【摘要】：隨著智能手機(jī)的高度普及和手機(jī)性能的增強(qiáng),人們各式各樣的信息也逐漸從PC端轉(zhuǎn)移到了手機(jī)端。目前最流行的智能手機(jī)為Android手機(jī),這是由于其具有開(kāi)源的平臺(tái)和良好的接口。這種開(kāi)放性使得Android平臺(tái)廣受各大廠商和用戶的追捧,但是這也給Android平臺(tái)帶來(lái)巨大安全威脅。手機(jī)勒索軟件就是最具代表性的一種安全威脅。這種流氓軟件通過(guò)鎖屏或加密文件的方式使用戶不能正常的訪問(wèn)自己的設(shè)備或文件,并以此為籌碼向用戶勒索解鎖或解密的費(fèi)用。針對(duì)這種Android勒索軟件,本文提出了一種主動(dòng)實(shí)時(shí)的檢測(cè)方法,能在用戶失去對(duì)設(shè)備或文件的控制權(quán)之前,檢測(cè)并消除勒索軟件惡意行為的危害。首先,本文對(duì)Android勒索軟件樣本進(jìn)行了詳細(xì)的分析,并對(duì)其特征進(jìn)行了總結(jié),發(fā)現(xiàn)這些惡意應(yīng)用存在以下特征:顯示勒索信息、鎖定手機(jī)屏幕、加密用戶文件。然后,根據(jù)Android勒索軟件這些特征,對(duì)Android勒索軟件主動(dòng)實(shí)時(shí)檢測(cè)方法進(jìn)行設(shè)計(jì)。檢測(cè)方法分為三個(gè)階段,分別是應(yīng)用過(guò)濾、靜態(tài)特征分析和動(dòng)態(tài)行為實(shí)時(shí)監(jiān)控,這三個(gè)階段分別實(shí)現(xiàn)了對(duì)應(yīng)用捕捉過(guò)濾、勒索文本與鎖屏策略檢測(cè)和加密行為檢測(cè)。最后,本文對(duì)Android勒索軟件的主動(dòng)實(shí)時(shí)方法進(jìn)行實(shí)現(xiàn),并使用收集到的675個(gè)勒索軟件樣本和9238個(gè)正常應(yīng)用,通過(guò)三個(gè)實(shí)驗(yàn)對(duì)系統(tǒng)進(jìn)行全面的測(cè)試。測(cè)試實(shí)驗(yàn)顯示,本系統(tǒng)在檢測(cè)勒索軟件方面有很高的準(zhǔn)確性和很低的誤報(bào)率。同時(shí)系統(tǒng)在移動(dòng)設(shè)備上資源消耗低,具有很高的實(shí)用性。
[Abstract]:With the popularity of smart phones and the enhancement of mobile phone performance, all kinds of information is gradually transferred from PC to mobile phone. The most popular smartphone is the Android phone, due to its open source platform and good interface. This kind of openness makes the Android platform popular with the major manufacturers and users, but it also brings a huge security threat to the Android platform. Mobile blackmail software is the most representative of a security threat. This kind of rogue software can not access their equipment or files normally by locking screen or encrypting files, and it is used as a bargaining chip to extort the cost of unlocking or decrypting. For this Android blackmail software, this paper proposes an active real-time detection method, which can detect and eliminate the harm of malicious behavior of extortion software before the user loses control of the device or file. Firstly, this paper analyzes the sample of Android extortion software in detail, and summarizes its features. It is found that these malicious applications have the following characteristics: displaying extortion information, locking the mobile phone screen, and encrypting user files. Then, according to the characteristics of Android blackmail software, the active real-time detection method of Android blackmail software is designed. The detection method is divided into three stages: application filtering, static feature analysis and real-time monitoring of dynamic behavior. These three phases implement application capture filtering, extortion text and screen locking strategy detection and encryption behavior detection respectively. Finally, this paper implements the active real-time method of Android blackmail software, and uses the collected 675 samples of extortion software and 9238 normal applications to test the system through three experiments. The test results show that the system has high accuracy and low false alarm rate in detecting extortion software. At the same time, the system has low resource consumption and high practicability on mobile devices.
【學(xué)位授予單位】：武漢大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP316;TP309

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 林耕宇;;觀摩50名Google Android程序開(kāi)發(fā)競(jìng)賽作品[J];電子與電腦;2008年08期

2 樹(shù)子;;Android中文版不完全體驗(yàn)[J];互聯(lián)網(wǎng)天地;2009年04期

3 Jason Whitmire;;產(chǎn)業(yè)軟件專家如何協(xié)助解決Android的分裂困境[J];電子與電腦;2010年02期

4 蔣彬;;10款A(yù)ndroid手機(jī)必備應(yīng)用——Android操作系下的軟件評(píng)測(cè)[J];微電腦世界;2010年04期

5 ;PCWorld Windows Phone 7挑戰(zhàn)Android 毅然崛起的AndroidⅠ洗心革面的Windows Phone 7[J];微電腦世界;2010年08期

6 韓青;;Android平臺(tái)發(fā)展的動(dòng)力與挑戰(zhàn)[J];中國(guó)電子商情(基礎(chǔ)電子);2010年09期

7 方智勇;;Android手機(jī)這樣用[J];電腦迷;2010年15期

8 缺少浪漫;;Android的另一面[J];電腦迷;2010年13期

9 ;ZTE and Three Release Android ，

本文編號(hào)：2211586