基于Android移动终端的混淆恶意应用多维度检测技术的研究

发布时间：2018-07-05 03:47

本文选题：安卓系统 + 权限组合　；参考：《北京邮电大学》2016年硕士论文

【摘要】：Android系统恶意应用检测一直是移动终端安全研究的重点。随着代码混淆等保护技术的应用,恶意应用的检测愈加困难。与此同时,多数终端用户忽视应用申请权限情况使恶意应用更加猖獗。为了从根本上解决Android系统安全保护的问题,学术界对恶意程序检测开展了深入研究。当前Android恶意应用的检测主要针对应用的行为,而且多数研究仅对单数据源进行特征提取,检测效果并不理想。因此,迫切需要一种有效的检测方案来对应用程序进行检查和分析,以协助终端用户发现那些可能会引发安全问题的应用程序。针对Android系统提出一种准确快速的恶意应用检测方案需要考虑如何解决以下问题:如何利用和改进现有的方法,使得方案设计更适合移动端计算?如何尽量避免混淆等代码保护技术的影响,方便提取、分析和研究Android应用程序的恶意特征?如何对特征进行量化进而度量应用的恶意程度?针对这几个问题,本论文的主要工作如下:一、本文详细研究了 Android系统安全机制、重要组件、Kirin保护策略和Apex框架,分析了移动恶意应用运行原理和发展趋势,并分析了当前主流的Android恶意应用检测方法。二、通过分析当今Android系统上的所有权限,研究权限之间的相关性,得到了可能泄露用户或终端信息进而引发系统安全问题的相关权限组合。并通过对市场应用集合的测试为每一组合赋以权值,用来表示其危险程度。三、根据保护策略和框架的学习,修改Android系统原有安装程序PackageInstaller,采用组合方式增强申请权限的分析,并将检测结果以数字和级别的形式显示,使用户对应用程序的潜在威胁有更好的感知和把握,以便做出合理的判断。四、当前重打包已经成为Android恶意应用产生的主要途径。我们提出了一种依靠代表性文件内容特征有效检测重打包恶意应用的方法。此方法不仅能抵抗混淆的影响,而且可以与相关权限检测方法联合使用,通过多特征提取进一步提高Android恶意应用检测的准确性。
[Abstract]:Android malicious application detection has been the focus of mobile terminal security research. With the application of protection technology such as code confusion, the detection of malicious applications becomes more and more difficult. At the same time, most end-users ignore applications to apply for permission to make malicious applications more rampant. In order to solve the problem of security protection of Android system fundamentally, the academic circle has carried on the thorough research to the malicious program detection. At present, the detection of Android malicious applications is mainly aimed at the behavior of the application, and most of the researches only extract features from single data source, so the detection effect is not satisfactory. Therefore, there is an urgent need for an effective detection scheme to check and analyze applications to help end users find applications that may cause security problems. This paper proposes an accurate and fast malicious application detection scheme for Android system. How to solve the following problems: how to use and improve the existing methods to make the scheme design more suitable for mobile computing? How to avoid the influence of code protection technology, such as confusion, so as to extract, analyze and study the malicious features of Android applications? How to quantify the features and then measure the malicious degree of the application? The main work of this paper is as follows: first, this paper studies the security mechanism of Android system, the important component of Android protection policy and Apex framework, and analyzes the running principle and developing trend of mobile malicious application. And analyzed the current mainstream Android malicious application detection method. Secondly, by analyzing all the permissions in today's Android system and studying the correlation between the permissions, we get the combination of permissions which may leak the user or terminal information and cause the security problems of the system. By testing the set of market applications, each combination is weighted to indicate the degree of danger. Third, according to the learning of protection strategy and framework, modify the original installation program package installer of Android system, enhance the analysis of application permission by combination, and display the results of the test in digital and level form. Make the user have a better perception and grasp of the potential threat of the application in order to make a reasonable judgment. Fourth, the current repackaging has become the main way to generate Android malicious applications. We propose a method to effectively detect and repackage malicious applications based on the content features of representative files. This method not only can resist the influence of confusion, but also can be used in conjunction with the relevant authority detection method. The accuracy of Android malicious application detection can be further improved by multi-feature extraction.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP309;TP316

【相似文献】