本文選題：Android安全　切入點：重打包惡意軟件　出處：《中國礦業(yè)大學》2017年碩士論文

【摘要】：隨著智能手機的快速發(fā)展,具備各種功能的手機軟件幾乎覆蓋了人們?nèi)粘Ｉ畹姆椒矫婷?這使得智能手機已經(jīng)成為了人們生活中不可或缺的工具。人們在使用這些手機軟件的同時,會不可避免地將個人隱私信息儲存在手機中,這些隱私信息也就成為了攻擊者們所垂涎的目標。近些年來,作為最流行的智能手機操作系統(tǒng),Android系統(tǒng)已經(jīng)成為了惡意軟件攻擊的主要目標。這些惡意軟件不僅會盜取用戶隱私數(shù)據(jù),還會濫用系統(tǒng)資源,擾亂設備的正常使用甚至對設備造成物理損害。而對Android惡意軟件檢測的研究在近年來成為了信息安全領域的研究熱點之一。本文中分析了現(xiàn)有Android惡意軟件檢測方案的不足,通過對Android安全機制、Android自動化測試、Android軟件開發(fā)以及Python數(shù)據(jù)分析的學習與研究,設計了一種新的基于網(wǎng)絡行為分析的Android惡意軟件動態(tài)檢測方案。本文的主要成果如下:1.設計了一種Android自動化黑盒測試方法,該方法結合了Robotium和Monkey兩種Android自動化測試技術,在應用程序的普通按鍵和觸碰操作中選擇Monkey方法用來進行自動化操作,在應用程序的敏感操作中,例如登錄賬號等,則選擇Robotium方法來進行精確的自動化操作。該黑盒測試方法可以滿足在動態(tài)檢測方案的需求,實現(xiàn)了對敏感操作的高度覆蓋。2.開發(fā)了一個Android網(wǎng)絡監(jiān)聽軟件,該軟件運行在搭載著Android操作系統(tǒng)的終端設備上,軟件在執(zhí)行網(wǎng)絡監(jiān)聽操作時可以獲取該終端上所有應用程序的網(wǎng)絡流量信息,并在監(jiān)聽操作終止時將這些數(shù)據(jù)信息以CSV的文件格式保存在本地,可以很方便地對這些數(shù)據(jù)進行后續(xù)的操作分析。相比于其他一些獲取Android應用程序網(wǎng)絡流量的方法,該軟件效率更高而且更容易被部署,其只需要操作系統(tǒng)的root權限即可完成所有的網(wǎng)絡監(jiān)聽操作。3.提出了一種基于網(wǎng)絡行為分析的Android惡意軟件檢測方案,該方案的原理是在被檢測的應用程序上自動化模擬用戶的各種操作行為,利用Android網(wǎng)絡監(jiān)聽工具獲取該過程中的網(wǎng)絡行為信息,從中篩選出與被檢測程序相關的數(shù)據(jù)信息并提取出IP地址信息作為檢測的特征值,利用所設計的異常檢測方法判斷出該應用程序的網(wǎng)絡行為中是否存在異常,進而判斷該程序是否為惡意軟件。通過評估實驗驗證,該方案能夠高準確度地檢測出Android重打包惡意軟件。
[Abstract]:With the rapid development of smart phones, mobile phone software with various functions covers almost every aspect of people's daily life, which makes smartphone has become an indispensable tool in people's life.When people use these mobile phone software, they will inevitably store the personal privacy information in the mobile phone, which will become the target that the attackers coveted.In recent years, Android, the most popular smartphone operating system, has become the main target of malware attacks.These malware will not only steal user privacy data, but also abuse system resources, disturb the normal use of equipment and even cause physical damage to equipment.In recent years, the research on Android malware detection has become one of the hotspots in the field of information security.In this paper, the shortcomings of the existing malware detection schemes are analyzed, and the study and research on the Android security mechanism and the Python data analysis are given.A new dynamic detection scheme for Android malware based on network behavior analysis is designed.The main results of this paper are as follows: 1.A Android automatic black box test method is designed. This method combines Robotium and Monkey with two kinds of Android automatic testing techniques. Monkey method is selected to automate the operation in the common key and touch operation of the application program.In the application of sensitive operations, such as login account, select the Robotium method for accurate automation.The black box test method can meet the requirements of dynamic detection scheme and achieve a high coverage of sensitive operation. 2.A Android network monitoring software is developed. The software runs on terminal devices with Android operating system. The software can obtain network traffic information of all applications on the terminal while performing network monitoring operation.At the end of the listening operation, the data information is saved in the file format of CSV, which can be used to analyze the data conveniently.Compared with other methods to obtain network traffic of Android application, the software is more efficient and easier to deploy. It only needs the root permission of the operating system to complete all network listening operations.In this paper, a Android malware detection scheme based on network behavior analysis is proposed. The principle of this scheme is to simulate the user's operation behavior automatically on the detected application program.The network behavior information in the process is obtained by using the Android network monitoring tool, and the data information related to the detected program is screened out from it, and the IP address information is extracted as the characteristic value of the detection.The proposed anomaly detection method is used to determine whether there is any anomaly in the network behavior of the application, and then to determine whether the program is malware or not.The scheme can detect Android repackaged malware with high accuracy.
【學位授予單位】：中國礦業(yè)大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TP309;TP316

【參考文獻】

相關期刊論文 前8條

1 侯勤勝;曹天杰;;安卓惡意軟件的分析與檢測[J];河南科技大學學報(自然科學版);2015年05期

2 彭國軍;李晶雯;孫潤康;肖云倡;;Android惡意軟件檢測研究與進展[J];武漢大學學報(理學版);2015年01期

3 楊歡;張玉清;胡予濮;劉奇旭;;基于多類特征的Android應用惡意行為檢測系統(tǒng)[J];計算機學報;2014年01期

4 楊歡;張玉清;胡予濮;劉奇旭;;基于權限頻繁模式挖掘算法的Android惡意應用檢測方法[J];通信學報;2013年S1期

5 Jianlin Xu;Yifan Yu;Zhen Chen;Bin Cao;Wenyu Dong;Yu Guo;Junwei Cao;;MobSafe:Cloud Computing Based Forensic Analysis for Massive Mobile Applications Using Data Mining[J];Tsinghua Science and Technology;2013年04期

6 劉劍;孫可欽;汪孫律;;基于控制流挖掘的Android系統(tǒng)代碼漏洞分析[J];清華大學學報(自然科學版);2012年10期

7 戴威;鄭滔;;基于Android權限機制的動態(tài)隱私保護模型[J];計算機應用研究;2012年09期

8 劉昌平;范明鈺;王光衛(wèi);鄭秀林;宮亞峰;;Android手機的輕量級訪問控制[J];計算機應用研究;2010年07期

相關博士學位論文 前2條

1 曾述可;基于靜態(tài)分析的Android操作系統(tǒng)隱私保護機制評估方法研究[D];中國科學技術大學;2014年

2 楊歡;協(xié)議漏洞挖掘及Android平臺惡意應用檢測技術研究[D];西安電子科技大學;2014年

，

本文編號：1707350