使用敏感路径识别方法分析安卓应用安全性
CSTR:
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

基金项目:

国家重点基础研究发展计划(973)(2014CB340702);国家自然科学基金(61272080,91418202,61403187)


Security Analysis for Android Applications Using Sensitive Path Identification
Author:
Affiliation:

Fund Project:

National Basic Research Program of China (973) (2014CB340702); National Natural Science Foundation of China (61272080, 91418202, 61403187)

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    安卓系统在手机端操作系统中长期占据主导地位,但由于安卓系统开放共享的特性和不够严谨的第三方市场审核机制,安卓平台受到众多恶意应用的侵扰.结合静态程序分析和机器学习方法,提出了基于敏感路径识别的安卓应用安全性分析方法.首先,针对恶意应用中存在的恶意行为以及触发条件,定义了敏感路径;其次,针对安卓应用中存在大量组件间函数调用关系问题,提出了一种生成应用组件间函数调用关系图的方法;再次,由于提取出的敏感路径信息无法直接作为识别特征,实现了一种基于敏感路径信息抽象的特征提取方法;最后,从Google Play、豌豆荚、Drebin等来源收集了493个应用APK文件作为实验数据集,该方法的准确率为97.97%,高于基于API-Feature的检测方法(90.47%).此外,在恶意应用和良性应用检测的精度、召回率、F度量等方面,该方法均优于API-Feature方法.另外,实验结果表明:APK文件大小会影响实验的结果,尤其体现在分析时间上(0~4MB大小的APK平均分析用时89s;文件增大后,平均分析用时增长明显).

    Abstract:

    Android system dominates the mobile operating systems at present. Compared with iOS system, Android system is more open and has lots of third-party markets with loose audit mechanism. Therefore, there are more malwares in Android platform. In this paper, an Android security analysis based on sensitive path identification, which includes the static analysis and machine learning methods, is presented. Firstly, since malicious behaviors in malwares have their trigger conditions, the definition of sensitive path is provided. Secondly, a method is proposed to generate the inter-component call graph based on APK files base in the fact that there are a lot of inter-component call relations in Android applications. Thirdly, since the sensitive paths cannot be directly used as features, a method is designed to abstract the sensitive paths. Finally, 493 applications APK files are collected from Android markets and the existing data sets, such as Google Play, Wandoujia and Drebin, to construct a benchmark. Experiments indicate that the proposed method has higher accuracy (97.97%) than the method based on API-feature (90.47%), and its precision, recall and F-measure are also better than API-feature method. Furthermore, the scale of the APK file has influence to the experiment results, especially in analyzing time (when the APK files are within 0-4MB, the average analyzing time is 89 seconds; and when the files become larger, the time increases significantly).

    参考文献
    相似文献
    引证文献
引用本文

缪小川,汪睿,许蕾,张卫丰,徐宝文.使用敏感路径识别方法分析安卓应用安全性.软件学报,2017,28(9):2248-2263

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2016-07-13
  • 最后修改日期:2016-11-10
  • 录用日期:
  • 在线发布日期: 2017-09-02
  • 出版日期:
文章二维码
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号