计算机科学 ›› 2017, Vol. 44 ›› Issue (Z11): 317-321.doi: 10.11896/j.issn.1002-137X.2017.11A.067
宁卓,邵达成,陈勇,孙知信
NING Zhuo, SHAO Da-cheng, CHEN Yong and SUN Zhi-xin
摘要: 随着Android软件开发和维护的不断增多,以及恶意软件的抗检测能力逐渐增强,主流的静态检测方法开始面临一些问题:签名检测虽然检测速度快,但是对代码混淆、重打包类的恶意软件的检测能力不强;基于数据流的检测方法虽然精度高,但检测效率低。针对上述技术存在的缺点,提出了一种混合型静态检测系统。该系统改进了多级签名检测方法,通过对method与class签名进行多级匹配,提高了对代码混淆类恶意软件的检测能力。系统还改进了传统数据流分析技术,通过数据流模式挖掘,找出恶意软件频繁使用的数据流模式,省去了人工确认环节,提高了数据流分析的自动化程度与效率。两种技术的结合使得系统在检测精度与效率两方面达到一个合理的折中点。实验结果表明,该系统对于代码混淆和重打包的恶意软件具有较好的检测能力,对主流恶意软件的检测精确度达到88%。
[1] ANALYTICS S.Android shipped 1 billion smartphones worldwide in 2014.http://www.strategyanalytics.com/default.aspx?mod=reportabstractviewer&a0=10539. [2] ENCK W,ONGTANG M,MCDANIEL P.On lightweight mobile phone application certification[C]∥Proc.of the 16th ACM Conf.on Computer and Communications Security (CCS 2009).2009:235-245. [3] LIU X,LIU J Q.A Two-layered Permission-based Android Malware Detection Scheme[C]∥2014 2nd IEEE International Conference on Mobile Cloud Computing,Services,and Engineering.2014:142-148. [4] GUO C K,XU J,LIU L,et al.MalDetector-Using PermissionCombinations to Evaluate Malicious Features of Android App[C]∥Software Engineering and Service Science (ICSESS).2015:157-160 [5] ZHAO Z B,OSONO F C C.Trustdroid:Preventing the use ofsmartphones for information leaking in corporate networks through the used of static analysis taint tracking[C]∥7th International Conference on Malicious and Unwanted Software (MALWARE).2012:135-143 [6] FRITZ C,ARZT S,RASTHOFER S,et al.Highly Precise Taint Analysis for Android Applications[J].Cs.ucdavis.edu,2013,3(2):151-157. [7] KLIEBER W,FLYNN L,BHOSALE A,et al.Android taintflow analysis for app sets [C]∥ACM Sigplan International Workshop on the State of the Art in Java Program Analysis.2014:1-6 [8] QIN Z Y,YANG Z Y,DI Y X,et al.Detecting repackaged android applications [J].Lecture Notes in Electrical Engineering,2014,277:1099-1107. [9] ZHENG M,SUN M S,LIU C S.Droid Analytics:A SignatureBased Analytic System to Collect,Extract,Analyze and Associa-te Android Malware[C]∥ proceedings of the 12th IEEE International Conference on Trust,Security and Privacy in Computing and Communications.Melbourne,VIC,Australia,2013:163-171. [10] ZHOU Y,JIANG X.Dissecting Android Malware:Characterization and Evolutionin [C]∥Proceedings of 33rd IEEE Sympo-sium on Security and Privacy.2012:95-109. |
No related articles found! |
|