信息网络安全 ›› 2015, Vol. 15 ›› Issue (10): 66-73.doi: 10.3969/j.issn.1671-1122.2015.10.010

• 技术研究 • 上一篇    下一篇

基于权限分析的手机恶意软件检测与防范

张帆(), 钟章队   

  1. 北京交通大学计算机与信息技术学院,北京100044
  • 收稿日期:2015-08-20 出版日期:2015-10-01 发布日期:2015-11-04
  • 作者简介:

    作者简介: 张帆(1990-),男,内蒙古,硕士研究生,主要研究方向:智能手机安全和计算机网络;钟章队(1962-),男,北京,博士生导师,教授,主要研究方向:无线通信和计算机网络。

  • 基金资助:
    国家自然科学基金 [61303245]

Detection and Prevention of Mobile Malware Based on the Analysis of Permissions

ZHANG Fan(), ZHONG Zhang-dui   

  1. College of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China
  • Received:2015-08-20 Online:2015-10-01 Published:2015-11-04

摘要:

随着近年来移动互联网的兴起,智能手机飞速发展。由于Android的开源性,使得Android平台的恶意软件与日俱增,并且具有数量大、传播快、变种多等特点。文章提出了一种检测和防范Android恶意软件的策略及方法。首先通过静态分析的方法提取大量的正常Android应用程序和恶意程序样本的权限,然后统计样本结果,对比正常应用与恶意程序所调用权限的区别,重点研究良性软件和恶意程序中调用最频繁的权限的区别。该统计结果很好地反映了恶意软件与良性软件在权限选择上有许多不同侧重点;最后引入信息增益概念,来研究每项权限对于判断一个应用程序为恶意软件的可能性的影响大小,对应用程序的权限进行分级评分,从而形成一个可靠有效的安全测评机制。通过实验证明,该方法能有效的检测和防范恶意软件,从而更好地保护Android手机安全。

关键词: Android, 恶意软件防护, 权限提取, 静态分析

Abstract:

In recent years, Android smart phones have developed rapidly, along with increasing developed software on the android platform. However, due to Android's open source property, the malware is growing in android platform. Currently, a large number of malicious software has been rapidly spread. Therefore, it is a must to protect Android smart phones. The main work of this paper are as follows: first, extract a large number of permissions from normal applications as well as malicious applications through static analysis. Secondly, draw histograms based on the permissions to show what permissions are most important. We pay much attention to finding out which permission is most frequent between benign application and malware. The statistical results reflect that there are many different priorities between benign application and malware. Lastly, depending on the information gain concept to estimate the risk which a application is a malware. We rank permissions based on information gain. In this way to form a effective and safe assessment mechanism. This paper provides a method for detecting malware. Through experimental results, the method has the opportunity to become malware detection and prevention mechanisms to better protect Android phone.

Key words: Android, malware detection, permission extraction, static analysis

中图分类号: