Signature Verification Based Legality Discrimination Technology for Mobile Terminal APPs

doi:10.3969/j.issn.1671-1122.2019.11.008

Abstract

Abstract:

With the increasing popularity of mobile terminal devices, more and more users choose to install third-party application software to meet their different needs. Due to the lack of ability to discriminate against the legality of applications, most users have inadvertently installed illegal applications. Illegal application software is repackaged by modifying the source code of the legitimate application software and embedding malicious code in it. The modification of other people’s application software infringes the legitimate rights and interests of the original software developer, and the malicious code contained therein will obtain the user’s information, resulting in the user’s privacy violation and property loss. The illegal application software has seriously threatened the security of the mobile terminal device. This paper proposes a discriminant technology based on signature verification. The whitelist database is built by collecting the characteristic parameters in the digital certificate of the legal application software, and then the corresponding feature parameters in the digital certificate of the application software to be tested are compared with the data in the whitelist database to determine its legality. The experimental results show that the technology has high detection speed, high accuracy and strong practicability.

Key words: mobile terminal application software, legality discrimination, digital certificate, whitelist

CLC Number:

TP309

Tao LI, Junxian SHI, Aiqun HU. Signature Verification Based Legality Discrimination Technology for Mobile Terminal APPs[J]. Netinfo Security, 2019, 19(11): 56-62.

Figures/Tables 12

References 13

[1]	WU Wenhuan.Studying of the Signature Authentication Mechanism in Android[J]. Computer Engineering & Software, 2014, 35(2): 109-110.
	吴文焕. Android应用程序数字签名机制研究[J].软件,2014,35(2):109-110.
[2]	WANG Wenchong, LING Jie.Android Malware Detection Approach Based on fuzzy Hash[J]. Computer Engineering and Applications, 2018, 54(18): 133-138.
	王文冲,凌捷.一种基于模糊哈希的Android变种恶意软件检测方法[J].计算机工程与应用,2018,54(18):133-138.
[3]	YANG Hongshen, ZHAO Zongqu, WANG Junfeng.Malware Detection Technologies Based on Software Intermediate Code[J]. Journal of Sichuan University(Natural Science Edition), 2013, 50(6): 1216-1222.
	杨洪深,赵宗渠,王俊峰.基于中间代码的恶意软件检测技术研究[J].四川大学学报(自然科学版),2013,50(6):1216-1222.
[4]	ZHANG Rui, YANG Jiyun.Android Malware Detection Based on Permission Correlation[J]. Journal of Computer Applications, 2014, 34(5): 1322-1325.
	张锐,杨吉云.基于权限相关性的Android恶意软件检测[J].计算机应用,2014,34(5):1322-1325.
[5]	SHAO Shudi, YU Huiqun, FAN Guisheng.Detecting Malware by Combining API and Permission Features[J]. Computer Science, 2017, 44(4): 135-139.
	邵舒迪,虞慧群,范贵生.基于权限和API特征结合的Android恶意软件检测方法[J].计算机科学,2017,44(4):135-139.
[6]	LI Jin, SUN Lichao, YAN Qiben, et al. Android Malware Detection[EB/OL]. , 2019-1-22.
[7]	CHEN Suting, ZHAO Qizheng, ZHANG Yanyan.Android Malware Detection Method Based on PPR[J]. Computer Engineering and Design, 2016, 37(9): 2342-2346.
	陈苏婷,赵启正,张艳艳.基于PPR的Android恶意软件检测方法[J].计算机工程与设计,2016,37(9):2342-2346.
[8]	YANG Hongyu, XU Jin.Android Malware Detection Based on Improved Random Forest[J]. Journal on Communications, 2017, 38(4): 8-16.
	杨宏宇,徐晋.基于改进随机森林算法的Android恶意软件检测[J].通信学报,2017,38(4):8-16.
[9]	YANG Hongyu, TANG Ruiwen.Android Malware Detection Based on the System Power Consumption[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(1): 44-49.
	杨宏宇,唐瑞文.基于电量消耗的Android平台恶意软件检测[J].清华大学学报(自然科学版),2017,57(1):44-49.
[10]	WEI Linfeng, LUO Weiqi, WENG Jian, et al. Machine Learning-Based Malicious Application Detection of Android[EB/OL]. , 2017-11-9.
[11]	CAI Zhibiao, PENG Xinguang.Detection of Android Malware Based on System Calls[J]. Computer Engineering and Design, 2013, 34(11): 3757-3761.
	蔡志标,彭新光.基于系统调用的Android恶意软件检测[J].计算机工程与设计,2013,34(11):3757-3761.
[12]	The State Council. National Development Document No. 32 of 2013[EB/OL]. , 2014-11-5.
	国务院.国发〔2013〕32号[EB/OL]. ,2014-11-5.
[13]	TalkingData Industry Data Research Center. application ranking active ranking[DB/OL]. , 2019-2-22.
	TalkingData行业数据研究中心.应用排行活跃排行[DB/OL]. ,2019-2-22.

编号	待测应用软件	APK中的序列号	合法序列号	合法性
1	酷狗音乐破解版	936eacbe07f201df	1300865289	非法
2	QQ6.5破解版	936eacbe07f201df	1270547297	非法
3	腾讯视频破解版	700236001	1282554655	非法
4	PP视频	1311229378	1311229378	合法
5	QQ同步助手	1284642258	1284642258	合法
6	Weixin_downcc	1295447972	1295447972	合法
7	Yymobile_client-7.6.2	1296027984	1296027984	合法

次数	运行时间/ms	平均值/ms
1	9342	9181
2	9317
3	8882
4	8748
5	9616

类型	平均检测时间/ms
影音娱乐	55
电商平台	59
学习工具	39

大小范围/10000 KB	平均检测时间/ms
[1,2]	53
[3,4]	52
[5,6]	50

方案描述	准确率
根据权限和恶意倾向之间的相关性,从权限特征选取、权限特征权重两方面改进朴素贝叶斯分类算法^[4]	≤88.98%
将权限和API特征相结合形成API-权限特征集合^[5]	≈90%
通过系统的三级修剪方法选取22种重要权限^[6]	≤91.97%
通过PPR算法量化特征权限之间的关系,构建特征权限矩阵^[7]	81.7%
改进RF算法简单投票原则,赋予决策树不同权重^[8]	98.1%
采用动态分析技术,利用朴素贝叶斯、J48和Android应用函数类型决策算法实现Androidetect检测系统^[9]	≤90%
采集应用程序运行时的系统调用名及其频数信息,通过远程服务器解析并对行为的正常性分类^[10]	≤97.7%
本文基于签名查验的方案	100%