基于行为监测的移动应用安全测评技术研究与系统实现
发布时间:2018-11-26 12:26
【摘要】:在移动智能终端得到迅速普及的同时,移动终端应用程序也得到了迅速地发展,其中不乏恶意应用程序。恶意应用开发者在热门应用程序中加入恶意代码,将其发布在第三方应用市场和各大论坛上,借助开放的平台使之迅速扩散。此外,部分涉及敏感信息的应用程序也对用户的信息安全产生了一定的威胁。恶意应用程序的敏感行为及其造成的风险已经严重威胁到用户的数据安全与财产安全。针对以上问题,本文建立了一套基于行为监测的移动应用安全测评系统,包含评估模块系统和与之对应的规则库建立模块系统,同时本文实现了该测评系统并验证了其有效性。本文的主要成果如下:(1)本文首先总结并分析了目前已有的规则库建立技术与应用程序评估技术存在的弊端,对本文关注的应用程序编程接口(Application Programming Interface,简称API)进行了分析与分类,并对其危险性进行了初步界定。本文提出的规则库建立技术着眼于关注应用程序客观存在的API调用之间隐含的继承关系,利用转移概率对人为定义的危险系数进行修正,避免人为建立规则库时因建立者知识体系不完备而造成的规则库的不完备性、不准确性和臆想性,为评估提供准确的规则库数据集。同时,本文提出的规则库建立技术打破了目前使用较为广泛的基于监督式学习方法的机器学习模式,一定程度上提高了规则库建立的自动化程度。(2)本文将应用程序调用API的行为序列进行分析后将其抽象为有向图,并与规则库中的规则图进行匹配,根据匹配结果对其安全性进行评估。借助有向图,匹配效率得到大幅度提升。此外,为了防止恶意应用程序的反侦查行为,即为了避开匹配与评估而加入冗余逻辑,本文提出了包含间接匹配的评估算法,即:对于非直接匹配但完全包含规则图的行为序列执行危险性加权处理,从而确保不重不漏,保证评估结果的准确性。本评估方法打破了现有的以专家意见为主的评估方式,同时区别于目前已有的“非黑即白”的评估方法,能够客观地给出定量的评估结果,表征移动终端应用程序行为的危险程度。
[Abstract]:With the rapid popularization of mobile intelligent terminals, mobile terminal applications have been developed rapidly, including malicious applications. Malicious application developers add malicious code to popular applications, publish it to third-party application markets and forums, and use open platforms to spread it rapidly. In addition, some applications involving sensitive information also pose a threat to the information security of users. The sensitive behavior and the risk of malicious application have seriously threatened the data security and property security of users. To solve the above problems, this paper establishes a mobile application security evaluation system based on behavior monitoring, including the evaluation module system and the corresponding rule base building module system. At the same time, this paper implements the evaluation system and verifies its effectiveness. The main achievements of this paper are as follows: (1) this paper first summarizes and analyzes the shortcomings of the existing rule-base building technology and application evaluation technology, and focuses on the application programming interface (Application Programming Interface,. API) is analyzed and classified, and its risk is preliminarily defined. The rule base building technique proposed in this paper focuses on the implicit inheritance relationship between the API calls that exist objectively in the application, and modifies the artificially defined risk coefficient by using the transition probability. Avoid the incompleteness, inaccuracy and hypocrisy of rule base caused by incomplete knowledge system, and provide accurate rule base data set for evaluation. At the same time, the rule base building technology proposed in this paper breaks the machine learning model which is widely used at present, which is based on supervised learning method. To some extent, the automation degree of rule base is improved. (2) this paper analyzes the behavior sequence of application program calling API and abstracts it into directed graph, and matches the rule graph in rule base. The security is evaluated according to the matching results. With the help of directed graph, the matching efficiency is greatly improved. In addition, in order to prevent the anti-detection behavior of malicious applications, that is, to avoid matching and evaluation by adding redundant logic, this paper proposes an evaluation algorithm which includes indirect matching. That is to say, the risk weighting processing is performed for the behavior sequence which is not directly matched but contains the rule graph completely, so as to ensure the accuracy of the evaluation results and ensure that there is no repetition and no leakage. This evaluation method breaks down the existing evaluation method which is mainly based on expert opinion, and is different from the existing "black or white" evaluation method, and can give quantitative evaluation results objectively. Represents the degree of risk of mobile terminal application behavior.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP309
本文编号:2358555
[Abstract]:With the rapid popularization of mobile intelligent terminals, mobile terminal applications have been developed rapidly, including malicious applications. Malicious application developers add malicious code to popular applications, publish it to third-party application markets and forums, and use open platforms to spread it rapidly. In addition, some applications involving sensitive information also pose a threat to the information security of users. The sensitive behavior and the risk of malicious application have seriously threatened the data security and property security of users. To solve the above problems, this paper establishes a mobile application security evaluation system based on behavior monitoring, including the evaluation module system and the corresponding rule base building module system. At the same time, this paper implements the evaluation system and verifies its effectiveness. The main achievements of this paper are as follows: (1) this paper first summarizes and analyzes the shortcomings of the existing rule-base building technology and application evaluation technology, and focuses on the application programming interface (Application Programming Interface,. API) is analyzed and classified, and its risk is preliminarily defined. The rule base building technique proposed in this paper focuses on the implicit inheritance relationship between the API calls that exist objectively in the application, and modifies the artificially defined risk coefficient by using the transition probability. Avoid the incompleteness, inaccuracy and hypocrisy of rule base caused by incomplete knowledge system, and provide accurate rule base data set for evaluation. At the same time, the rule base building technology proposed in this paper breaks the machine learning model which is widely used at present, which is based on supervised learning method. To some extent, the automation degree of rule base is improved. (2) this paper analyzes the behavior sequence of application program calling API and abstracts it into directed graph, and matches the rule graph in rule base. The security is evaluated according to the matching results. With the help of directed graph, the matching efficiency is greatly improved. In addition, in order to prevent the anti-detection behavior of malicious applications, that is, to avoid matching and evaluation by adding redundant logic, this paper proposes an evaluation algorithm which includes indirect matching. That is to say, the risk weighting processing is performed for the behavior sequence which is not directly matched but contains the rule graph completely, so as to ensure the accuracy of the evaluation results and ensure that there is no repetition and no leakage. This evaluation method breaks down the existing evaluation method which is mainly based on expert opinion, and is different from the existing "black or white" evaluation method, and can give quantitative evaluation results objectively. Represents the degree of risk of mobile terminal application behavior.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP309
【参考文献】
相关期刊论文 前4条
1 樊晓光;褚文奎;张凤鸣;;软件安全性研究综述[J];计算机科学;2011年05期
2 童振飞;杨庚;;Android平台恶意软件的静态行为检测[J];江苏通信;2011年01期
3 陈鑫;王晓晗;黄河;;基于威胁分析的多属性信息安全风险评估方法研究[J];计算机工程与设计;2009年01期
4 郦萌;安全性苛求系统中关于软件安全性评价的研究[J];计算机工程与科学;2002年02期
相关硕士学位论文 前1条
1 李佳;Android平台恶意软件检测评估技术研究[D];北京邮电大学;2012年
,本文编号:2358555
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2358555.html
