基于Snort的安卓手机安全管理研究与实现

发布时间：2018-05-26 12:40

本文选题：安卓 + 模式匹配　；参考：《中国海洋大学》2014年硕士论文

【摘要】：日益强大的手机功能，一方面允许用户处理更多的信息；另一方面也增加了手机泄密的风险。同时，人们利用手机上网也增加了感染病毒的风险。联网功能的日益发展，导致了对手机入侵的增加。与普通电脑相比，智能手机的信息安全防范能力弱，非法窃取用户信息更加容易。威胁的数量和种类都在快速增加。手机病毒的危险性比电脑病毒的危险性大的多，毕竟手机中毒可能带来巨额话费损失。中国手机用户总数已经超过10亿，智能手机用户更是增长快速，其中，安卓智能手机发展极为迅速，确保手机信息安全非常重要，入侵检测系统应运而生。 Snort是美国Sourcefire公司开发的一个轻量级网络入侵检测系统，目前在Windows、Linux系统当中应用良好，AC以及AC-BNFA匹配算法为其常用多模式的匹配算法，这些算法内存占用较大且速度慢。本文提出一种新的模式匹配算法，通过进行状态转换使自动机状态减少，在确保检测率的同时加快匹配速率，减少内存占用量，提高入侵检测系统的检测效率。本文首先介绍安卓架构，开发环境搭建以及开发关键技术，其中关键技术包括安卓四大组件当中的活动、服务、接收器，以及安卓数据库、适配器等，通过关键代码展示、特点描述等阐述此安全系统基础技术。其次，论述基于Snort的安卓手机安全管理的需求分析，并对五大基本模块，防盗设置模块、备份恢复模块、隐私地带模块、本地数据模块以及系统工具模块进行概述。再次，研究改进WM多模式匹配算法，提出TWM多模式匹配算法，一定程度上提高检测速度。再次，本文提出新的入侵检测系统多模式匹配算法，通过改进的多模式匹配算法，，无需比较新符号串与树，仅比较前一符号串，结合Snort优势，确保检测准确率，同时减少内存占用，提高检测速度。最后，进行试验验证，搭建演示系统，通过与相关系统进行对比，得出结果。
[Abstract]:The growing power of mobile phones allows users to process more information and increases the risk of cell phone leaks. At the same time, people use mobile phones to access the Internet also increased the risk of infection with the virus. With the development of network functions, the number of mobile phone intrusions is increasing. Compared with ordinary computers, smart phones have less information security and it is easier to illegally steal information from users. The number and variety of threats are increasing rapidly. Cell phone viruses are far more dangerous than computer viruses. After all, cell phone poisoning can cost a lot of money. The total number of mobile phone users in China has exceeded 1 billion, and the number of smartphone users is growing rapidly. Among them, Android smartphones are developing very quickly, so it is very important to ensure the security of mobile phone information, and intrusion detection system emerges as the times require. Snort is a lightweight network intrusion detection system developed by American Sourcefire Company. At present, good AC and AC-BNFA matching algorithms are used in Windows Linux system. These algorithms occupy large memory and slow speed. In this paper, a new pattern matching algorithm is proposed, which can reduce the state of automata by state conversion, accelerate the matching rate while ensuring the detection rate, reduce the amount of memory occupied, and improve the detection efficiency of intrusion detection system. This paper first introduces the Android architecture, development environment and development key technologies, including the four components of Android activities, services, receivers, as well as Android database, adapters, and so on, through the key code presentation. The basic technology of this security system is described. Secondly, the requirement analysis of Android mobile phone security management based on Snort is discussed, and the five basic modules, anti-theft setting module, backup and recovery module, privacy zone module, local data module and system tool module are summarized. Thirdly, the improved WM multi-pattern matching algorithm is studied, and the TWM multi-pattern matching algorithm is proposed to improve the detection speed to some extent. Thirdly, this paper proposes a new multi-pattern matching algorithm for intrusion detection system. Through the improved multi-pattern matching algorithm, there is no need to compare the new symbol string and tree, only compare the former symbol string, combined with the advantages of Snort, to ensure the detection accuracy. At the same time, reduce the memory consumption, improve the speed of detection. Finally, the experimental verification, the establishment of a demonstration system, through the comparison with the relevant systems, the results are obtained.
【学位授予单位】：中国海洋大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08;TP311.52

【参考文献】