基于SM3与多特征值的Android恶意软件检测

doi:10.3969/j.issn.1671-1122.2020.06.003

摘要/Abstract

摘要：

通过Android系统提供的MessageDigest工具类使用 SM3杂凑算法对APK进行完整性计算,得到其Hash值;将得到的Hash值与服务器中正确的Hash值进行比较,若两个Hash值不一致,说明此APK程序已被篡改,可以卸载。同时,文章设计了一种权限静态分析和多特征恶意软件检测模型,通过反编译应用程序,得到AndroidManifest.xml和smali文件,获取权限特征和API方法调用特征。权限静态分析是根据权限比重分数,计算危险权限分数,判断应用程序危险程度。多特征恶意软件检测使用Jaccard距离计算权限特征相似度和API 方法调用特征相似度,识别良性软件和恶意软件。实验结果显示,该方案SM3完整性计算速度是MD5、SHA-1算法速度的3倍左右,检测模型能有效识别恶意软件,并对恶意软件分类,从而保护用户的隐私资料,防止恶意软件窃取用户隐私。

关键词: Android, SM3, 恶意软件, 权限检测

Abstract:

The MessageDigest tool class provided by the Android system uses the SM3 hash algorithm to calculate the integrity of the APK, obtains its hash value, compares the obtained hash value with the correct hash value in the server. IF two Hash values are inconsistent,, indicating that the APK has been tampered and can be uninstalled. The permission static analysis and multi-feature malware detection model are designed. By decompiling the application, the AndroidManifest.xml and smali files are obtained, and the permission feature and API method call feature are obtained. Permission static analysis is to calculate the dangerous permission score according to the permission weight score and judge the application danger degree. Multi-feature malware detection uses Jaccard distance calculation permission feature similarity and API method call feature similarity to identify benign software and malware. The experimental results show that the SM3 integrity calculation speed is about 3 times faster than the MD5 and SHA-1 algorithms. The detection model can effectively identify malicious applications and classify malicious applications, thus protecting users' private data and preventing malware theft. User privacy.

Key words: Android, SM3, malware, permission detection

中图分类号:

TP309

郑东, 赵月. 基于SM3与多特征值的Android恶意软件检测[J]. 信息网络安全, 2020, 20(6): 17-25.

ZHENG Dong, ZHAO Yue. Android Malware Detection Based on SM3 and Multi-feature[J]. Netinfo Security, 2020, 20(6): 17-25.

图/表 6

图1

图2

表1

图3

表2

表3

参考文献 16

[1]	XIE Jiayun, FU Xiao, LUO Bin. Progress in Android Protection Technology[J]. Computer Engineering, 2018,44(2):163-170.
	谢佳筠, 伏晓, 骆斌. Android防护技术研究进展[J]. 计算机工程, 2018,44(2):163-170.
[2]	PARVEZ F, AMMAR B, VIJAY L. Android Security: A Survey of Issues, Malware Penetration, and Defenses[J]. IEEE Communications Surveys & Tutorials, 2019,17(2):998-1022.
[3]	CHO J, KIM D, KIM H. User Credential Cloning Attacks in Android Applications: Exploiting Automatic Login on Android Apps and Mitigating Strategies[J]. IEEE Consumer Electronics Magazine, 2018,7(3):48-55.
[4]	OMAR M, MOHAMMED D, NGUYEN V, et al. Android Application Security[M]. Applying Methods of Scientific Inquiry Into Intelligence, Security, and Counterterrorism. NY: IGI Global, 2019.
[5]	G DATA: Q3 Global Android Malicious Samples in 2018 increased by 40% over the same period of last year[EB/OL]. http://www.199it.com/archives/793849.html, 2019-1-15.
	G DATA:2018年Q3全球Android新恶意样本数量达320万个同比增加40%[EB/OL]. http://www.199it.com/archives/793849.html,2019-1-15.
[6]	PENG Lin. ISC2017 Tide Viewing Network Space Forum: International Consensus on Network Space Governance[J]. China Information Security, 2017 ( 10):90-94.
	彭琳. ISC2017观潮网络空间论坛:汇聚网络空间治理的国际共识[J].中国信息安全, 2017(10):90-94.
[7]	ZHOU W, JIA Y, PENG A, et al. The Effect of Iot New Features on Security and Privacy: New Threats, Ex-Isting Solutions, and Challenges yet to be Solved[J]. IEEE Internet of Things Journal, 2018,30(6):1606-1616.
[8]	National Cryptographic Administration Department. SM3 Cryptographic Hash Algorithm[EB/OL]. http://www.oscca.gov.cn/UpFile/20101222141857786.pdf, 2019-1-15.
	国家密码管理系. SM3密码杂凑算法[EB/OL]. http://www.oscca.gov.cn/UpFile/20101222141857786.pdf,2019-1-15.
[9]	MA Junli. Research on Malicious Behavior Detection and Classification Method of Android Applications[D]. Beijing:Beijing Jiaotong University, 2016.
	马君丽. 安卓应用的恶意行为检测与归类方法研究[D]. 北京:北京交通大学, 2016.
[10]	KUMAR R, ZHANG X, KHAN R U, et al. Resea-Earch on Data Mining of Permission-Induced Risk for Android IoT Devices[J]. Applied Sciences, 2019,9(2):277.
[11]	ZHANG Zhenquan, LUO Xinmin, QI Chun. Comparison of Digital Signature Algorithms MD5 and SHA-1 and Optimization Implementation of AVR[J]. Network Security Technology and Application, 2005,5(7):64-67.
	张振权, 罗新民, 齐春. 数字签名算法MD5和SHA-1的比较及其AVR优化实现[J]. 网络安全技术与应用, 2005,5(7):64-67.
[12]	YANG Zhonghuang, LIANG Shanqiang, ZHAN Weixiao. Remote Management of Mobile Devices Based on SEAndroid[J]. Journal of Xi’an University of Posts and Telecommunications, 2018,23(3):17-24.
	杨中皇, 梁善强, 詹维骁. 基于SEAndroid的移动设备远程管理[J]. 西安邮电大学学报, 2018,23(3):17-24.
[13]	BAGHERI H, KANG E, MALEK S, et al. A Formal Approach for Detection of Security Flaws in the A-ndroid Permission System[J]. Formal Aspects of ComPuting, 2018,30(5):525-544.
[14]	MIN Luocxu, CAO Qinghua. Runtime-Based Behavior Dynamic Analysis System for Android Malware Detection[EB/OL]. https://www.researchgate.net/publication/266646301_Runtime-Based_Behavior_Dynamic_Analysis_System_for_Android_Malware_Detection, 2019 -1-15.
[15]	MAMMONE N, IERACITANO C, Adeli H, et al. Permutation Jaccard Distance-Based Hierarchical Clustering to Estimate EEG Network Density Modifications in MCI Subjects[J]. IEEE Transactions on Neural Networks and Learning Systems, 2018,9(9):1-14.
[16]	HUANG Meigen, ZENG Yunke. Detection Method of Android Stealing Privacy Malicious Applications Based on Permission Combination[J]. Computer Applications and Software, 2016,33(9):320-323, 333.
	黄梅根, 曾云科. 基于权限组合的Android窃取隐私恶意应用检测方法[J]. 计算机应用与软件, 2016,33(9):320-323,333.

编辑推荐 0

Metrics

阅读次数

全文

113

HTML			PDF

最新录用	在线预览	正式出版	最新录用	在线预览	正式出版
0	0	17	0	0	96

来源	本网站	其他网站

次数	112	1
比例	99%	1%

摘要

363

最新录用	在线预览	正式出版

0	0	363

	来源	本网站

	次数	363
	比例	100%

权限	风险等级	权重分数
READ_CONTACTS	较高	4
ACCESS_COARSE_LOCATION	中等	3
INSTALL_PACKAGES	非常高	6
READ_SMS	较高	4
SEND_SMS	高	5
WRITE_SMS	高	5
READ_CALL_LOG	中等	3
PROCESS_OUTGOING_CALLS	非常高	6
MOUNT_UNMOUNT_FILESYSTEMS	一般	2
WRITE_EXTERNAL_STORAGE	非常高	6
READ_EXTERNAL_STORAGE	高	5
READ_PHONE_STATE	中等	3
READ_LOGS	非常高	6
RECORD_AUDIO	中等	3
CALL_PHONE	较高	4

	MD5	SHA-1	SM3
Pixel 3	0.984	0.712	0.286
Pixel 2	1.067	0.848	0.315
Nexus 6p	1.109	0.988	0.369