Android应用风险评估系统的设计与实现

发布时间：2018-09-17 09:36

【摘要】：随着智能手机的不断普及,以及Android的快速发展,针对Android的恶意软件、病毒等方面的安全事件也越来越频繁。越来越多的恶意软件、广告被伪装成为正规手机软件从第三方平台上被用户下载安装,随后远程控制用户手机,窃取用户的隐私甚至恶意扣费。然而,现有的Android应用恶意软件检测方法大多是基于行为的研究,在恶意软件暴露之前,很多程序已经对用户造成了损失,不能满足用户需要,因此,研究Android应用静态风险评估很有必要。论文工作主要研究通过静态分析技术实现Android应用的风险评估。论文结合Android应用程序的结构和安全机制有关知识,分析和对比了Android平台恶意软件检测相关技术,然后提出从源代码出发,利用Android静态分析方法,对Android应用程序反编译后的文件进行分析,从而提取权限特征,来有效地评估Android软件中可能存在的恶意行为。论文工作的重点如下:(1)提出了一种基于恶意软件分类的权限特征提取方法,并结合权限组合和机器学习分类方法去除冗余。基于恶意软件分类的方法,提取出能够有效区分恶意软件和正常软件的十种权限特征属性,根据它们彼此的相关性,对它们做了权限组合分类,从而达到去冗余的目的。此方法简单高效,有一定的实际应用价值。(2)采用加权相似算法,对未知Android应用做风险评估。在传统的Android应用安全检测基础之上,提出加权相似算法,通过静态特征库对比,针对有潜在风险的应用程序,给用户提供安全提示。此方法相比较其他检测方法而言,从源代码角度出发,无需实际运行Android应用程序,检测时间较短,占用系统资源较少,成本低,可实际应用于Android应用风险评估。论文在收集了大量真实的正常软件和恶意软件样本的基础上进行实验,实验结果表明所设计的系统能够对新上市的Android应用进行风险评估,系统稳定,功能完善,满足系统需求,达到了较好的效果。总的来说,本论文的研究结果对Android应用安全相关研究有着重要的参考价值。
[Abstract]:With the popularity of smart phones and the rapid development of Android, malicious software, viruses and other security incidents against Android are becoming more and more frequent. More and more malware ads are disguised as regular mobile phone software downloaded and installed from third-party platforms and then remotely controlled to steal users' privacy and even maliciously withhold fees. However, most of the existing malware detection methods for Android applications are based on behavior. Before malware is exposed, many programs have caused losses to users and can not meet the needs of users. It is necessary to study the static risk assessment of Android application. This paper mainly studies the risk assessment of Android application through static analysis technology. Based on the knowledge of Android application structure and security mechanism, this paper analyzes and compares the related technologies of malware detection in Android platform, and then puts forward a static analysis method based on Android, which is based on the source code. This paper analyzes the files of Android application after decompilation, and extracts the permission characteristics to evaluate the possible malicious behavior in Android software effectively. The main work of this paper is as follows: (1) A method of privilege feature extraction based on malware classification is proposed, which combines privilege combination with machine learning classification to remove redundancy. Based on the method of malware classification, ten kinds of privilege characteristic attributes which can effectively distinguish malware from normal software are extracted. According to their correlation, they are classified by combination of permissions, so as to achieve the purpose of eliminating redundancy. This method is simple and efficient, and has some practical application value. (2) using weighted similarity algorithm, the risk assessment of unknown Android applications is made. On the basis of traditional Android application security detection, a weighted similarity algorithm is proposed. Through static feature library comparison, the users are given security hints for potentially risky applications. Compared with other detection methods, this method can be applied to the risk assessment of Android applications because of its short detection time, less system resources and low cost, and no need to actually run Android application program from the point of view of source code. On the basis of collecting a large number of samples of real normal software and malware, the experiment results show that the designed system can evaluate the risk of the newly listed Android applications, and the system is stable, functional perfect, and meets the needs of the system. Good results have been achieved. In general, the results of this paper have important reference value for the research of Android application security.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP316;TP309

【参考文献】