Android应用威胁等级评估技术的设计与实现

信息安全研究 ›› 2021, Vol. 7 ›› Issue (1): 27-36.

Android应用威胁等级评估技术的设计与实现

刘林¹,刘亮²,张磊³,吴润浦⁴

1. 四川大学
2. 四川大学网络空间学院
3. 四川大学网络空间安全学院
4. 中国信息安全测评中心

收稿日期:2021-01-10 出版日期:2021-01-05 发布日期:2021-01-10
通讯作者: 刘林
作者简介:刘林硕士研究生，主要研究方向为恶意代码检测、信息安全． withliulin@qq.com 刘亮博士研究生，高级工程师，主要研究方向为漏洞挖掘、恶意代码检测． 59154092@qq.com. 张磊工学博士，助理研究员，主要研究方向为操作系统安全、恶意代码检测．zhanglei2018@scu.edu.cn 吴润浦硕士，副研究员，主要研究方向为网络安全、恶意代码分析．wurp@itsec.gov.cn

Design and Implementation of Threat Level Decision Rules for Android Applications

Received:2021-01-10 Online:2021-01-05 Published:2021-01-10

摘要/Abstract

摘要： 针对Android平台恶意软件日益泛滥的问题，本文提出一种Android应用威胁等级评估技术，包括特征构建和威胁等级评估规则设计2部分．本文首先利用静态分析和动态分析技术，提取出Android应用APK文件的权限、行为、漏洞特征，利用信息增益算法筛选后构建特征库，再基于朴素贝叶斯模型设计函数，通过定义有单调性、典型性、直观性的函数，最终实现对APK文件权限和行为特征的打分；漏洞方面的评估则是先根据等级划分指南划分威胁等级，通过反编译APK文件获取源代码后，对代码进行逐行读取搜索匹配漏洞，再根据漏洞对应威胁等级来对APK文件进行威胁等级评估．实验结果表明，本文能根据计算所得分数划分应用的威胁等级，更为直观明了，也能更为有效地对Android应用进行威胁等级评估．

关键词: 安卓, 恶意软件, 特征分析, 威胁评分, 等级评估

Abstract: Aiming at the problem of the increasing proliferation of malware on Android platform, this paper proposes a threat level assessment technology for Android applications, which includes two parts: feature construction and threat level evaluation rule design. In this paper, firstly, we use static analysis and dynamic analysis technology to extract the permission, behavior and vulnerability characteristics of Android application APK file, and then use information gain algorithm to filter and build a feature library. Then, we design functions based on Naive Bayesian model. By defining monotonous, typical and intuitive functions, we can finally score the permissions and behavior characteristics of APK files The assessment is to divide the threat level according to the grading guidelines, and then extract the source code by decompiling the APK file, then read the code line by line to search for the matching vulnerabilities, and then evaluate the threat level of the APK file according to the corresponding threat level of the vulnerability. The experimental results show that this paper can divide the application threat level according to the calculated score, which is more intuitive and clear, and can evaluate the Android application threat level more effectively.

Key words: Android, malware, feature analysis, threat score, grade assessment

刘林刘亮张磊吴润浦. Android应用威胁等级评估技术的设计与实现 [J]. 信息安全研究, 2021, 7(1): 27-36.

参考文献

[1] 360 Security Response Center. Android malware report in 2019[OL]. (2020-03-03)[2020-05-11]. https://cert.360.cn/report/detail?id=0d66c8ba239680d6674f2dba9f2be5f7 2020,3,3 [2] McLaughlin N, Martinez del Rincon J, Kang B J, et al. Deep android malware detection[C]//Proc of the 7th ACM on Conf on Data and Application Security and Privacy. New York:ACM,2017: 301-308 [3] 高杨晨,方勇,刘亮等. 基于卷积神经网络的Android恶意软件检测技术研究 [J]. 四川大学学报: 自然科学版, 2020, 57: 673-680 [4] Sanz B, Santos I, Laorden C, et al. MAMA: Manifest analysis for malware detection in android[J]. Cybernetics and Systems, 2013, 44(6/7): 469-488 [5] Fang Y, Gao Y, Jing F, et al. Android malware familial classification based on DEX file section features[J]. IEEE Access, 2020, 8: 10614-10627 [6] Sarma B P, Li N, Gates C, et al. Android permissions: A perspective combining risks and benefits[C]//Proc of the 17th ACM Symp on Access Control Models and Technologies. New York:ACM,2012: 13-22 [7] Liang S, Du X. Permission-combination-based scheme for android mobile malware detection[C]//Proc of IEEE Int Conf on Communications (ICC).Piscataway, NJ: IEEE, 2014: 2301-2306 [8] Barrera D, Kayacik H G, Van Oorschot P C, et al. A methodology for empirical analysis of permission-based security models and its application to android[C]//Proc of the 17th ACM Conf on Computer and Communications Security. New York: ACM, 2010: 73-84 [9] Enck W, Gilbert P, Han S, et al. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones[J]. ACM Transactions on Computer Systems (TOCS), 2014, 32(2): 5 [10] Kapratwar A, Di Troia F, Stamp M. Static and dynamic analysis of android malware[C]//Proc of ICISSP. 2017: 653-662 [11] Singh L, Hofmann M. Dynamic behavior analysis of android applications for malware detection[C]//Proc of Int Conf on Intelligent Communication and Computational Techniques (ICCT). Piscataway, NJ:IEEE, 2017: 1-7 [12] Zhou Y, Jiang X. Dissecting android malware: Characterization and evolution[C]//Proc of IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2012: 95-109 [13] Peng H, Gates C, Sarma B, et al. Using probabilistic generative models for ranking risks of android apps[C]//Proc of ACM Conf on Computer and Communications Security. New York: ACM, 2012: 241-252 [14] 李永锋. 基于敏感API数据依赖的Android恶意软件检测研究[D].南京：南京大学,2016 [15] 黄心依,曾凡平.基于多重对应分析的Android应用安全等级评估[J].电子技术,2016,45(8):72-78 [16] Li L, Bissyandé T F, Papadakis M, et al. Static analysis of android apps: A systematic literature review[J]. Information and Software Technology, 2017, 88: 67-95 [17] Feng Y, Anand S, Dillig I, et al. Apposcopy: Semantics-based detection of android malware through static analysis[C]//Proc of the 22nd ACM SIGSOFT Int Symp on Foundations of Software Engineering. New York: ACM, 2014: 576-587 [18] Bhatia T, Kaushal R. Malware detection in android based on dynamic analysis[C]//Proc of Int Conf on Cyber Security And Protection Of Digital Services (Cyber Security).Piscataway, NJ: IEEE, 2017: 1-6 [19] Kakisim A G, Nar M, Carkaci N, et al. Analysis and evaluation of dynamic feature-based malware detection methods[C]//Proc of Int Conf on Security for Information Technology and Communications. Cham:Springer, 2018: 247-258 [20] Damodaran A, Di Troia F, Visaggio C A, et al. A comparison of static, dynamic, and hybrid analysis for malware detection[J]. Journal of Computer Virology and Hacking Techniques, 2017, 13(1): 1-12 [21] Lowd D, Domingos P. Naive Bayes models for probability estimation[C]//Proc of the 22nd Int Conf on Machine Learning. 2005: 529-536 [22] 刘庆和，梁正友．一种基于信息增益的特征优化选择方法[J]．计算机工程与应用，2011,47(12):130-132