Android平台动态恶意行为检测系统的设计与实现
发布时间:2018-09-03 19:50
【摘要】:近年来,Android智能手机日益普及,伴随着3G、4G网络的兴起和发展,智能手机已经成为了人们日常工作、生活必不可少的部分。智能手机实现了网上支付、网上理财等功能。智能手机功能越强大,潜在危机越多。而不法分子正是看到了这些潜在危机,着手谋取利益,企图盗窃用户隐私信息及钱财,恶意软件则充当了这些不法分子的犯罪工具。Android系统的开源性也助长了恶意软件的产生,给用户带来安全问题。本文在充分研究恶意软件行为特征以及当前恶意软件检测方法的基础上,提出了基于隐Markov模型的Android系统恶意行为检测方法。在检测的方式上选择了以软件行为作为检测要素的动态检测方法,避免了其他恶意软件检测方法的不断更新恶意代码库问题,同时也可以对未知的恶意软件进行检测。在检测内容上本文的研究注重于短信、电话、网络、位置信息,这些都给用户的隐私构成了较大的威胁。检测模型采用了基于隐Markov模型,利用评估方法实现对恶意软件的判断。同时利用隐Markov模型良好的学习能力,实现了机器自主学习的功能。通过不断的学习来提高对恶意软件判断的准确性。在实现检测方法中,本文建立了以用户判断为基础的检测模型。在模型参数选择时,为了体现用户使用习惯,在平衡对恶意行为检测的效率和对系统资源的占用这两个因素的前提下,本文选取了若干能够反映用户使用习惯的行为参数来建立模型。考虑到智能手机硬件配置的局限性,为了降低对系统资源的占用率,实现了轻量级的恶意行为检测软件。本系统的亮点如下:1.模型的参数不需要通过第三方的分析软件来获得,仅借助于Android系统自身的广播机制和优良的框架层监控体系来实现参数的获取。2.基于Android系统的广播机制来实现软件行为获取,实现了系统不用常驻后台运行,只有收到相关广播时才启动。3.在判断模型中,除了系统自动判断还加入了用户的判断:设立黑白名单,不仅提高了在判断恶意行为时的效率,也提高了检测方法的灵活性,同时还降低了对系统资源的占用率。系统最后进行了测试,应用正常短信软件与可以在后台发送指定短信的恶意程序进行对比测试,测试结果表明系统能够识别出区别于用户使用习惯的恶意行为,达到了预期的效果。
[Abstract]:In recent years, Android smartphone is becoming more and more popular. With the rise and development of 3G 4G network, smart phone has become an indispensable part of people's daily work and life. Smart phone to achieve online payment, online financing and other functions. The more powerful the smartphone, the more potential crises. And the lawbreakers saw these potential crises, set out to seek profits, and attempted to steal user privacy information and money. Malware, on the other hand, served as a criminal tool for these criminals. The open source of the Android system also contributed to the production of malicious software. Bring security problems to users. Based on the study of malicious software behavior characteristics and current malware detection methods, this paper proposes a malicious behavior detection method for Android system based on hidden Markov model. In the way of detection, the dynamic detection method based on software behavior is chosen to avoid the problem of updating the malicious code base of other malware detection methods, and at the same time, it can detect unknown malware. In the detection of content, this paper focuses on SMS, telephone, network, location information, which pose a great threat to the privacy of users. The detection model is based on the hidden Markov model and the evaluation method is used to judge the malware. At the same time, the function of machine autonomous learning is realized by using the good learning ability of hidden Markov model. Through continuous learning to improve the accuracy of malware judgment. In the implementation of the detection method, the detection model based on user judgment is established. In the selection of model parameters, in order to reflect the usage habits of users, under the premise of balancing the efficiency of malicious behavior detection and the occupation of system resources, In this paper, we select some behavior parameters that can reflect the usage habits of users to build the model. Considering the limitations of smart phone hardware configuration, a lightweight malicious behavior detection software is implemented in order to reduce the utilization of system resources. The highlights of the system are as follows: 1. The parameters of the model do not need to be obtained by the analysis software of the third party, but only by the broadcast mechanism of the Android system and the excellent framework layer monitoring system to obtain the parameters. 2. The broadcast mechanism based on Android system realizes the acquisition of software behavior. It realizes that the system does not need to live in the background to run. In the judgment model, in addition to the automatic judgment of the system, users' judgment is added: the establishment of black-and-white lists not only improves the efficiency in judging malicious acts, but also enhances the flexibility of detection methods. At the same time, the utilization rate of system resources is reduced. Finally, the system is tested, using the normal SMS software and the malicious program which can send the specified SMS in the background. The test results show that the system can recognize the malicious behavior which is different from the user's usage habits. The expected effect has been achieved.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP316;TP274
本文编号:2220996
[Abstract]:In recent years, Android smartphone is becoming more and more popular. With the rise and development of 3G 4G network, smart phone has become an indispensable part of people's daily work and life. Smart phone to achieve online payment, online financing and other functions. The more powerful the smartphone, the more potential crises. And the lawbreakers saw these potential crises, set out to seek profits, and attempted to steal user privacy information and money. Malware, on the other hand, served as a criminal tool for these criminals. The open source of the Android system also contributed to the production of malicious software. Bring security problems to users. Based on the study of malicious software behavior characteristics and current malware detection methods, this paper proposes a malicious behavior detection method for Android system based on hidden Markov model. In the way of detection, the dynamic detection method based on software behavior is chosen to avoid the problem of updating the malicious code base of other malware detection methods, and at the same time, it can detect unknown malware. In the detection of content, this paper focuses on SMS, telephone, network, location information, which pose a great threat to the privacy of users. The detection model is based on the hidden Markov model and the evaluation method is used to judge the malware. At the same time, the function of machine autonomous learning is realized by using the good learning ability of hidden Markov model. Through continuous learning to improve the accuracy of malware judgment. In the implementation of the detection method, the detection model based on user judgment is established. In the selection of model parameters, in order to reflect the usage habits of users, under the premise of balancing the efficiency of malicious behavior detection and the occupation of system resources, In this paper, we select some behavior parameters that can reflect the usage habits of users to build the model. Considering the limitations of smart phone hardware configuration, a lightweight malicious behavior detection software is implemented in order to reduce the utilization of system resources. The highlights of the system are as follows: 1. The parameters of the model do not need to be obtained by the analysis software of the third party, but only by the broadcast mechanism of the Android system and the excellent framework layer monitoring system to obtain the parameters. 2. The broadcast mechanism based on Android system realizes the acquisition of software behavior. It realizes that the system does not need to live in the background to run. In the judgment model, in addition to the automatic judgment of the system, users' judgment is added: the establishment of black-and-white lists not only improves the efficiency in judging malicious acts, but also enhances the flexibility of detection methods. At the same time, the utilization rate of system resources is reduced. Finally, the system is tested, using the normal SMS software and the malicious program which can send the specified SMS in the background. The test results show that the system can recognize the malicious behavior which is different from the user's usage habits. The expected effect has been achieved.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP316;TP274
【参考文献】
相关期刊论文 前8条
1 冯博;戴航;慕德俊;;Android恶意软件检测方法研究[J];计算机技术与发展;2014年02期
2 胡文君;赵双;陶敬;马小博;陈亮;;一种针对Android平台恶意代码的检测方法及系统实现[J];西安交通大学学报;2013年10期
3 刘伟;孙其博;;Android平台恶意软件行为模式研究[J];软件;2012年11期
4 王玮;;基于Android系统的恶意程序原理分析[J];信息网络安全;2012年10期
5 童振飞;杨庚;;Android平台恶意软件的静态行为检测[J];江苏通信;2011年01期
6 蔡罗成;;Android后台监听实现机制浅析[J];信息安全与通信保密;2010年06期
7 王志国;侯银涛;石荣刚;;Android智能手机系统的文件实时监控技术[J];计算机安全;2009年12期
8 管云涛;段海新;;自动的恶意代码动态分析系统的设计与实现[J];小型微型计算机系统;2009年07期
相关会议论文 前1条
1 杨卫军;秦海权;王鹏;;Android移动应用软件检测平台[A];第27次全国计算机安全学术交流会论文集[C];2012年
相关硕士学位论文 前8条
1 吕晓庆;Android软件动态行为监测系统的设计和实现[D];北京邮电大学;2013年
2 刘超;Android异常检测系统的研究与实现[D];北京交通大学;2013年
3 刘伟;基于行为模式的Android平台入侵检测系统的设计与实现[D];北京邮电大学;2013年
4 王菲飞;基于Android平台的手机恶意代码检测与防护技术研究[D];北京交通大学;2012年
5 左玲;基于Android恶意软件检测系统的设计与实现[D];电子科技大学;2012年
6 李佳;Android平台恶意软件检测评估技术研究[D];北京邮电大学;2012年
7 路程;Android平台恶意软件检测系统的设计与实现[D];北京邮电大学;2012年
8 刘泽衡;基于Android智能手机的安全检测系统的研究与实现[D];哈尔滨工业大学;2011年
,本文编号:2220996
本文链接:https://www.wllwen.com/kejilunwen/zidonghuakongzhilunwen/2220996.html
