安卓恶意软件检测研究综述

doi:10.3969/j.issn.1671-1122.2016.10.013

信息网络安全 ›› 2016, Vol. 16 ›› Issue (10): 80-88.doi: 10.3969/j.issn.1671-1122.2016.10.013

• • 上一篇

安卓恶意软件检测研究综述

林佳萍^1,²(), 李晖^1,²

1.西安电子科技大学综合业务网理论及关键技术国家重点实验室,陕西西安 710071
2.西安电子科技大学网络与信息安全学院,陕西西安710071

收稿日期:2016-09-01 出版日期:2016-10-31 发布日期:2020-05-13
作者简介:
作者简介：林佳萍（1991—）,女,山东,硕士研究生,主要研究方向为网络安全、移动安全;李晖（1968—）,男,河南,教授,博士,主要研究方向为密码学、无线网络安全、云计算安全、信息论与编码。

Dalvik字节码语义丰富,包含了类、方法和指令。类信息可以用来验证应用程序的行为。基于控制和数据流的详细分析,具有洞察危险的功能,如隐私泄露和电话服务误用^[11,23]。控制流和数据流的分析有利于重建字节码,去除混淆码^[24],如抵消无效琐碎的转化技术的影响。

为了抵抗PETSAS^[40]提出的静态启发式,安卓模拟器很容易被我们修改。移动设备的标识符,如IMEI和IMSI,在Android模拟器上都可配置。通过查看电话管理服务在Android模拟器的源代码,通过代码分析,可以找到现代设备模拟的地方,作为QEMU^[41]部分实现。因此,IMEI、IMSI以及其他功能可以进行修改,使模拟器类似于一个真实的设备。通过修改建Android模拟器加载的属性,在安卓模拟器源代码的build.prop文件上定义这些属性,应用可以很容易被欺骗。

4）当应用程序调用隐私信息或发送短信拨打电话时,要小心和注意。
基金资助:
国家科学自然基金[61272457]

Review of Android Malware Detection

Jiaping LIN^1,²(), Hui LI^1,²

1. State Key Laboratory of Integrated Service Networks, Xidian University, Xi’an Shaanxi 710071, China;
2. School of Cyber Engineering, Xidian University, Xi’an Shaanxi 710071, China;

Received:2016-09-01 Online:2016-10-31 Published:2020-05-13

摘要/Abstract

摘要：

随着无线通信技术的发展,智能手机已经成为人们身边必不可少的移动设备,与人们的信息交流与娱乐生活息息相关,但是手机上安装的软件可能会给用户带来潜在的危险。目前,80%以上的智能手机采用的是安卓操作系统,然而安卓恶意软件数量呈现爆炸式增长,各种恶意行为层出不穷,对用户的安全构成了极大的威胁。智能手机上用户的隐私泄露和财产安全问题亟待解决,因此对安卓系统上的恶意软件进行有效准确的检测具有非常重要的意义。文章调查了安卓恶意软件的现状和危害,介绍了恶意软件的分类和特征,分析了恶意软件的权限和行为,总结了恶意软件的渗透和隐身技术,然后提供了恶意软件检测可采用的工具,研究了目前的检测方法,分析了现在的挑战和提出了应对方法,比较了几种机器学习的恶意软件分类方法,最后对未来恶意软件的检测方向进行了展望,对减轻恶意软件的危害提出了建议。

关键词: 安卓, 恶意软件, 检测方法

Abstract:

Smart phones are becoming increasingly popular in daily routines around the world. However, malware in smart phones is getting more prevalent, and will introduce potential risks to smart phone users. Nowadays, eighty percent of smart phones adopt the Android operating system. However, the number of Android malware is rapidly increasing, and there are various kinds of malicious behaviors. Android malware has been a great threat to the security of the mobile users. In this paper, we investigate the harms of the Android malware. We first introduce the classification and features of malware and analyze the permission and behavior of malware. Then we introduce the malware detection tools and summarize the malware penetration and the stealth techniques. Furthermore, we analyze malware detection methods in prior works. Finally, we propose the detection direction in the future and give some advice to reduce the harm of malware.

Key words: Android, malware, detection

中图分类号:

TP309

林佳萍, 李晖. 安卓恶意软件检测研究综述[J]. 信息网络安全, 2016, 16(10): 80-88.

Jiaping LIN, Hui LI. Review of Android Malware Detection[J]. Netinfo Security, 2016, 16(10): 80-88.

图/表 4

参考文献 55

[1]	安卓ROM基地. 如何整治手机恶意软件?安卓清理大师有妙招[EB/OL]. .
[2]	汐元. 可怕:安卓平台每天诞生近5000款恶意程序[EB/OL]. .
[3]	网易科技报道. 每5个安卓应用有1个恶意软件[EB/OL]. .
[4]	Symantec. AndroidOS.Fakeplayer[EB/OL]. https://www.symantec.com/security_response/writeup.jsp?docid=2010-081100-1646-99, 2016-8-1.
[5]	CASTILLO C. A. Android malware past, present,future[EB/OL]. .
[6]	Spitm, Zitmo. Banking Trojans Target Android[EB/OL]. https://blogs.mcafee.com/mcafee-labs/spitmo-vs-zitmo-banking-trojans-target-android, 2016-8-1.
[7]	百度百科. Ginger Break [EB/OL]. .
[8]	ZHOU Y, JIANG X.Dissecting Android Malware: Characteriza-tion and Evolution[C] // IEEE. IEEE Symposium on Security and Privacy, May 20-23, 2012, San Francisco Bay Area, California, USA. New Jersey: IEEE, 2012 : 95-109.
[9]	Backdoor. AndroidOS. Obad.a [EB/OL]. .
[10]	天极新闻. 如何整治手机恶意软件?安卓清理大师有妙招 [EB/OL]. .
[11]	ZHOU W, ZHOU Y, JIANG X, et al.Detecting Repackaged Smartphone Applications in Third-party Android Marketplaces[C] // ACM. Second ACM Conference on Data and Application Secu-rity and Privacy. Feberary 7-9, 2012. San Antonio, TX, USA. New York: ACM, 2012: 317-326.
[12]	Intel Security. ‘Android/NotCompatible’ Looks Like Piece of PC Botnet [EB/OL]. https://blogs.mcafee.com/mcafee-labs /androidnotcompatible-looks-like-piece-of-pc-botnet/, 2016-8-1.
[13]	CSDN. Androguard的使用方法[EB/OL]. .
[14]	CSDN. APKTOOL的使用心得 [EB/OL]. .
[15]	开源中国社区. dex2jar [EB/OL]. .
[16]	Linux中国. TaintDroid项目笔记 [EB/OL]. https://linux.cn/ article-2361-1.html, 2016-8-1.
[17]	IDREES F, RAJARAJAN M.Investigating the Android Intents and Permissions for Malware Detection[C] // IEEE. IEEE 10th International Conference on Wireless and Mobile Computing, October 8-10, 2014, WiMob, Larnaca, Cyprus, New Jersey: IEEE, 2014: 354-358.
[18]	LIANG S, DU X.Permission-Combination-based Scheme for Android Mobile Malware Detection[C] // IEEE. IEEE Interna-tional Conference on Communications (ICC), June 10-14, 2014, Sydney, Australia, New Jersey: IEEE, 2014 : 2301-2306.
[19]	FENG Y, ANAND S, DILLIG I, et al.Apposcopy: Seman-tics-Based Detection of Android Malware through Static Analysis[C] // ACM. Proceedings of the 22nd ACM SIGSOFT Interna-tional Symposium on Foundations of Software Engineering.(FSE-22). November 16-22, 2014. Hong Kong, China. New York: ACM, 2014: 576-587.
[20]	CHIN E, FELT A P, GREENWOOD K, et al.Analyzing In-ter-application communication in Android[C] // ACM. Proceed-ings of the 9th International Conference on Mobile Systems, Ap-plications, and Services. June 28-July 01, 2011. Bethesda, MD, USA. New York: ACM, 2011: 239-252.
[21]	FUCHS A P, CHAUDHURI A, FOSTER J S. SCanDroid: Auto-mated Security Certification of Android Applications[EB/OL]. .
[22]	LU L, LI Z, WU Z, et al.CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities[C] // ACM. the ACM Conference on Computer and Communications Security, October 16-18, 2012, Raleigh, NC, USA. New York: ACM, 2012 : 229-240.
[23]	MICHAEL G, ZHOU Y, ZHANG Q, et al.Riskranker: Scalable and Accurate Zero-day Android Malware Detection[C] // ACM. The 10th International Conference on Mobile Systems, Applica-tions and Services, June 25-29, 2014, Ambleside, United Kingdom. New York: ACM, 2012: 281-294.
[24]	KARLSEN H S, WOGNSEN E R, OLESEN M C, Hansen RR. Study, Formalisation, Analysis of Dalvik Bytecode[EB/OL]. .
[25]	PROTSENKO M, MULLER T. Android Malware Detection Based on Software Complexity Metrics[EB/OL]. .
[26]	SEDANO J, CHIRA C, GONZALEZ S, et al. On the Selection of Key Features for Android Malware Characterization [EB/OL]. .
[27]	SHABTAI A, KANONOV U, ELOVICI Y, et al.Andromaly: A Behavioral Malware Detection Framework for Android Devices[J]. Journal of Intelligent Information Systems, 2012, 38(1): 161-190.
[28]	REINA A, FATTORI A, CAVALLARO L. A System Call-Centric Analysis and Stimulation Technique to Automatically Reconstruct Android Malware Behaviors [EB/OL]. .
[29]	DAMOPOULOS D, KAMBOURAKIS G, PORTOKALIDIS G.The Best of Both Worlds: A Framework for the Synergistic Ope-ration of Host and Cloud Anomaly-based IDS for Smartphones[C]// ACM. Proceedings of the Seventh European Workshop on Sys-tem Security, April 13, 2014, Amsterdam, The Netherlands. New York: ACM, 2014: 61-66.
[30]	YAN L K, YIN H. DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis [EB/OL]. https://www.usenix.org/conference/usenix se-curity12/technical-sessions/presentation/yan, 2016-8-1.
[31]	BURGUERA I, ZURUTUZA U, NADJM-TEHRANI S.Crowdroid: Behavior-Based Malware Detection System for An-droid[C]// ACM. Proceedings of the 1st ACM Workshop Securi-ty and Privacy in Smartphones and Mobile Devices, Co-located with CCS 2011, October 17, 2011, Chicago, USA. New York: ACM, 2011: 15-26.
[32]	ENCK W, GILBERT P, HAN S, et al.TaintDroid: An Informa-tion-Flow Tracking System for Realtime Privacy Monitoring on Smartphones[J]. ACM Transactions on Computer Systems (TOCS), 2014( 5):1-5.
[33]	LI S, CHEN J, SPYRIDOPOULOS T, et al. Real-Time Monito-ring of Privacy Abuses and Intrusion Detection in Android Sys-tem[EB/OL]..
[34]	WANG D, DAI S, DING Y, et al.POSTER: AdHoneyDroid-Capture Malicious Android Advertisements[C]// ACM. Procee-dings of ACM Conference on Computer and Communications Security, 2014, Scottsdale, Arizona, USA. New York: ACM, 2014 : 1514-1516.
[35]	ANDRIATSIMANDEFITRA R, TONG V V T. Capturing An-droid Malware Behaviour Using System Flow Graph[EB/OL]. .
[36]	MAIER D, MULLER T, PROTSENKO M.Divide-and-Conquer: Why Android Malware Cannot Be Stopped[C] // IEEE,the Ninth International Conference on Availability, Reliability and Securi-ty(ARES), September 8-12, 2014, Fribourg, Switzerland. New Jersey: IEEE, 2014 : 30-39.
[37]	ZHAO S, LI X, XU G, et al.Attack Tree Based Android Malware Detection with Hybrid Analysis[C]// IEEE. The 13th IEEE In-ternational Conference on Trust, Security and Privacy in Compu-ting and Communications(TrustCom), September 24-26, 2014, Beijing, China. New Jersey: IEEE, 2014: 380-387.
[38]	SPREITZENBARTH M, SCHRECK T, ECHTLER F, et al.Mo-bile-Sandbox: Combining Static and Dynamic Analysis with Ma-chine-learning Techniques[J]. International Journal of Information Security, 2015, 14(2): 141-153.
[39]	LOCKHEIMER H. Android and Security [EB/OL]. .
[40]	PETSAS T, VOYATZIS G, ATHANASOPOULOS E, et al.Rage Against the Virtual Machine: Hindering Dynamic Analysis of An-droid Malware[C]// ACM. Proceedings of the Seventh European Workshop on System Security(EuroSec), April 13, 2014, Amster-dam, The Netherlands. New York: ACM, 2014: 51-56.
[41]	CodePainters. Android: IMEI Number and the Emulator [EB/OL]. https://codepainters.wordpress.com/2009/12/11/android-imei-number-and-the-emulator/, 2016-8-1.
[42]	Google. Sensor Simulaor[EB/OL] .
[43]	GOMEZ L, NEAMTIU I, AZIM T, et al.RERAN: Timing- and Touch-Sensitive Record and Replay for Android[C]// IEEE. 35th International Conference on Software Engineering (ICSE), May 18-26, 2013, San Francisco, CA, USA. New Jersey: IEEE, 2013: 72-81.
[44]	ARM. Virtualization Extensions [EB/OL]. .
[45]	MAIORCA D, ARIU D, CORONA I, et al.Stealth Attacks: An Extended Insight into the Obfuscation Effects on Android Malwa-re[J]. Computers & Security, 2015(51): 16-31.
[46]	LIU X, LIU J.A Two-layered Permission-based Android Malware Detection Scheme[C]// IEEE. 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering, Mobile-Cloud, April 8-11, 2014, Oxford, United Kingdom. New Jersey: IEEE, 2014: 142-148.
[47]	WEKA, The University of Waikato. Weka 3: Data Mining Sof-tware in Java [EB/OL]. .
[48]	YU W, GE L, XU G, et al. Towards Neural Network Based Mal-ware Detection on Android Mobile Devices[EB/OL]. .
[49]	PEHLIVAN U, BALTACI N, ACARTURK C, et al.The Analysis of Feature Selection Methods and Classification Algorithms in Permission Based Android Malware Detection[C]// IEEE. IEEE Symposium on Computational Intelligence in Cyber Security (CICS), December 9-12, 2014, Orlando, FL, USA. New Jersey: IEEE, 2014 : 81-88.
[50]	SHEEN S, ANITHA R, NATARAJAN V.Android Based Mal-ware Detection Using a Multifeature Collaborative Decision Fusion Approach[J]. Neurocomputing, 2015( 151): 905-912.
[51]	YERIMA S Y, SEZER S, MUTTIK I.Android Malware Detection Using Parallel Machine Learning Classifiers[C]// IEEE. Eighth International Conference on Next Generation Mobile Apps, Ser-vices and Technologies, September 10-12, 2014, University of Oxford, UK. New Jersey: IEEE, 2014: 37-42.
[52]	ANDOOR J T. A Filtering Based Android Malware Detection System for Google PlayStore [EB/OL]. .
[53]	CEN L, GATES C S, SI L, et al.A Probabilistic Discriminative Model for Android Malware Detection with Decompiled Source Code[J]. IEEE Transactions on Dependable and Secure Compu-ting, 2015, 12(4): 400-412.
[54]	AFONSO V M, de Amorim M F, Gregio A R A, et al. Identifying Android Malware Using Dynamically Obtained Features[J]. Journal of Computer Virology and Hacking Techniques, 2015, 11(1): 9-17.
[55]	AAFER Y, DU W, YIN H. DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android[EB/OL]. .

安卓恶意软件检测研究综述

Review of Android Malware Detection

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 55

相关文章 15

编辑推荐

Metrics

本文评价

[1]	侯留洋, 罗森林, 潘丽敏, 张笈. 融合多特征的Android恶意软件检测方法[J]. 信息网络安全, 2020, 20(1): 67-74.
[2]	宋鑫, 赵楷, 张琳琳, 方文波. 基于随机森林的Android恶意软件检测方法研究[J]. 信息网络安全, 2019, 19(9): 1-5.
[3]	冯胥睿瑞, 刘嘉勇, 程芃森. 基于特征提取的恶意软件行为及能力分析方法研究[J]. 信息网络安全, 2019, 19(12): 72-78.
[4]	张健, 陈博翰, 宫良一, 顾兆军. 基于图像分析的恶意软件检测技术研究[J]. 信息网络安全, 2019, 19(10): 24-31.
[5]	秦中元, 张峻瑞, 张群芳, 宋志勇. 基于Inject和Hook的安卓终端管控技术[J]. 信息网络安全, 2018, 18(9): 66-73.
[6]	张健, 王文旭, 牛鹏飞, 顾兆军. 恶意软件防治产品与服务评测体系研究[J]. 信息网络安全, 2016, 16(9): 113-117.
[7]	雷青, 荆丽桦, 赵德明, 郑继龙. 基于深度学习的安卓APP视频枪支检测技术研究[J]. 信息网络安全, 2016, 16(9): 149-153.
[8]	丁庸, 曹伟, 罗森林. 基于LKM系统调用劫持的恶意软件行为监控技术研究[J]. 信息网络安全, 2016, 16(4): 1-8.
[9]	张涛, 裴蓓, 文伟平, 陈钟. 一种安卓平台下提权攻击检测系统的设计与实现[J]. 信息网络安全, 2016, 16(2): 15-21.
[10]	郑生军, 郭龙华, 陈建, 南淑君. 基于虚拟执行技术的高级恶意软件攻击在线检测系统[J]. 信息网络安全, 2016, 16(1): 29-33.
[11]	黄世锋, 郭亚军, 崔建群, 曾庆江. 基于优化模糊C均值的手机恶意软件检测[J]. 信息网络安全, 2016, 16(1): 45-50.
[12]	树雅倩, 付安民, 黄振涛. 基于云平台的移动支付类恶意软件检测系统的设计与实现[J]. 信息网络安全, 2016, 16(1): 59-63.
[13]	尚进, 谢军, 蒋东毅, 陈怀临. 现代网络安全架构异常行为分析模型研究[J]. 信息网络安全, 2015, 15(9): 15-19.
[14]	李汶洋. Android操作系统恶意软件检测技术研究[J]. 信息网络安全, 2015, 15(9): 62-65.
[15]	杨刚, 温涛, 张玉清. Android漏洞库的设计与实现[J]. 信息网络安全, 2015, 15(9): 240-244.