使用敏感路径识别方法分析安卓应用安全性

发布时间：2018-06-24 07:08

  本文选题：安卓恶意应用 + 敏感路径　； 参考：《软件学报》2017年09期

【摘要】：安卓系统在手机端操作系统中长期占据主导地位,但由于安卓系统开放共享的特性和不够严谨的第三方市场审核机制,安卓平台受到众多恶意应用的侵扰.结合静态程序分析和机器学习方法,提出了基于敏感路径识别的安卓应用安全性分析方法.首先,针对恶意应用中存在的恶意行为以及触发条件,定义了敏感路径;其次,针对安卓应用中存在大量组件间函数调用关系问题,提出了一种生成应用组件间函数调用关系图的方法;再次,由于提取出的敏感路径信息无法直接作为识别特征,实现了一种基于敏感路径信息抽象的特征提取方法;最后,从Google Play、豌豆荚、Drebin等来源收集了493个应用APK文件作为实验数据集,该方法的准确率为97.97%,高于基于API-Feature的检测方法(90.47%).此外,在恶意应用和良性应用检测的精度、召回率、F度量等方面,该方法均优于API-Feature方法.另外,实验结果表明:APK文件大小会影响实验的结果,尤其体现在分析时间上(0~4MB大小的APK平均分析用时89s;文件增大后,平均分析用时增长明显).
[Abstract]:Android has long dominated the mobile operating system, but the Android platform has been plagued by malicious applications because of its open and shared nature and its lack of rigorous third-party market auditing. Combined with static program analysis and machine learning, a security analysis method for Android applications based on sensitive path recognition is proposed. Firstly, a sensitive path is defined for malicious behavior and trigger conditions in malicious applications; secondly, there are a large number of function call relationships among components in Android applications. This paper proposes a method to generate function call graph between components. Thirdly, because the extracted sensitive path information can not be used as recognition feature directly, a feature extraction method based on the abstraction of sensitive path information is implemented. 493 APK files were collected from Google Playand Pea pod Drebin as experimental data sets. The accuracy of this method is 97.97, which is higher than that of API-feature based detection method (90.47%). In addition, this method is superior to the API-feature method in the detection accuracy, recall rate and F metric of malicious and benign applications. In addition, the experimental results show that the size of the 1: APK file will affect the results of the experiment, especially in the analysis time (the average analysis time of the APK with the size of 0 ~ 4MB is 89s; the average analysis time increases obviously when the file increases).
【作者单位】： 计算机软件新技术国家重点实验室(南京大学);南京大学计算机科学与技术系;南京邮电大学计算机学院;
【基金】：国家重点基础研究发展计划(973)(2014CB340702) 国家自然科学基金(61272080,91418202,61403187)~~
【分类号】：TP309;TP316
，

本文编号：2060526