[1]秦中元,徐毓青,梁彪,等.一种Android平台恶意软件静态检测方法[J].东南大学学报(自然科学版),2013,43(6):1162-1167.[doi:10.3969/j.issn.1001-0505.2013.06.006]
 Qin Zhongyuan,Xu Yuqing,Liang Biao,et al.An Android malware static detection method[J].Journal of Southeast University (Natural Science Edition),2013,43(6):1162-1167.[doi:10.3969/j.issn.1001-0505.2013.06.006]
点击复制

一种Android平台恶意软件静态检测方法()
分享到:

《东南大学学报(自然科学版)》[ISSN:1001-0505/CN:32-1178/N]

卷:
43
期数:
2013年第6期
页码:
1162-1167
栏目:
计算机科学与工程
出版日期:
2013-11-20

文章信息/Info

Title:
An Android malware static detection method
作者:
秦中元12徐毓青1梁彪3张群芳4黄杰1
1东南大学信息安全研究中心, 南京 210096; 2信息网络安全公安部重点实验室, 上海 201204; 3 南京三宝科技股份有限公司, 南京 210049; 4南京炮兵学院计算机教研室, 南京 211132
Author(s):
Qin Zhongyuan12 Xu Yuqing1 Liang Biao3 Zhang Qunfang4 Huang Jie1
1Information Security Research Center, Southeast University, Nanjing 210096, China
2Key Laboratory of Information Network Security of Ministry of Public Security, Shanghai 201204, China
3Nanjing Sample Technology Co., Ltd, Nanjing 210049, China
4Computer Department, Nanjing Institute of Artillery Corps, Nanjing 211132, China
关键词:
安卓 恶意软件 静态检测 权限 行为分析
Keywords:
Android malware static detection permission behavior analysis
分类号:
TP309
DOI:
10.3969/j.issn.1001-0505.2013.06.006
摘要:
为了有效地检测Android平台的恶意软件,提出一种基于危险权限和行为分析的静态综合检测方法.对已检测过的应用程序包(APK),提取消息摘要的MD5值作为签名用来进行快速匹配和判定;未检测过的APK根据权限和行为分析来判定,首先通过检测是否申请危险权限进行预判,然后进行污点传播和语义分析,以检测出APK中是否存在隐私窃取和恶意扣费行为.与杀毒软件只能检测出已知的恶意软件不同,本系统不依赖于病毒库的收集和更新,可对已知恶意软件变种和未知恶意软件进行有效检测.实验中成功检测出了隐私窃取与恶意扣费的恶意行为,证明了本系统的有效性.
Abstract:
In order to efficiently detect malicious software on Android, an integrated static detection method is proposed based on dangerous permissions and behavior analyses. For the application package(APK)which has been detected before, its MD5 value is extracted as the signature for fast match and decision. For those which have not been detected, permission and behavior analyses are used to detect whether it is malware or not. First, a pre-decision is made according to whether dangerous permissions are applied. Secondly, taint propagation and semantic analyses are conducted to detect the behavior of stealing private information and financial over-charge in APK. The proposed system does not depend on the collection and update of the virus database and can efficiently detect the variants of known and unknown malware, which is different from the anti-virus software that can only detect known malware. The experimental results show that malwares with privacy stealing and malicious extra charges are successfully detected, which proves the effectiveness of the system.

参考文献/References:

[1] IDC. Android marks fourth anniversary since launch with 75.0% market share in third quarter, according to IDC [EB/OL].(2012-11-01)[2013-01-02]. http://www.idc.com/getdoc.jsp?containerId=prUS23771812.
[2] Enck W, Ongtang M, McDaniel P. On lightweight mobile phone application certification[C]//Proceedings of the 16th ACM Conference on Computer and Communications Security. Chicago, IL, USA, 2009:235-245.
[3] Zhou Yajin, Wang Zhi, Zhou Wu, et al. Hey, you, get off of my market: detecting malicious apps in official and alternative Android markets[C]//Proc of the 19th Annual Network and Distributed System Security Symposium. San Diego, CA, USA: 2012:1-13.
[4] Zhou Wu, Zhou Yajin, Jiang Xuxian, et al. Detecting repackaged smartphone applications in third-party Android marketplaces[C]//Proceedings of the Second ACM Conference on Data and Application Security and Privacy. San Antonio, TX, USA, 2012: 317-326.
[5] Schmidt A-D, Bye R, Schmidt H-G, et al. Static analysis of executables for collaborative malware detection on Android[C]//2009 IEEE International Conference on Communications. Dresden, Germany, 2009:1-5.
[6] Shabtai A, Elovici Y. Applying behavioral detection on Android-based devices[C]//3rd International Conference on Mobile Wireless Middleware, Operating Systems, and Applications. Chicago, IL, USA, 2010:235-249.
[7] Shabtai A, Kanonov U, Elovici Y, et al. “Andromaly”: a behavioral malware detection framework for android devices[J]. Journal of Intelligent Information Systems, 2012, 38(1):161-190.
[8] Zhao Min, Ge Fangbin, Zhang Tao, et al. AntiMalDroid: an efficient SVM-based malware detection framework for android[C]//2nd International Conference on Information Computing and Applications. Qinhuangdao, China, 2011:158-166.
[9] 工业和信息化部. 移动互联网恶意代码描述规范[EB/OL].(2011-05-14)[2013-01-02]. http://wenku.baidu.com/view/2978e18ccc22bcd126ff0c90.html.
[10] 孔德光,郑烇,帅建梅,等.基于污点分析的源代码脆弱性检测技术[J].小型微型计算机系统,2009,30(1):78-82.
  Kong Deguang, Zheng Quan, Shuai Jianmei, et al. Source code vulnerability detection technology based on taint analysis[J]. Journal of Chinese Computer Systems, 2009, 30(1):78-82.(in Chinese)

备注/Memo

备注/Memo:
作者简介: 秦中元(1974—), 男,博士, 副教授,zyqin@seu.edu.cn.
基金项目: 国家高技术研究发展计划(863计划)资助项目(2013AA014001)、国家发改委信息安全专项资助项目、信息网络安全公安部重点实验室开放课题资助项目(C13611).
引文格式: 秦中元,徐毓青,梁彪,等.一种Android平台恶意软件静态检测方法[J].东南大学学报:自然科学版,2013,43(6):1162-1167. [doi:10.3969/j.issn.1001-0505.2013.06.006]
更新日期/Last Update: 2013-11-20