filter out third party libraries, such as library, advertising library, and then retain the interface related API; finally, with the structure of Motifs model in graph function call graph, according to the sub graph The application of similarity to determine the similarity, to decide whether to re packaged applications. (2) according to the detection method is designed in this paper, the application of 5500 Android in the market and 1500 malicious applications were detected in the Android market were detected by 385 heavy packaging applications, detection rate was 96.5%, detected re packaged applications 672 in 1500 malicious applications, heavy packing rate of 44.8%. and the experimental results show that this method has higher accuracy and has good scalability.

【學(xué)位授予單位】：北京交通大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP316;TP309

【參考文獻】

相關(guān)期刊論文 前6條

1 祝小蘭;王俊峰;杜W，

本文編號：1675644