【摘要】：隨著智能手機(jī)的不斷普及,以及Android的快速發(fā)展,針對Android的惡意軟件、病毒等方面的安全事件也越來越頻繁。越來越多的惡意軟件、廣告被偽裝成為正規(guī)手機(jī)軟件從第三方平臺上被用戶下載安裝,隨后遠(yuǎn)程控制用戶手機(jī),竊取用戶的隱私甚至惡意扣費(fèi)。然而,現(xiàn)有的Android應(yīng)用惡意軟件檢測方法大多是基于行為的研究,在惡意軟件暴露之前,很多程序已經(jīng)對用戶造成了損失,不能滿足用戶需要,因此,研究Android應(yīng)用靜態(tài)風(fēng)險評估很有必要。論文工作主要研究通過靜態(tài)分析技術(shù)實(shí)現(xiàn)Android應(yīng)用的風(fēng)險評估。論文結(jié)合Android應(yīng)用程序的結(jié)構(gòu)和安全機(jī)制有關(guān)知識,分析和對比了Android平臺惡意軟件檢測相關(guān)技術(shù),然后提出從源代碼出發(fā),利用Android靜態(tài)分析方法,對Android應(yīng)用程序反編譯后的文件進(jìn)行分析,從而提取權(quán)限特征,來有效地評估Android軟件中可能存在的惡意行為。論文工作的重點(diǎn)如下:(1)提出了一種基于惡意軟件分類的權(quán)限特征提取方法,并結(jié)合權(quán)限組合和機(jī)器學(xué)習(xí)分類方法去除冗余。基于惡意軟件分類的方法,提取出能夠有效區(qū)分惡意軟件和正常軟件的十種權(quán)限特征屬性,根據(jù)它們彼此的相關(guān)性,對它們做了權(quán)限組合分類,從而達(dá)到去冗余的目的。此方法簡單高效,有一定的實(shí)際應(yīng)用價值。(2)采用加權(quán)相似算法,對未知Android應(yīng)用做風(fēng)險評估。在傳統(tǒng)的Android應(yīng)用安全檢測基礎(chǔ)之上,提出加權(quán)相似算法,通過靜態(tài)特征庫對比,針對有潛在風(fēng)險的應(yīng)用程序,給用戶提供安全提示。此方法相比較其他檢測方法而言,從源代碼角度出發(fā),無需實(shí)際運(yùn)行Android應(yīng)用程序,檢測時間較短,占用系統(tǒng)資源較少,成本低,可實(shí)際應(yīng)用于Android應(yīng)用風(fēng)險評估。論文在收集了大量真實(shí)的正常軟件和惡意軟件樣本的基礎(chǔ)上進(jìn)行實(shí)驗(yàn),實(shí)驗(yàn)結(jié)果表明所設(shè)計(jì)的系統(tǒng)能夠?qū)π律鲜械腁ndroid應(yīng)用進(jìn)行風(fēng)險評估,系統(tǒng)穩(wěn)定,功能完善,滿足系統(tǒng)需求,達(dá)到了較好的效果。總的來說,本論文的研究結(jié)果對Android應(yīng)用安全相關(guān)研究有著重要的參考價值。
[Abstract]:With the popularity of smart phones and the rapid development of Android, malicious software, viruses and other security incidents against Android are becoming more and more frequent. More and more malware ads are disguised as regular mobile phone software downloaded and installed from third-party platforms and then remotely controlled to steal users' privacy and even maliciously withhold fees. However, most of the existing malware detection methods for Android applications are based on behavior. Before malware is exposed, many programs have caused losses to users and can not meet the needs of users. It is necessary to study the static risk assessment of Android application. This paper mainly studies the risk assessment of Android application through static analysis technology. Based on the knowledge of Android application structure and security mechanism, this paper analyzes and compares the related technologies of malware detection in Android platform, and then puts forward a static analysis method based on Android, which is based on the source code. This paper analyzes the files of Android application after decompilation, and extracts the permission characteristics to evaluate the possible malicious behavior in Android software effectively. The main work of this paper is as follows: (1) A method of privilege feature extraction based on malware classification is proposed, which combines privilege combination with machine learning classification to remove redundancy. Based on the method of malware classification, ten kinds of privilege characteristic attributes which can effectively distinguish malware from normal software are extracted. According to their correlation, they are classified by combination of permissions, so as to achieve the purpose of eliminating redundancy. This method is simple and efficient, and has some practical application value. (2) using weighted similarity algorithm, the risk assessment of unknown Android applications is made. On the basis of traditional Android application security detection, a weighted similarity algorithm is proposed. Through static feature library comparison, the users are given security hints for potentially risky applications. Compared with other detection methods, this method can be applied to the risk assessment of Android applications because of its short detection time, less system resources and low cost, and no need to actually run Android application program from the point of view of source code. On the basis of collecting a large number of samples of real normal software and malware, the experiment results show that the designed system can evaluate the risk of the newly listed Android applications, and the system is stable, functional perfect, and meets the needs of the system. Good results have been achieved. In general, the results of this paper have important reference value for the research of Android application security.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2015
【分類號】：TP316;TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 崔文明;余正州;任偉;;Android平臺下應(yīng)用程序流量控制技術(shù)及其系統(tǒng)實(shí)現(xiàn)[J];信息網(wǎng)絡(luò)安全;2013年08期

相關(guān)碩士學(xué)位論文 前2條

1 劉磊;Android安全體系的分析[D];廣東工業(yè)大學(xué);2013年

2 李根;Android系統(tǒng)惡意代碼檢測技術(shù)研究[D];哈爾濱工業(yè)大學(xué);2014年

，

本文編號：2245462