Please wait a minute...
浙江大学学报(工学版)
计算机技术、电子通信技术     
基于权限的Android应用程序安全审计方法
李晓东, 祝跃飞, 刘胜利, 肖睿卿
数学工程与先进计算国家重点实验室,河南 郑州 450001
Permission-based Android application security evaluation method
LI Xiao-dong, ZHU Yue-fei, LIU Sheng-li, XIAO Rui-qing
State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China
 全文: PDF(1129 KB)   HTML
摘要:

为了对安卓(Android)恶意应用程序进行检测,对其危险程度进行量化,并满足大批量样本的安全审计需求,提出一种基于权限的Android应用安全审计方法.使用数据挖掘方法分析权限信息,依据支持度和分离度构建评价指标集;基于改进的优序图法确定评价指标权重,建立权重矩阵;依据权重矩阵对安卓应用程序进行评估,通过逻辑回归方法检出恶意应用,并给出量化的评估值.使用抓取自网络的真实样本进行实验,结果表明可以有效检测恶意应用,评估值也能直观地反映应用的危险程度,对恶意应用和正常应用分类的准确度达到92.7%,与现有相关工作相比效率表现更优.

Abstract:
A permission-based application security evaluation method was proposed to detect Android malware and quantify applications security risk for large scale samples. A data mining algorithm was designed to discover permission itemsets as evaluation indices according to their support and divisive value. An improved precedence chart was used to determine the indices weights, which were embedded into an evaluation matrix. Android applications were evaluated based on the evaluation matrix;malwares were detected by logistic regression; security risks were evaluated by a certain value. Experiments with real sample applications show that this method performs high accuracy on malware detection up to 92.7% and lower time cost than current methods.
出版日期: 2017-03-01
CLC:  TP 393  
通讯作者: 祝跃飞,男,教授. ORCID: 0000-0003-0563-083X.     E-mail: zhuyf43@sina.com
作者简介: 李晓东(1990—),男,硕士,从事网络信息安全研究. ORCID: 0000-0003-4956-2699. E-mail: vectorx@126.com
服务  
把本文推荐给朋友
加入引用管理器
E-mail Alert
作者相关文章  

引用本文:

李晓东, 祝跃飞, 刘胜利, 肖睿卿. 基于权限的Android应用程序安全审计方法[J]. 浙江大学学报(工学版), 10.3785/j.issn.1008-973X.2017.03.022.

LI Xiao-dong, ZHU Yue-fei, LIU Sheng-li, XIAO Rui-qing. Permission-based Android application security evaluation method. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 10.3785/j.issn.1008-973X.2017.03.022.

[1] International Data Corporation. Android and iOS Squeeze the Competition [EB/OL]. [2015-09-26]. http:∥www.idc.com/getdoc.jsp?containerId=prUS25450615
[2] Wikipedia contributors. Google Play [EB/OL]. [2015-09-26]. https:∥en.wikipedia.org/w/index.php?title=Google_Play&oldid=687967431.
[3] 360互联网安全中心. 2014年中国手机安全状况报告[EB/OL]. [2015-09-26]. http:∥zt.360.cn/1101061855.php?dtid=1101061451&did=1101205565.
[4] WU D, MAO C, WEI T, et al. Droidmat: Android malware detection through manifest and api calls tracing [C] ∥ Proceedings of the Asia JCIS 2012. Tokyo: IEEE, 2012: 62-69.
[5] BURGUERA I, ZURUTUZA U, NADJM-TEHRANI S. Crowdroid: behavior-based malware detection system for Android [C] ∥ Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. Chicago: ACM, 2011: 15-26.
[6] ENCK W, GILBERT P, HAN S, et al. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones [J]. ACM Transactions on Computer Systems (TOCS), 2014, 32(2): 5.
[7] 杨欢,张玉清,胡予璞,等. 基于多类特征的Android恶意行为监测系统[J]. 计算机学报,2014,1: 15-27.
YANG Huan, ZHANG Yu-qing, HU Yu-pu, et al. A malware behavior detection system of Android application based on multiclass features [J]. Chinese Journal of Computers, 2014, 1: 15-27.
[8] TALHA K, ALPER D, AYDIN C. APK Auditor: Permission-based Android malware detection system [J]. Digital Investigation. 2015,13: 1-14.
[9] Google. The Android manifest.xml file [EB/OL]. [2015-09-28]. https:∥developer.android.com/reference/android/Manifest.permission.html.
[10] FELT A, CHIN E, HANNA S, et al. Android permissions demystified [C] ∥ Proceedings of the 18th ACM Conference on Computer and CommunicationsSecurity. Chicago: ACM, 2011: 627-638.
[11] 符易阳,周丹平. Android安全机制分析 [C] ∥ 第26次全国计算机安全学术交流会论文集. 武夷山:[s. n.], 2011: 23-25.
FU Yi-yang, ZHOU Dan-ping. Android’s security mechanism analysis [C] ∥ Proceedings of the 26th National Conference of Computer Security. Wuyishan:[s. n.], 2011: 23-25.
[12] 文伟平,梅瑞,宁戈,等. Android恶意软件检测技术分析和应用研究 [J]. 通信学报,2014,35(8): 78-85.
WEN Wei-ping, MEI Rui, Ning Ge, et al. Malware detection technology analysis and applied research of android platform [J]. Journal on Communications, 2014, 35(8): 78-85.
[13] HAN J, KAMBER M, PEI J. Data mining concepts and techniques [M]. 3rd ed. Amsterdam: Elsevier,2011.
[14] MOODY P. Decision making: Proven methods for better decisions [M]. New York: McGrawHill Companies, 1983.
[15] 李航. 统计学习方法 [M]. 北京:清华大学出版社,2012.
[16] Google-play-crawler [CP/OL]. [2015-09-28]. https:∥github.com/Akdeniz/google-play-crawler
[17] VirusTotal [EP/OL]. [2015-09-26]. www.virustotal.com.
[18] Androguard Team. Androguard [CP/OL]. [2015-09-28]. https:∥github.com/androguard/androguard.
[19] 王少辉,王超,孙国梓. DroidDefence:细粒度的Android应用权限管理系统 [J]. 四川大学学报:工程科学版,2014, 6: 14-18.
WANG Shao-hui, WANG Chao, SUN Guo-zi. DroidDefence: an extended fine-grained Android application permission management system [J]. Journal of Sichuan University: Engineering Science Edition, 2014, 6: 14-18.
[1] 张伊璇,龚俭. 基于DNS流量的多层多域名检测与测量[J]. 浙江大学学报(工学版), 2020, 54(12): 2423-2429.
[2] 成海秀,李冠霖,张凌. 基于时间槽的可降带宽核心网视频业务动态资源预约算法[J]. 浙江大学学报(工学版), 2020, 54(9): 1746-1752.
[3] 李冬,鲁喻,于俊清. 软件定义网络中源地址验证绑定表安全[J]. 浙江大学学报(工学版), 2020, 54(8): 1543-1549.
[4] 武秋韵,丁伟. 基于动态暗网的互联网扫描行为分析[J]. 浙江大学学报(工学版), 2020, 54(8): 1550-1556.
[5] 齐平,束红. 智慧医疗场景下考虑终端移动性的任务卸载策略[J]. 浙江大学学报(工学版), 2020, 54(6): 1126-1137.
[6] 罗逸涵,程杰仁,唐湘滟,欧明望,王天. 基于自适应阈值的DDoS攻击态势预警模型[J]. 浙江大学学报(工学版), 2020, 54(4): 704-711.
[7] 陈蔚,刘雪娇,夏莹杰. 基于层次分析法的车联网多因素信誉评价模型[J]. 浙江大学学报(工学版), 2020, 54(4): 722-731.
[8] 游录金, 卢兴见, 何高奇. 云环境亚健康研究[J]. 浙江大学学报(工学版), 2017, 51(6): 1181-1189.
[9] 张欣欣, 徐恪, 钟宜峰, 苏辉. 网络服务提供商合作行为的演化博弈分析[J]. 浙江大学学报(工学版), 2017, 51(6): 1214-1224.
[10] 李建丽, 丁丁, 李涛. 基于二次聚类的多目标混合云任务调度算法[J]. 浙江大学学报(工学版), 2017, 51(6): 1233-1241.
[11] 王钰翔, 李晟洁, 王皓, 马钧轶, 王亚沙, 张大庆. 基于Wi-Fi的非接触式行为识别研究综述[J]. 浙江大学学报(工学版), 2017, 51(4): 648-654.
[12] 钱良芳, 张森林, 刘妹琴. 基于预约的数据队列水下无线传感器网络MAC协议[J]. 浙江大学学报(工学版), 2017, 51(4): 691-696.
[13] 黄焱, 王鹏, 谢高辉, 安俊秀. 智能电网下数据中心能耗费用优化综述[J]. 浙江大学学报(工学版), 2016, 50(12): 2386-2399.
[14] 余洋,夏春和,原志超,李忠. 计算机网络协同防御系统信任启动模型[J]. 浙江大学学报(工学版), 2016, 50(9): 1684-1694.
[15] 齐平, 李龙澍, 李学俊. 具有失效恢复机制的云资源调度算法[J]. 浙江大学学报(工学版), 2015, 49(12): 2305-2315.