發(fā)布時間：2018-04-08 18:04

  本文選題：網(wǎng)絡流量采集　切入點：Android程序遍歷　出處：《濟南大學》2017年碩士論文

【摘要】：隨著移動終端的廣泛使用,尤其是智能手機的迅速普及,移動智能終端給現(xiàn)代社會巨大的變革。然而隨著移動應用的普及和用戶數(shù)量爆發(fā)式增長,移動智能終端的安全也面臨著巨大挑戰(zhàn)。在移動終端惡意軟件檢測領域,近年來學術(shù)界和產(chǎn)業(yè)界關注的除了靜態(tài)特征碼和動態(tài)行為分析方法之外,基于網(wǎng)絡流量特征的檢測方法日益被業(yè)界關注和研究。但這種檢測技術(shù)由于用到機器學習技術(shù)甚至是深度學習技術(shù),因此獲取海量的、有標記的網(wǎng)絡流量數(shù)據(jù)成為了研究的首要任務。針對以上問題,為達到快速收集指定應用程序網(wǎng)絡流量數(shù)據(jù)的目的。本文設計并實現(xiàn)了基于集群架構(gòu)的移動終端網(wǎng)絡流量采集與服務平臺。該平臺分為三部分,第一部分是存儲服務器,用于存儲應用程序文件和網(wǎng)絡流量文件;第二部分是控制及服務系統(tǒng),用于整個平臺的控制;第三部分是采集集群,由采集流量計算機(采集機)組成,用于采集移動終端網(wǎng)絡流量。每一臺采集計算機中部署多線程網(wǎng)絡流量采集程序,采集計算機中開啟多個線程,每一個線程通過程序?qū)崿F(xiàn)全自動的應用程序網(wǎng)絡流量收集任務。并且針對收集的網(wǎng)絡流量文件,本平臺可以對其進行進一步的處理,例如提取網(wǎng)絡流量中的DNS數(shù)據(jù)包、TCP流,提取目的地址為惡意地址的TCP流,網(wǎng)絡流量可視化等。應用技術(shù)方面,平臺使用Python語言搭建了基于集群架構(gòu)的Android系統(tǒng)網(wǎng)絡流量采集系統(tǒng),并且編寫了專門的Android應用程序界面遍歷腳本和采用PHP語言編寫的WEB端的管理系統(tǒng)。前者使得自動化采集到的網(wǎng)絡流量更加接近真實環(huán)境下產(chǎn)生的網(wǎng)絡流量,后者則方便研究人員操作該平臺。本文利用平臺共采集68000余個安卓應用程序,采集到網(wǎng)絡流量字節(jié)數(shù)大約21GB,經(jīng)過進一步處理得到大約106萬個TCP網(wǎng)絡流和88萬個DNS請求,從DNS數(shù)據(jù)包中提取得到大約1萬個請求的域名,再經(jīng)過檢測發(fā)現(xiàn)744個屬于惡意域名,進一步提取出純惡意網(wǎng)絡流量大約1GB。目前該數(shù)據(jù)集不僅在本校實驗室中使用,還共享給了內(nèi)布拉斯加大學林肯分校、湖南大學等研究團隊。
[Abstract]:With the wide use of mobile terminals, especially the rapid popularization of smart phones, mobile intelligent terminals have brought great changes to modern society.However, with the popularity of mobile applications and the explosive growth of the number of users, the security of mobile intelligent terminals is also facing great challenges.In the field of mobile terminal malware detection, in recent years, in addition to static signature and dynamic behavior analysis methods, the detection methods based on network traffic characteristics have been paid more and more attention and research in academia and industry.However, due to the use of machine learning technology and even deep learning technology, obtaining massive and marked network traffic data becomes the primary task of the research.In view of the above problems, in order to achieve the purpose of fast collection of network traffic data for specified applications.This paper designs and implements a mobile terminal network traffic collection and service platform based on cluster architecture.The platform is divided into three parts, the first part is the storage server, which is used to store application files and network traffic files; the second part is the control and service system for the control of the whole platform; the third part is the collection cluster.By the collection flow computer (acquisition machine), used to collect mobile terminal network traffic.A multithread network traffic collection program is deployed in each acquisition computer, and multiple threads are opened in the acquisition computer. Each thread realizes the automatic network traffic collection task of the application program through the program.For the collected network traffic files, the platform can further process them, such as extracting DNS data packets from network traffic, extracting TCP flows with malicious address, network traffic visualization and so on.In terms of application technology, the platform uses Python language to build a network traffic acquisition system of Android system based on cluster architecture, and compiles a special Android application interface traversal script and a WEB management system written by PHP language.The former makes the automatically collected network traffic closer to the network traffic generated in real environment, while the latter is convenient for researchers to operate the platform.This paper uses the platform to collect more than 68000 Android applications, collects about 21GB of network traffic bytes, and gets about 10.6m TCP network streams and 880,000 DNS requests after further processing.Ten thousand requested domain names were extracted from DNS packets, and 744 domain names were found to be malicious domain names after detection, and the pure malicious network traffic was further extracted about 1 GB.The data set is not only used in our laboratory, but also shared with research teams at the University of Nebraska, Lincoln and Hunan University.
【學位授予單位】：濟南大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TP393.06;TP311.52

【參考文獻】

相關期刊論文 前1條

1 諸葛建偉;段海新;谷亮;;中國互聯(lián)網(wǎng)信息安全地下產(chǎn)業(yè)鏈調(diào)查[J];信息安全與通信保密;2012年09期

相關博士學位論文 前6條

1 韓曉光;惡意代碼檢測關鍵技術(shù)研究[D];北京科技大學;2015年

2 董航;移動應用程序檢測與防護技術(shù)研究[D];北京郵電大學;2014年

3 趙大偉;移動網(wǎng)絡安全若干關鍵問題研究[D];北京郵電大學;2014年

4 張源;安卓平臺安全性增強關鍵技術(shù)的研究[D];復旦大學;2014年

5 劉芳;信息可視化技術(shù)及應用研究[D];浙江大學;2013年

6 何躍鷹;互聯(lián)網(wǎng)規(guī)制研究[D];北京郵電大學;2012年

相關碩士學位論文 前7條

1 楊文;基于支持向量機的Android惡意軟件檢測方法研究[D];南京理工大學;2015年

2 魏向宇;基于程序結(jié)構(gòu)特征的變形惡意程序靜態(tài)檢測[D];南京大學;2014年

3 嚴愷;基于云計算的移動醫(yī)療系統(tǒng)研究[D];中南大學;2014年

4 李嘉;移動智能終端軟件行為安全分析[D];南京理工大學;2014年

5 王同欣;分布式計算框架Antnest的任務調(diào)度設計與實現(xiàn)[D];華中科技大學;2012年

6 童瑞霞;基于動態(tài)反饋機制的集群負載均衡算法研究[D];武漢理工大學;2011年

7 王桂榮;計算機集群技術(shù)的研究與應用[D];天津大學;2003年

，

本文編號：1722730