Android移动恶意代码检测的研究概述与展望

doi:10.3969/j.issn.1671-1122.2016.09.043

摘要/Abstract

摘要：

随着Android系统在移动智能终端的应用越来越广,Android 系统的信息安全问题也日趋严重。尽管Android操作系统的进程采用了独立的虚拟内存空间保障其程序内核的可靠性,但由于应用程序各种事件之间的调用和关联,导致隐私数据泄露、程序越权操作、电池耗尽攻击、恶意进程交互等手机安全事件频繁涌现。因此Android恶意代码检测技术成为移动应用安全防护的一个研究热点。文章从Android恶意代码检测的应用需求和背景出发,概述了动态检测和静态检测方法、基于机器学习的智能检测方法、基于形式化的软件工程方法等各个方面的研究进展,最后提出了融合机器学习和软件工程方法的综合静态检测方法的研究方向,并分析了技术难点,可为学术研究和产品开发提供有价值的参考。

关键词: 移动恶意代码, 动态检测, 静态检测, 机器学习, 模型检测

Abstract:

With the wide spread of Android-based mobile applications, the problem of information security in Android system is increasingly serious . Although Android operating system adopted independent virtual memory space to guarantee the reliability of its kernel , because of calls and association between various events in application , it will lead to private data leakage , unauthorized operation procedures, attacks to run out the battery , malicious processes interact and other mobile security events. Therefore , Android malware detection techniques become a hot topic in the domain of mobile application security. In this paper, the application requirements and environments for Android malware detection are firstly described, and then the diversity malware detection methods are surveyed which include dynamic and static methods, machine learning-based schemes, formal method-based software engineering techniques. Finally, the research direction to initiate a comprehensive static detection framework by integrating machine learning and software engineering is proposed, with some key challenges concomitantly analyzed, which can be valuable reference both for academic communities and industrial products.

Key words: mobile malware, dynamic detection, static detection, machine learning, model checking

中图分类号:

TP309

蔡林, 陈铁明. Android移动恶意代码检测的研究概述与展望[J]. 信息网络安全, 2016, 16(9): 218-222.

Lin CAI, Tieming CHEN. Research Review and Outlook on Android Mobile Malware Detection[J]. Netinfo Security, 2016, 16(9): 218-222.

参考文献 36

[1]	TRUSTGO. BSides Las Vegas: Your Droid Has No Clothes[EB/OL]. . 2014-01-08.
[2]	Google Project Hosting. Andoguard[EB/OL]. , 2013-12-09.
[3]	LIU Wu, REN Ping, LIU Ke, et a1.Behavior-based Malware Analysis and Detection[C]//IEEE. 2011 First International Workshop on Complexity and Data Mining(IWCDM), September 24-28, 2011, Nanjing, Jiangsu, China, NJ: IEEE, 2011 : 39-42.
[4]	ZHOU Y, JIANG X.Dissecting Android Malware:Characterization and Evolution.[C]//IEEE. of the 2012 IEEE Symposium on Security and Privacy, May 20-23, 2012. San Francisco Bay Area, California, IEEE Computer Society Washington, DC,USA, 2012 : 95-109.
[5]	ZOU S, ZHANG J, LIN X.An Effective Behavior-based Android Malware Detection System[J]. Security and Communication Networks, 2015, 8(12) : 2079-2089.
[6]	KUBOTA A.Kernel-based Behavior Analysis for Android Malware Detection[C]//IEEE. 2011 Seventh International Conference on Computational Intelligence and Security,CIS 2011,December 3-4,2011, Sanya ,Hainan. NJ: IEEE, 2011 : 1011-1015.
[7]	WU D, MAO C, Wei T.DroidMat: Android Malware Detection through Manifest and API Calls Tracing[C]//IEEE. 2012 Seventh Asia Joint Conference on Information Security,August 9-10, 2012, Tokyo, Japan. NJ: IEEE, 2012: 62-69.
[8]	GASCON H, YAMAGUCHI F, ARP D, et al.Structural Detection of Android Malware Using Embedded Call Graphs[C]//ACM. of the 2013 ACM Workshop on Artificial Intelligence and Security, November. 4-8 Berlin, Germany. NY: ACM, 2013: 45-54.
[9]	AVG. Malware Detection Methods[EB/OL]. , 2016-1-15.
[10]	Android and Security [EB/OL]. , 2016-1-15.
[11]	SPREITZENBARTH M, SCHRECK T, ECHTLER F, et al.Mobile-Sandbox: Combining Static and Dynamic Analysis with Machine-learning Techniques[J]. International Journal of Information Security, 2014:1-13.
[12]	ALLIX K, BISSYANDE T, KLEIN J. Machine Learning-Based Malware Detection for Android Applications: History Matters! University of Luxembourg [EB/OL], , 2016-1-15.
[13]	王蕊,冯登国,杨轶,等.基于语义的恶意代码行为特征提取及检测方法[J]. 软件学报,2012,23(2): 378-393.
[14]	任伟,柳坤,周金. AnDa:恶意代码动态分析系统[J]. 信息网络安全,2014(8):28-33.
[15]	AMOS B, TURNER H, White J.Applying Machine Learning Classifiers to Dynamic Android Malware Detection at Scale[C]//IEEE. Wireless Communications and Mobile Computing Conference (IWCMC), July 1-5,2013, Sardinia, Italy. NJ: IEEE, 2013:1666-1671.
[16]	NARUDIN F A, FEIZOLLAH A, ANUAR N B, et al.Evaluation of Machine Learning Classifiers for Mobile Malware Detection[J]. Soft Computing, 2014, 20(1):1-15.
[17]	李桂芝,韩臻,周启惠,等. 基于Binder信息流的Android恶意行为检测系统[J]. 信息网络安全,2016(2):54-59.
[18]	PREDA M D, al. E. A semantics-based Approach to Malware Detection[J]. ACM Transactions on Programming Languages and Systems, 2007, 42(25) : 377-388.
[19]	贾同彬,蔡阳,王跃武,等. 一种面向普通用户的Android APP安全性动态分析方法研究[J]. 信息网络安全,2015(9):1-5.
[20]	SONG D, BRUMLEY D, YIN H, et al.BitBlaze: A New Approach to Computer Security via Binary Analysis[M]. Springer Berlin Heidelberg Information Systems Security, 2008.
[21]	JOHANNES K, STEFAN K, CHRISTIAN S, et al.Detecting Malicious Code by Model Checking[J]. Lecture Notes in Computer Science Volume 3548, 2005 : 174-187.
[22]	ENCK W, GILBERT P, CHUN B, et al.TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones.[J]. ACM Transactions on Computer Systems, 2010, 57(3):99-106.
[23]	MOSER A, KRUEGEL C, KIRDA E.Exploring Multiple Execution Paths for Malware Analysis[J]. Security and Privacy, Sp 07, IEEE Symposium on, 2007:231-245.
[24]	XIAO X, TILLMANN N, FAHNDRICH M, et al.User-aware Privacy Control via Extended Static-information-flow Analysis[J]. Automated Software Engineering, 2014, 7304(4):80-89.
[25]	FANG Z, HAN W, LI Y.Permission Based Android Security: Issues and Countermeasures[J]. Computers & Security, 2014, 43(6):205-218.
[26]	LIANG S, MIGHT M, VAN H D.Anadroid: Malware analysis of Android with User-supplied Predicates[J]. Electronic Notes in Theoretical Computer Science, 2013 (311) : 3-14.
[27]	ALESSANDRO A, GABRIELE C, ALESSIO M.Formal Modeling and Reasoning about the Android Security Framework[J]. Lecture Notes in Computer Science, 2012: 64-81.
[28]	MICHELE B, STEFANO C, ALVISE S.Lintent: Towards Security Type-Checking of Android Applications[J]. Lecture Notes in Computer Science, 2013 (7892) : 289-304.
[29]	FU S, TAYSSIR T.LTL Model-Checking for Malware Detection[J]. Lecture Notes in Computer Science , Springer Berlin Heidelberg, 2013 (7795) : 416-431.
[30]	FU S, TAYSSIR T.Efficient Malware Detection Using Model-Checking[J]. Lecture Notes in Computer Science , Springer Berlin Heidelberg, 2012 (7436): 418-433.
[31]	SONG F, TOUILI T.Pushdown Model Checking for Malware Detection[J]. International Journal on Software Tools for Technology Transfer, 2014, 16(2): 147-173.
[32]	RASTOGI V, CHEN Y, ENCK W.AppsPlayground: automatic security analysis of smartphone applications[C] //ACM third ACM conference on Data and Application Security and Privacy. February 18-20, 2013, San Antonio, Texas, USA. NY: ACM, 2013: 209-220.
[33]	PETSAS T, VOYATZIS G, ATHANASOPOULOS E, et al.Rage Against the Virtual Machine: Hindering Dynamic Analysis of Android Malware[C]//ACM Seventh European Workshop on System Security. April 13-16, 2014, Amsterdam, Netherlands. NY: ACM, 2014: 5-15.
[34]	VIJAYENDRA G, VIJAY K, SANJAY R, et al.Category Based Malware Detection for Android.[C]// SSCC. Second International Symposium, September 24-27, Delhi, India. SSCC 2014,2014: 239-249.
[35]	PASAREANU C S, VISSER W, BUSHNELL D, et al.Symbolic PathFinder: Integrating Symbolic Execution with Model Checking for Java Bytecode Analysis[J]. Automated Software Engineering, 2013, 20(3):391-425.
[36]	SABA A, MUNAM A, ABID K, et al.Android Malware Detection & Protection: A Survey[J]. International Journal of Advanced Computer Science and Applications, 2016, 7(2): 463-475.