基于签名查验的移动终端应用软件合法性判别技术

doi:10.3969/j.issn.1671-1122.2019.11.008

摘要/Abstract

摘要：

随着移动终端设备的不断普及,越来越多的用户选择安装第三方应用软件以满足自己不同的需求。由于缺乏对应用软件合法性的辨别能力,大多数用户在不经意间安装了非法应用软件。非法应用软件通过修改合法应用软件的源码并在其中植入恶意代码后重新打包生成。修改他人应用软件的行为侵犯了原软件开发者的合法权益,同时其中包含的恶意代码会获取用户的信息,导致用户的隐私受到侵犯、财产受到损失。非法应用软件已经严重威胁到移动终端设备的安全。文章提出一种基于签名查验的判别技术,通过采集合法应用软件数字证书中的特征参数建立白名单库,将待测应用软件数字证书中对应的特征参数与白名单库中的数据进行比对,从而判定其合法性。实验结果表明,该技术检测速度快、准确率高,具有很强的实用性。

关键词: 移动终端应用软件, 合法性判别, 数字证书, 白名单

Abstract:

With the increasing popularity of mobile terminal devices, more and more users choose to install third-party application software to meet their different needs. Due to the lack of ability to discriminate against the legality of applications, most users have inadvertently installed illegal applications. Illegal application software is repackaged by modifying the source code of the legitimate application software and embedding malicious code in it. The modification of other people’s application software infringes the legitimate rights and interests of the original software developer, and the malicious code contained therein will obtain the user’s information, resulting in the user’s privacy violation and property loss. The illegal application software has seriously threatened the security of the mobile terminal device. This paper proposes a discriminant technology based on signature verification. The whitelist database is built by collecting the characteristic parameters in the digital certificate of the legal application software, and then the corresponding feature parameters in the digital certificate of the application software to be tested are compared with the data in the whitelist database to determine its legality. The experimental results show that the technology has high detection speed, high accuracy and strong practicability.

Key words: mobile terminal application software, legality discrimination, digital certificate, whitelist

中图分类号:

TP309

李涛, 时俊贤, 胡爱群. 基于签名查验的移动终端应用软件合法性判别技术[J]. 信息网络安全, 2019, 19(11): 56-62.

Tao LI, Junxian SHI, Aiqun HU. Signature Verification Based Legality Discrimination Technology for Mobile Terminal APPs[J]. Netinfo Security, 2019, 19(11): 56-62.

图/表 12

图1

图2

图3

图4

图5

图6

图7

表1

表2

表3

表4

表5

参考文献 13

[1]	WU Wenhuan.Studying of the Signature Authentication Mechanism in Android[J]. Computer Engineering & Software, 2014, 35(2): 109-110.
	吴文焕. Android应用程序数字签名机制研究[J].软件,2014,35(2):109-110.
[2]	WANG Wenchong, LING Jie.Android Malware Detection Approach Based on fuzzy Hash[J]. Computer Engineering and Applications, 2018, 54(18): 133-138.
	王文冲,凌捷.一种基于模糊哈希的Android变种恶意软件检测方法[J].计算机工程与应用,2018,54(18):133-138.
[3]	YANG Hongshen, ZHAO Zongqu, WANG Junfeng.Malware Detection Technologies Based on Software Intermediate Code[J]. Journal of Sichuan University(Natural Science Edition), 2013, 50(6): 1216-1222.
	杨洪深,赵宗渠,王俊峰.基于中间代码的恶意软件检测技术研究[J].四川大学学报(自然科学版),2013,50(6):1216-1222.
[4]	ZHANG Rui, YANG Jiyun.Android Malware Detection Based on Permission Correlation[J]. Journal of Computer Applications, 2014, 34(5): 1322-1325.
	张锐,杨吉云.基于权限相关性的Android恶意软件检测[J].计算机应用,2014,34(5):1322-1325.
[5]	SHAO Shudi, YU Huiqun, FAN Guisheng.Detecting Malware by Combining API and Permission Features[J]. Computer Science, 2017, 44(4): 135-139.
	邵舒迪,虞慧群,范贵生.基于权限和API特征结合的Android恶意软件检测方法[J].计算机科学,2017,44(4):135-139.
[6]	LI Jin, SUN Lichao, YAN Qiben, et al. Android Malware Detection[EB/OL]. , 2019-1-22.
[7]	CHEN Suting, ZHAO Qizheng, ZHANG Yanyan.Android Malware Detection Method Based on PPR[J]. Computer Engineering and Design, 2016, 37(9): 2342-2346.
	陈苏婷,赵启正,张艳艳.基于PPR的Android恶意软件检测方法[J].计算机工程与设计,2016,37(9):2342-2346.
[8]	YANG Hongyu, XU Jin.Android Malware Detection Based on Improved Random Forest[J]. Journal on Communications, 2017, 38(4): 8-16.
	杨宏宇,徐晋.基于改进随机森林算法的Android恶意软件检测[J].通信学报,2017,38(4):8-16.
[9]	YANG Hongyu, TANG Ruiwen.Android Malware Detection Based on the System Power Consumption[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(1): 44-49.
	杨宏宇,唐瑞文.基于电量消耗的Android平台恶意软件检测[J].清华大学学报(自然科学版),2017,57(1):44-49.
[10]	WEI Linfeng, LUO Weiqi, WENG Jian, et al. Machine Learning-Based Malicious Application Detection of Android[EB/OL]. , 2017-11-9.
[11]	CAI Zhibiao, PENG Xinguang.Detection of Android Malware Based on System Calls[J]. Computer Engineering and Design, 2013, 34(11): 3757-3761.
	蔡志标,彭新光.基于系统调用的Android恶意软件检测[J].计算机工程与设计,2013,34(11):3757-3761.
[12]	The State Council. National Development Document No. 32 of 2013[EB/OL]. , 2014-11-5.
	国务院.国发〔2013〕32号[EB/OL]. ,2014-11-5.
[13]	TalkingData Industry Data Research Center. application ranking active ranking[DB/OL]. , 2019-2-22.
	TalkingData行业数据研究中心.应用排行活跃排行[DB/OL]. ,2019-2-22.

编号	待测应用软件	APK中的序列号	合法序列号	合法性
1	酷狗音乐破解版	936eacbe07f201df	1300865289	非法
2	QQ6.5破解版	936eacbe07f201df	1270547297	非法
3	腾讯视频破解版	700236001	1282554655	非法
4	PP视频	1311229378	1311229378	合法
5	QQ同步助手	1284642258	1284642258	合法
6	Weixin_downcc	1295447972	1295447972	合法
7	Yymobile_client-7.6.2	1296027984	1296027984	合法

次数	运行时间/ms	平均值/ms
1	9342	9181
2	9317
3	8882
4	8748
5	9616

类型	平均检测时间/ms
影音娱乐	55
电商平台	59
学习工具	39

大小范围/10000 KB	平均检测时间/ms
[1,2]	53
[3,4]	52
[5,6]	50

方案描述	准确率
根据权限和恶意倾向之间的相关性,从权限特征选取、权限特征权重两方面改进朴素贝叶斯分类算法^[4]	≤88.98%
将权限和API特征相结合形成API-权限特征集合^[5]	≈90%
通过系统的三级修剪方法选取22种重要权限^[6]	≤91.97%
通过PPR算法量化特征权限之间的关系,构建特征权限矩阵^[7]	81.7%
改进RF算法简单投票原则,赋予决策树不同权重^[8]	98.1%
采用动态分析技术,利用朴素贝叶斯、J48和Android应用函数类型决策算法实现Androidetect检测系统^[9]	≤90%
采集应用程序运行时的系统调用名及其频数信息,通过远程服务器解析并对行为的正常性分类^[10]	≤97.7%
本文基于签名查验的方案	100%