Android系统恶意代码检测与防御技术研究

发布时间：2018-04-02 04:28

本文选题：Android系统　切入点：恶意代码　出处：《山东师范大学》2017年硕士论文

【摘要】：当前移动网络的快速发展,尤其是当前的3G和4G网络的快速兴起,移动设备日益成为人们生活工作中必不可少的工具。移动终端的普遍使用带来了一系列的问题,特别是信息安全问题是目前最为关注的问题。移动通信终端设备的信息不受危害损失等问题时刻承受着考验。Android系统以其开源的优势备受各个移动设备厂商的青睐,从第一部Android系统智能机发布,仅仅两年的时间就占到了全球的48%的市场份额;到2016年4、5、6月份,Android系统手机在智能手机界已经达到了86.2%的比率。该比率远远把IOS(12.9%)、Windows Phone(0.6%)甩在后面。由此看见,Android系统的安全问题的重要性显而易见。本文在世界各国学者研究基础之上,结合当前的热点技术,对Android系统恶意代码检测与防御技术进行进一步研究。文章之初对Android系统恶意代码检测防御技术研究现状做了分析,分析了Android系统恶意代码现状与安全现状,以及该领域的研究成果。对该领域研究的困难与挑战分析说明。详细分析了系统Android层次体系结构,及其体系结构下的安全机制做了深入的分析。对目前流行的机器学习学科加一介绍,分析了学习定义、特征选取标准、分类算法、小样本统计理论等方面。最后根据Android系统恶意代码特点,提出基于类别SVM的Android系统恶意代码检测与防御技术。论文对基于类别SVM的Android系统恶意代码检测与防御技术方面做了理论说明并给出实现方案。借用目前机器学习学科的优势,结合Android系统恶意代码特点,选择了SVM机器学习算法。根据同一类别中APP中的具有相同的一组特征,如果该类中某一APP出现的特征与该组特征集异常,可以预测该APP中有恶意代码的存在。根据这一原理,进行方案设计,首先对Android系统APP进行人工干预分类,对数据进行反编译,选取权限和API两组特征集创建模型进行训练,选取SVM分类算法进行分析,最后对数据模型进行相关的评估,最后得出提出的方案优于其他的SVM机器学习检测技术的结论,证明了该项技术的可行性。目前学术界还没有系统的恶意APP样例数据库,本文的样例来自各大APP商城与知名网站作为测试数据,对相关的训练模型进行了测试。经实验评估验证,基于类别SVM的Android系统恶意代码检测与防御技术性能较好。方案符合预期的效果。
[Abstract]:With the rapid development of mobile networks, especially the rapid rise of 3G and 4G networks, mobile devices have increasingly become an indispensable tool in people's lives and work. The widespread use of mobile terminals has brought a series of problems. Especially, the problem of information security is the most concerned issue at present. The problems such as the information of mobile communication terminal devices are not damaged by harm, and so on. Android system is favored by various mobile device manufacturers because of its advantage of open source. Since the release of the first Android smartphone, it has accounted for 48% of the global market in just two years. By the end of June 2016, Android phones had reached a rate of 86.2 percent in the smartphone world. This ratio is far behind the IOS12.9Windows phone 0.6. This shows the importance of the Android system's security problems. This paper is based on the research of scholars around the world. Combined with the current hot spot technology, this paper makes further research on the malicious code detection and defense technology of Android system. At the beginning of this paper, the present research status of malicious code detection and defense technology in Android system is analyzed. This paper analyzes the present situation and security status of malicious code in Android system, as well as the research results in this field, analyzes the difficulties and challenges in this field, and analyzes the Android hierarchy architecture of the system in detail. The security mechanism under its architecture is deeply analyzed. The current popular machine learning disciplines are introduced, and the learning definition, feature selection criteria, classification algorithms are analyzed. Finally, according to the characteristics of malicious code in Android system, This paper puts forward the malicious code detection and defense technology of Android system based on class SVM. This paper explains the malicious code detection and defense technology of Android system based on class SVM and gives the implementation scheme. Based on the characteristics of malicious code in Android system, a SVM machine learning algorithm is selected. According to the same set of features in APP in the same class, if a APP in this class appears an exception to the set of features, The existence of malicious code in the APP can be predicted. According to this principle, the scheme design is carried out. Firstly, the Android system APP is classified manually, the data is decompiled, the permission is selected and two groups of API feature sets are created to train the model. The SVM classification algorithm is selected to analyze, and the data model is evaluated. Finally, the conclusion is drawn that the proposed scheme is superior to other SVM machine learning detection techniques. The feasibility of this technique has been proved. At present, there is no systematic malicious APP sample database in academic circles. The samples in this paper come from various APP stores and famous websites as test data. The related training model is tested. The experimental results show that the malicious code detection and defense technology of Android system based on class SVM has good performance and the scheme is in line with the expected results.
【学位授予单位】：山东师范大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP316;TP309

【参考文献】