东南大学学报(自然科学版)
東南大學學報(自然科學版)
동남대학학보(자연과학판)
JOURNAL OF SOUTHEAST UNIVERSITY
2013年
6期
1162-1167
,共6页
秦中元%徐毓青%梁彪%张群芳%黄杰
秦中元%徐毓青%樑彪%張群芳%黃傑
진중원%서육청%량표%장군방%황걸
安卓%恶意软件%静态检测%权限%行为分析
安卓%噁意軟件%靜態檢測%權限%行為分析
안탁%악의연건%정태검측%권한%행위분석
Android%malware%static detection%permission%behavior analysis
为了有效地检测 Android 平台的恶意软件,提出一种基于危险权限和行为分析的静态综合检测方法。对已检测过的应用程序包(APK),提取消息的 MD5值作为签名用来进行快速匹配和判定;未检测过的 APK 根据权限和行为分析来判定,首先通过检测是否申请危险权限进行预判,然后进行污点传播和语义分析,以检测出 APK 中是否存在隐私窃取和恶意扣费行为。与杀毒软件只能检测出已知的恶意软件不同,本系统不依赖于病毒库的收集和更新,可对已知恶意软件变种和未知恶意软件进行有效检测。实验中成功检测出了隐私窃取与恶意扣费的恶意行为,证明了本系统的有效性。
為瞭有效地檢測 Android 平檯的噁意軟件,提齣一種基于危險權限和行為分析的靜態綜閤檢測方法。對已檢測過的應用程序包(APK),提取消息的 MD5值作為籤名用來進行快速匹配和判定;未檢測過的 APK 根據權限和行為分析來判定,首先通過檢測是否申請危險權限進行預判,然後進行汙點傳播和語義分析,以檢測齣 APK 中是否存在隱私竊取和噁意釦費行為。與殺毒軟件隻能檢測齣已知的噁意軟件不同,本繫統不依賴于病毒庫的收集和更新,可對已知噁意軟件變種和未知噁意軟件進行有效檢測。實驗中成功檢測齣瞭隱私竊取與噁意釦費的噁意行為,證明瞭本繫統的有效性。
위료유효지검측 Android 평태적악의연건,제출일충기우위험권한화행위분석적정태종합검측방법。대이검측과적응용정서포(APK),제취소식적 MD5치작위첨명용래진행쾌속필배화판정;미검측과적 APK 근거권한화행위분석래판정,수선통과검측시부신청위험권한진행예판,연후진행오점전파화어의분석,이검측출 APK 중시부존재은사절취화악의구비행위。여살독연건지능검측출이지적악의연건불동,본계통불의뢰우병독고적수집화경신,가대이지악의연건변충화미지악의연건진행유효검측。실험중성공검측출료은사절취여악의구비적악의행위,증명료본계통적유효성。
In order to efficiently detect malicious software on Android,an integrated static detection method is proposed based on dangerous permissions and behavior analyses.For the application pack-age (APK)which has been detected before,its MD5 value is extracted as the signature for fast match and decision.For those which have not been detected,permission and behavior analyses are used to detect whether it is malware or not.First,a pre-decision is made according to whether dan-gerous permissions are applied.Secondly,taint propagation and semantic analyses are conducted to detect the behavior of stealing private information and financial over-charge in APK.The proposed system does not depend on the collection and update of the virus database and can efficiently detect the variants of known and unknown malware,which is different from the anti-virus software that can only detect known malware.The experimental results show that malwares with privacy stealing and malicious extra charges are successfully detected,which proves the effectiveness of the system.