基于语义的Android敏感行为静态分析方法

发布时间：2018-01-27 04:20

本文关键词： Android 行为分析约束求解形式化描述　出处：《电子科技大学学报》2017年02期 　论文类型：期刊论文

【摘要】：提出一种基于语义的Android敏感行为静态分析方法。该方法首先基于样本统计结果,利用精简Dalvik指令集作为本文分析的中间语言,实现对指令层的形式化语义描述;之后,基于中间语言发现检测样本中的敏感调用,并通过控制依赖关系追溯调用路径;最后,在控制流分析基础上,对存在敏感调用的路径约束求解路径条件。最终求解出具体后台行为及触发条件,揭示出样本后台行为的执行全过程。该方法缓解了符号执行中的路径爆炸问题,实验验证了该方法可以有效地对移动应用后台行为进行分析,并及时获取特征检测无法发现的未知移动恶意应用程序。
[Abstract]:A semantic based static analysis method for Android sensitive behavior is proposed. Firstly, based on the statistical results of samples, the reduced Dalvik instruction set is used as the intermediate language in this paper. The formal semantic description of instruction layer is realized. After that, the sensitive calls in the sample are detected based on the intermediate language, and the call path is traced by controlling the dependency relationship. Finally, on the basis of the control flow analysis, the path conditions are solved for the path constraints with sensitive calls. Finally, the specific background behavior and trigger conditions are solved. The whole execution process of the sample background behavior is disclosed. This method alleviates the path explosion problem in the symbol execution, and the experimental results show that the method can effectively analyze the background behavior of mobile applications. And get features in time to detect the unknown mobile malicious application that can not be detected.
【作者单位】：北京邮电大学信息安全中心;国家计算机网络应急技术处理协调中心;
【基金】：国家自然科学基金(61302087) 国家科技支撑计划(2012BAH06B02) 教育部博士点基金(20120005110017)
【分类号】：TP309;TP316
【正文快照】： 近年来,在诸多移动平台中,针对Android平台的恶意程序比例迅速攀升,数量呈爆发式增长[1]。新增的移动恶意程序中,Android平台占据了绝大多数,增长率超过了33%,远远大于传统的桌面平台,从而导致移动应用安全形势异常严峻。基于终端的恶意程序的发展过程有着清晰的脉络。在Symbi

【相似文献】