面向Android平台权限提升攻击防护方法的研究
发布时间:2018-12-08 12:57
【摘要】:Android系统以其开源的特点,很快成为市场占有率最高的智能手机操作平台,同时也引来了恶意攻击者的关注,安全问题日益突出。因此,针对Android系统恶意行为检测与安全防护方法的研究具有十分重要的现实意义。在传统的安全防护方法中,只针对形式上的单个应用程序加以防护,不能对逻辑上的恶意应用有良好的防护效果,如权限提升攻击。针对目前Android安全防护方法研究现状,本文将攻击图模型引入到Android安全防护方法中,结合权限提升攻击的原理,构建提权攻击图。利用提权攻击图,直观的展现了各Android应用中风险组件之间潜在的调用关系。通过PageRank算法量化每个节点所具有的风险值,并对PageRank算法进行了改进,提出了一种基于多路径和敏感权限的改进算法MPageRank。MPageRank对PageRank进行了两方面的改进:(1)结合权限提升攻击中,通常采用多条路径发起攻击的实际情况,提出基于多路径的改进算法GPageRank。与均匀分配权值的PageRank算法相比,GPageRank算法根据节点的出度,非分均匀的获得不同比重的权值,使得提权攻击图中节点风险值的分配更具有针对性。(2)在GPageRank算法的基础上,根据扩展的权限中,权限敏感程度的不同,提出了基于多路径和敏感权限的改进算法MPageRank。在MPageRank算法中通过为不同级别的权限赋予不同的敏感值,减少了不敏感的权限对风险值计算的干扰,进一步提高了风险值的准确性和可信性。同时,将提权攻击图作为Android权限提升攻击防护模型的核心,设计安全防护模型。通过计算组件之间调用序列的风险值,对具有较高风险的调用序列进行拦截。最后,本文通过Genymotion Android虚拟机设备,验证了安全防护模型的有效性,并以正确率、误报率和漏报率作为评价标准,对PageRank、GPageRank和MPageRank三个算法进行性能测试。实验结果表明,通过MPageRank计算提权攻击图中节点的风险值,在正确率、误报率和漏报率三个方面都优于算法PageRank、GPageRank,能够对Android权限提升攻击给予更好的防护。
[Abstract]:With its open source features, Android system has quickly become the largest smartphone operating platform with the highest market share. Meanwhile, it has attracted the attention of malicious attackers, and the security problem is becoming increasingly prominent. Therefore, the research of malicious behavior detection and security protection in Android system is of great practical significance. In the traditional security protection method, only a single application in form is protected, but not the logical malicious application, such as privilege escalation attack. In view of the current research situation of Android security protection method, this paper introduces the attack graph model into the Android security protection method, combines the principle of privilege enhancement attack, constructs the lifting right attack graph. By using the weighted attack graph, the potential call relationship between the risk components in each Android application is displayed intuitively. The risk value of each node is quantified by PageRank algorithm, and the PageRank algorithm is improved. This paper proposes an improved algorithm MPageRank.MPageRank based on multipath and sensitive authority to improve PageRank in two aspects: (1) in combination with the actual situation of multi-path attack, we usually use multiple paths to launch an attack. An improved algorithm GPageRank. based on multipath Compared with the PageRank algorithm with uniform weight distribution, the GPageRank algorithm obtains the weights of different weights according to the node outlier, which makes the allocation of the node risk value in the weighted attack graph more targeted. (2) on the basis of GPageRank algorithm, According to the difference of authority sensitivity in extended permissions, an improved algorithm MPageRank. based on multipath and sensitive permissions is proposed. In the MPageRank algorithm, by assigning different sensitive values to different levels of permissions, the interference of insensitive permissions to the calculation of risk values is reduced, and the accuracy and credibility of risk values are further improved. At the same time, the attack graph is regarded as the core of the Android privilege enhancement attack protection model, and the security protection model is designed. By calculating the risk value of call sequence between components, the call sequence with high risk is intercepted. Finally, the validity of the security protection model is verified by Genymotion Android virtual machine, and the performance tests of PageRank,GPageRank and MPageRank are carried out using the correct rate, false alarm rate and false alarm rate as the evaluation criteria. The experimental results show that the MPageRank algorithm is better than the algorithm PageRank,GPageRank, in protecting the Android privilege enhancement attack in three aspects: correct rate, false alarm rate and false alarm rate.
【学位授予单位】:哈尔滨工程大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP316;TP309
本文编号:2368385
[Abstract]:With its open source features, Android system has quickly become the largest smartphone operating platform with the highest market share. Meanwhile, it has attracted the attention of malicious attackers, and the security problem is becoming increasingly prominent. Therefore, the research of malicious behavior detection and security protection in Android system is of great practical significance. In the traditional security protection method, only a single application in form is protected, but not the logical malicious application, such as privilege escalation attack. In view of the current research situation of Android security protection method, this paper introduces the attack graph model into the Android security protection method, combines the principle of privilege enhancement attack, constructs the lifting right attack graph. By using the weighted attack graph, the potential call relationship between the risk components in each Android application is displayed intuitively. The risk value of each node is quantified by PageRank algorithm, and the PageRank algorithm is improved. This paper proposes an improved algorithm MPageRank.MPageRank based on multipath and sensitive authority to improve PageRank in two aspects: (1) in combination with the actual situation of multi-path attack, we usually use multiple paths to launch an attack. An improved algorithm GPageRank. based on multipath Compared with the PageRank algorithm with uniform weight distribution, the GPageRank algorithm obtains the weights of different weights according to the node outlier, which makes the allocation of the node risk value in the weighted attack graph more targeted. (2) on the basis of GPageRank algorithm, According to the difference of authority sensitivity in extended permissions, an improved algorithm MPageRank. based on multipath and sensitive permissions is proposed. In the MPageRank algorithm, by assigning different sensitive values to different levels of permissions, the interference of insensitive permissions to the calculation of risk values is reduced, and the accuracy and credibility of risk values are further improved. At the same time, the attack graph is regarded as the core of the Android privilege enhancement attack protection model, and the security protection model is designed. By calculating the risk value of call sequence between components, the call sequence with high risk is intercepted. Finally, the validity of the security protection model is verified by Genymotion Android virtual machine, and the performance tests of PageRank,GPageRank and MPageRank are carried out using the correct rate, false alarm rate and false alarm rate as the evaluation criteria. The experimental results show that the MPageRank algorithm is better than the algorithm PageRank,GPageRank, in protecting the Android privilege enhancement attack in three aspects: correct rate, false alarm rate and false alarm rate.
【学位授予单位】:哈尔滨工程大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP316;TP309
【参考文献】
相关期刊论文 前10条
1 贺菲菲;贺炎;齐静娜;;移动搜索结果过滤技术的研究[J];物联网技术;2015年10期
2 赵光泽;李晖;孟杨;;Android平台WebView组件安全及应用加固研究[J];信息网络安全;2015年10期
3 董超;杨超;马建峰;张俊伟;;Android系统中第三方登录漏洞与解决方案[J];计算机学报;2016年03期
4 贾同彬;蔡阳;王跃武;高能;;一种面向普通用户的Android APP安全性动态分析方法研究[J];信息网络安全;2015年09期
5 朱佳伟;喻梁文;关志;陈钟;;Android权限机制安全研究综述[J];计算机应用研究;2015年10期
6 杨晶;金伟信;吴作顺;;基于Android系统的权限管理优化方案研究[J];电子质量;2015年03期
7 徐剑;武爽;孙琦;周福才;;面向Android应用程序的代码保护方法研究[J];信息网络安全;2014年10期
8 徐冰泉;张源;杨珉;;GrantDroid:一种支持Android权限即时授予的方法[J];计算机应用与软件;2014年08期
9 张金鑫;杨晓辉;;基于权限分析的Android应用程序检测系统[J];信息网络安全;2014年07期
10 包佳敏;胡爱群;;Android系统文件监听技术的研究[J];信息网络安全;2014年03期
,本文编号:2368385
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2368385.html
