多模式安卓平台安全检测系统研究与设计

发布时间：2018-03-30 00:13

本文选题：Android平台　切入点：恶意软件检测　出处：《北京工业大学》2014年硕士论文

【摘要】：近年来，随着移动互联网的快速发展，智能手机生产成本的下降，很多电脑功能也慢慢往手机端迁移，使得智能手机的功能越来越强大。和PC（PersonalComputer）端相比，智能终端更轻便、更贴近用户，渐渐融入人们的日常工作生活，并成为其不可或缺的一部分。智能手机以其便携的优势满足了人们随时获取资讯、发展社交等需求的同时，随着其普及率越来越高，也成为了黑客和恶意软件攻击的重要目标。在各智能手机平台中，Android平台所受恶意软件威胁最为严重。本文以Android平台为研究对象，通过对Android操作系统的安全机制的分析，总结研究了目前Android平台安全方案以及相应恶意软件检测技术。通过分析对比手机平台和计算机的各自特点，在充分考虑Android平台特性的基础上，将计算机领域的恶意软件检测方法应用到Android平台，设计一种基于权限的恶意软件检测方法；通过挖掘用户对安全软件的不同应用需求，拓展安全软件的使用场景，设计了一种多模式的Android平台安全系统模型。本文的主要工作包括：（1）设计一种多模式的Android平台安全系统模型，该系统能很好地照顾到不同用户的需求，实现在不同应用场景下进行不同检测模式的灵活切换。系统将终端检测、本地PC端检测、云端检测相结合，使用户无论采用何种检测模式，都能够实现对手机进行有效检测。（2）设计一种基于ADB(Android Debug Bridge，Android调试桥)的本地PC端检测方式，可以在没有网络、手机端没有安装安全软件的情况下，将手机端的文件传输到PC端进行检测。克服了当手机不能连接网络时，传统的基于云端检测的安全系统将无法使用的弊端。（3）通过使用相关工具，对APK进行反编译，进而生成静态分析报告。（4）在系统主要检测算法设计上，通过研究Android的权限控制机制，结合机器学习方法，设计一种基于权限的恶意软件检测方法。由于手机端资源有限，在手机端应用该算法时，采用PCA（Principal Component Analysis，主成分分析方法）算法进行降维处理，这时对未知样本的检测准确率为92.5%，误报率为7.5%；PC端则不做降维处理，，对未知样本检测准确率为94.05%，误报率为6%。
[Abstract]:In recent years, with the rapid development of mobile Internet, the production cost of smart phone has decreased, and many computer functions have been moving to the mobile side, which makes the function of smart phone more and more powerful. Compared with PC personal computer, smart terminal is more portable. Getting closer to users, gradually integrating into people's daily work and life, and becoming an integral part of it. Smart phones, with their portable advantages, meet people's needs for access to information, social development, and so on at any time. With its increasing popularity, it has also become an important target of hackers and malware attacks. Android platform is the most seriously threatened by malware in various smartphone platforms. This paper takes the Android platform as the research object, through the analysis of the security mechanism of the Android operating system, summarizes and studies the current Android platform security scheme and the corresponding malware detection technology. On the basis of fully considering the characteristics of Android platform, the malware detection method in computer domain is applied to Android platform, and a malware detection method based on authority is designed. A multi-mode Android platform security system model is designed by extending the usage scenario of security software. The main work of this paper is as follows:. 1) Design a multi-mode Android platform security system model, this system can meet the needs of different users, and realize the flexible switching of different detection modes in different application scenarios. The combination of cloud detection enables users to carry out effective detection of mobile phones no matter what detection mode they adopt. Design a local PC side detection method based on ADB(Android Debug Bridge), which can be used in the case of no network and no security software installed on the mobile phone. When the mobile phone can not connect to the network, the traditional security system based on cloud detection can not be used. Through the use of related tools, decompilation of APK, and then generate static analysis report. 4) in the system main detection algorithm design, through the research Android authority control mechanism, unifies the machine learning method, designs a kind of malware detection method based on the authority. The PCA(Principal Component Analysis (PCA) algorithm is used to reduce the dimension. At this time, the detection accuracy of unknown samples is 92.5, the false alarm rate is 7.5%, the accuracy of detecting unknown samples is 94.05, and the false alarm rate is 6%.
【学位授予单位】：北京工业大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】