Android平台的恶意程序检测研究

发布时间：2018-05-19 01:20

本文选题：Android + 恶意程序　；参考：《电子科技大学》2016年硕士论文

【摘要】：近年来,随着移动互联网的飞速发展,智能终端设备得到广泛的普及,尤其是Android系统已经成为移动市场份额第一的操作系统。Android系统给人们带来极大便利的同时,也带来了极大的安全隐患。这是由于Android系统安全模型和权限模型具有很大的开放性,一些移动应用市场对用户上传的APP缺乏有效的审核以及移动用户本身比较缺乏相应的安全意识及知识,从而Android系统很容易成为黑客的攻击对象,其恶意行为包括:信息窃取、恶意扣费、资费消耗、系统破坏、远程控制、诱骗欺诈,恶意传播,流氓行为等。因此,面对日益庞杂的移动应用程序库,如何有效的组织,管理及检测已经成为亟待解决的问题。本文选取Android平台的应用程序作为研究对象,主要研究了Android平台的安全架构及恶意程序分析检测技术。其中,针对Android平台的安全架构主要研究了Linux内核层的安全机制及Android系统特有的一些安全机制,如进程沙箱隔离,权限控制,以及进程通信等,并特别针对恶意程序的分类和运行机制进行了详细研究;针对恶意程序分析检测技术,主要研究和分析了静态分析技术和动态分析技术的基本特征、优缺点,并以此为基础,给出了适用于Android平台的恶意程序检测方案,包括恶意程序样本分析,恶意行为特征提取,基于恶意行为特征的恶意程序检测模型,并进行了实验验证;设计和实现恶意程序检测原型系统。另外,本文还对应用程序运用了静态分析与动态分析相结合的方式提取特征,基于机器学习理论方法,提出了三层混合系统算法来对安卓app进行分类;最后将对本方案的查杀效果进行数据和试验分析,实验结果表明本模型具有很好的准确性,并且具有较低的误报率和漏报率。
[Abstract]:In recent years, with the rapid development of mobile Internet, intelligent terminal equipment has been widely popularized, especially the Android system has become the first operating system of mobile market.Android system to bring great convenience to people, but also brings great security risks. This is due to the security model and authority model of the Android system. It is very open, and some mobile applications lack the effective audit of the APP uploaded by the user and the mobile users lack the corresponding security awareness and knowledge. Thus the Android system is easy to be a hacker's attack object. Its malicious behavior includes information theft, malicious buckle, cost consumption, system destruction, remote control. In the face of increasingly complex mobile application library, how to organize, manage and detect effectively has become an urgent problem. This paper selects the application program of the Android platform as the research object, mainly studies the security architecture of the Android platform and the analysis and detection techniques of malicious programs. For the security architecture of the Android platform, the security mechanism of the Linux kernel layer and the specific security mechanisms of the Android system are mainly studied, such as process sandbox isolation, authority control, and process communication, especially for the classification and operation mechanism of malicious programs, and the malware analysis and detection technology is applied to the malicious program. In this paper, the basic characteristics and advantages and disadvantages of static analysis technology and dynamic analysis technology are mainly studied and analyzed. On the basis of this, a malicious program detection scheme suitable for Android platform is given, including sample analysis of malware, feature extraction of malicious behavior, malware detection model based on malicious line, and experimental test. In addition, this paper also uses a combination of static analysis and dynamic analysis to extract the characteristics of the application. Based on the theory of machine learning, a three layer hybrid system algorithm is proposed to classify the Android app. The experimental results show that the model has good accuracy and low false positive rate and false negative rate.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP316;TP309

【参考文献】