CAJ | 학술논문

为了有效地检测 Android 平台的恶意软件，提出一种基于危险权限和行为分析的静态综合检测方法。对已检测过的应用程序包（APK），提取消息的 MD5值作为签名用来进行快速匹配和判定；未检测过的 APK 根据权限和行为分析来判定，首先通过检测是否申请危险权限进行预判，然后进行污点传播和语义分析，以检测出 APK 中是否存在隐私窃取和恶意扣费行为。与杀毒软件只能检测出已知的恶意软件不同，本系统不依赖于病毒库的收集和更新，可对已知恶意软件变种和未知恶意软件进行有效检测。实验中成功检测出了隐私窃取与恶意扣费的恶意行为，证明了本系统的有效性。
위료유효지검측 Android 평태적악의연건，제출일충기우위험권한화행위분석적정태종합검측방법。대이검측과적응용정서포（APK），제취소식적 MD5치작위첨명용래진행쾌속필배화판정；미검측과적 APK 근거권한화행위분석래판정，수선통과검측시부신청위험권한진행예판，연후진행오점전파화어의분석，이검측출 APK 중시부존재은사절취화악의구비행위。여살독연건지능검측출이지적악의연건불동，본계통불의뢰우병독고적수집화경신，가대이지악의연건변충화미지악의연건진행유효검측。실험중성공검측출료은사절취여악의구비적악의행위，증명료본계통적유효성。
In order to efficiently detect malicious software on Android,an integrated static detection method is proposed based on dangerous permissions and behavior analyses.For the application pack-age (APK)which has been detected before,its MD5 value is extracted as the signature for fast match and decision.For those which have not been detected,permission and behavior analyses are used to detect whether it is malware or not.First,a pre-decision is made according to whether dan-gerous permissions are applied.Secondly,taint propagation and semantic analyses are conducted to detect the behavior of stealing private information and financial over-charge in APK.The proposed system does not depend on the collection and update of the virus database and can efficiently detect the variants of known and unknown malware,which is different from the anti-virus software that can only detect known malware.The experimental results show that malwares with privacy stealing and malicious extra charges are successfully detected,which proves the effectiveness of the system.