基于静态污点分析的Android应用隐私泄露检测研究与实现
发布时间:2019-01-05 11:27
【摘要】:近年来,Android智能手机发展十分迅速,但是Android系统的开源性以及应用商城对新发布软件检查力度的薄弱,导致Android平台上的恶意软件日渐增长,单纯依靠病毒分析人员手工处理已经无法满足海量样本的要求。在常见的敏感行为中,用户敏感数据泄露尤为突出,轻则造成移动设备编号的泄露,重则造成账号密码的泄露。因此,论文从APK功能分类和检测量化两个方向对静态检测进行研究,并将研究结果应用于APK文件静态检测系统的设计和实现。论文总结静态分析的特点,结合静态污点传播技术,将APK文件按照实际运行功能进行分类,并根据分类配置分析过程中所需要的SOURCE和SINK文件,使静态分析更具有针对性,减少内存和时间消耗。其次,设计了敏感值计算模型。在分类的基础上,统计各个功能分类中待检测敏感调用的使用频率,并以此为数据基础计算敏感调用的敏感值、敏感路径的敏感值以及APK文件整体的敏感值。最后,在以上两点理论的基础上,论文实现了一个完整的检测系统。为了更有效的提炼出已经检测到的隐私泄露问题,论文设计出一套能够快速定位所被检测APK文件特性的报表。通过报表,用户能够直观的看到关于检测到的敏感路径的描述,以及对文件敏感性的数值估计。系统测试和分析表明该静态检测系统提高了检测准确率并降低了检测时间。
[Abstract]:In recent years, Android smartphones have developed very rapidly, but the open source of Android system and the weak check of newly released software by application mall have led to the increasing malware on Android platform. Simply relying on virus analysts manual processing has been unable to meet the requirements of a large number of samples. In the common sensitive behavior, the sensitive data leakage of the user is especially prominent, which causes the leakage of the mobile device number and the password of the account. Therefore, this paper studies static detection from two aspects of APK function classification and quantification, and applies the research results to the design and implementation of APK file static detection system. This paper summarizes the characteristics of static analysis, combines the static stain propagation technology, classifies the APK files according to the actual running function, and according to the SOURCE and SINK files needed in the process of classification and configuration analysis, makes the static analysis more targeted. Reduce memory and time consumption. Secondly, the sensitive value calculation model is designed. On the basis of the classification, the frequency of the sensitive calls to be detected in each functional classification is counted, and the sensitive values of the sensitive calls, the sensitive paths and the whole sensitive values of the APK files are calculated on the basis of the data. Finally, on the basis of the above two theories, a complete detection system is implemented. In order to extract the detected privacy disclosure problem more effectively, this paper designs a set of report forms which can locate the detected APK file characteristics quickly. Through the report, the user can visualize the description of the detected sensitive path and the numerical estimation of the sensitivity of the file. The system test and analysis show that the static detection system improves the detection accuracy and reduces the detection time.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP309;TP316
本文编号:2401725
[Abstract]:In recent years, Android smartphones have developed very rapidly, but the open source of Android system and the weak check of newly released software by application mall have led to the increasing malware on Android platform. Simply relying on virus analysts manual processing has been unable to meet the requirements of a large number of samples. In the common sensitive behavior, the sensitive data leakage of the user is especially prominent, which causes the leakage of the mobile device number and the password of the account. Therefore, this paper studies static detection from two aspects of APK function classification and quantification, and applies the research results to the design and implementation of APK file static detection system. This paper summarizes the characteristics of static analysis, combines the static stain propagation technology, classifies the APK files according to the actual running function, and according to the SOURCE and SINK files needed in the process of classification and configuration analysis, makes the static analysis more targeted. Reduce memory and time consumption. Secondly, the sensitive value calculation model is designed. On the basis of the classification, the frequency of the sensitive calls to be detected in each functional classification is counted, and the sensitive values of the sensitive calls, the sensitive paths and the whole sensitive values of the APK files are calculated on the basis of the data. Finally, on the basis of the above two theories, a complete detection system is implemented. In order to extract the detected privacy disclosure problem more effectively, this paper designs a set of report forms which can locate the detected APK file characteristics quickly. Through the report, the user can visualize the description of the detected sensitive path and the numerical estimation of the sensitivity of the file. The system test and analysis show that the static detection system improves the detection accuracy and reduces the detection time.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP309;TP316
【参考文献】
相关期刊论文 前2条
1 秦中元;徐毓青;梁彪;张群芳;黄杰;;一种Android平台恶意软件静态检测方法[J];东南大学学报(自然科学版);2013年06期
2 彭智俊;张源;杨珉;;用静态信息流分析检测Android应用中的日志隐患[J];小型微型计算机系统;2013年06期
相关硕士学位论文 前1条
1 王舒;基于逆向工程的Android恶意代码的研究实现与预防[D];电子科技大学;2013年
,本文编号:2401725
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2401725.html
