针对Android勒索软件的主动实时检测方法研究与实现
发布时间:2018-08-29 15:11
【摘要】:随着智能手机的高度普及和手机性能的增强,人们各式各样的信息也逐渐从PC端转移到了手机端。目前最流行的智能手机为Android手机,这是由于其具有开源的平台和良好的接口。这种开放性使得Android平台广受各大厂商和用户的追捧,但是这也给Android平台带来巨大安全威胁。手机勒索软件就是最具代表性的一种安全威胁。这种流氓软件通过锁屏或加密文件的方式使用户不能正常的访问自己的设备或文件,并以此为筹码向用户勒索解锁或解密的费用。针对这种Android勒索软件,本文提出了一种主动实时的检测方法,能在用户失去对设备或文件的控制权之前,检测并消除勒索软件恶意行为的危害。首先,本文对Android勒索软件样本进行了详细的分析,并对其特征进行了总结,发现这些恶意应用存在以下特征:显示勒索信息、锁定手机屏幕、加密用户文件。然后,根据Android勒索软件这些特征,对Android勒索软件主动实时检测方法进行设计。检测方法分为三个阶段,分别是应用过滤、静态特征分析和动态行为实时监控,这三个阶段分别实现了对应用捕捉过滤、勒索文本与锁屏策略检测和加密行为检测。最后,本文对Android勒索软件的主动实时方法进行实现,并使用收集到的675个勒索软件样本和9238个正常应用,通过三个实验对系统进行全面的测试。测试实验显示,本系统在检测勒索软件方面有很高的准确性和很低的误报率。同时系统在移动设备上资源消耗低,具有很高的实用性。
[Abstract]:With the popularity of smart phones and the enhancement of mobile phone performance, all kinds of information is gradually transferred from PC to mobile phone. The most popular smartphone is the Android phone, due to its open source platform and good interface. This kind of openness makes the Android platform popular with the major manufacturers and users, but it also brings a huge security threat to the Android platform. Mobile blackmail software is the most representative of a security threat. This kind of rogue software can not access their equipment or files normally by locking screen or encrypting files, and it is used as a bargaining chip to extort the cost of unlocking or decrypting. For this Android blackmail software, this paper proposes an active real-time detection method, which can detect and eliminate the harm of malicious behavior of extortion software before the user loses control of the device or file. Firstly, this paper analyzes the sample of Android extortion software in detail, and summarizes its features. It is found that these malicious applications have the following characteristics: displaying extortion information, locking the mobile phone screen, and encrypting user files. Then, according to the characteristics of Android blackmail software, the active real-time detection method of Android blackmail software is designed. The detection method is divided into three stages: application filtering, static feature analysis and real-time monitoring of dynamic behavior. These three phases implement application capture filtering, extortion text and screen locking strategy detection and encryption behavior detection respectively. Finally, this paper implements the active real-time method of Android blackmail software, and uses the collected 675 samples of extortion software and 9238 normal applications to test the system through three experiments. The test results show that the system has high accuracy and low false alarm rate in detecting extortion software. At the same time, the system has low resource consumption and high practicability on mobile devices.
【学位授予单位】:武汉大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP316;TP309
[Abstract]:With the popularity of smart phones and the enhancement of mobile phone performance, all kinds of information is gradually transferred from PC to mobile phone. The most popular smartphone is the Android phone, due to its open source platform and good interface. This kind of openness makes the Android platform popular with the major manufacturers and users, but it also brings a huge security threat to the Android platform. Mobile blackmail software is the most representative of a security threat. This kind of rogue software can not access their equipment or files normally by locking screen or encrypting files, and it is used as a bargaining chip to extort the cost of unlocking or decrypting. For this Android blackmail software, this paper proposes an active real-time detection method, which can detect and eliminate the harm of malicious behavior of extortion software before the user loses control of the device or file. Firstly, this paper analyzes the sample of Android extortion software in detail, and summarizes its features. It is found that these malicious applications have the following characteristics: displaying extortion information, locking the mobile phone screen, and encrypting user files. Then, according to the characteristics of Android blackmail software, the active real-time detection method of Android blackmail software is designed. The detection method is divided into three stages: application filtering, static feature analysis and real-time monitoring of dynamic behavior. These three phases implement application capture filtering, extortion text and screen locking strategy detection and encryption behavior detection respectively. Finally, this paper implements the active real-time method of Android blackmail software, and uses the collected 675 samples of extortion software and 9238 normal applications to test the system through three experiments. The test results show that the system has high accuracy and low false alarm rate in detecting extortion software. At the same time, the system has low resource consumption and high practicability on mobile devices.
【学位授予单位】:武汉大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP316;TP309
【相似文献】
相关期刊论文 前10条
1 林耕宇;;观摩50名Google Android程序开发竞赛作品[J];电子与电脑;2008年08期
2 树子;;Android中文版不完全体验[J];互联网天地;2009年04期
3 Jason Whitmire;;产业软件专家如何协助解决Android的分裂困境[J];电子与电脑;2010年02期
4 蒋彬;;10款Android手机必备应用——Android操作系下的软件评测[J];微电脑世界;2010年04期
5 ;PCWorld Windows Phone 7挑战Android 毅然崛起的AndroidⅠ洗心革面的Windows Phone 7[J];微电脑世界;2010年08期
6 韩青;;Android平台发展的动力与挑战[J];中国电子商情(基础电子);2010年09期
7 方智勇;;Android手机这样用[J];电脑迷;2010年15期
8 缺少浪漫;;Android的另一面[J];电脑迷;2010年13期
9 ;ZTE and Three Release Android ,
本文编号:2211586
本文链接:https://www.wllwen.com/shoufeilunwen/xixikjs/2211586.html
