期刊文献+

一种基于传感器的Android应用行为分析技术 被引量:2

An analysis technology of Android application behavior based on sensors
下载PDF
导出
摘要 大多数针对恶意软件识别的研究都是基于应用程序接口(Application Program Interface,API)调用来实现的,但是目前基于API的研究大都没有考虑到设备的状态,设备状态能够直接体现程序运行的外部环境,这对分析应用的行为有着重要作用.本文提出一种基于传感器的应用行为识别技术,首先,通过传感器数据来判断设备实时状态;然后,结合API调用时序和图形用户界面(Graphic User Interface,GUI)首屏时序产生的多元时序数据,设计算法识别应用行为的恶意性;最后,设计实现包括静态打桩、动态行为监控和传感器实时状态采集的恶意行为分析原型系统,选取典型案例验证了本文提出方法的准确性,并通过黑盒测试验证了本文恶意应用识别方法的有效性. Most of the research on malware identification is based on the application program interface(API)call,but most of the current API based research does not consider the state of the device.However,the device state can directly reflect the running environment of the program,such as human operation or program automation,and it plays an important role in the analysis of application behavior.In this paper,a sensor based application behavior recognition technology is proposed.Firstly,the real-time status of the device is judged by the sensor data.Secondly,the algorithm is designed to identify the malicious application behavior using the multiple time series data generated by combining the API call time series and the first screen time series of graphical user interface(GUI).Finally,the malicious behavior analysis prototype system is designed and implemented,and it includes the functions of static piling,dynamic behavior monitoring and real-time status collection of sensors.Typical cases were selected to verify the accuracy of the proposed method,and the black box test was performed to verify the effectiveness of the malicious application identification method in this paper.
作者 杨频 冉涛 张磊 刘易 YANG Pin;RAN Tao;ZHANG Lei;LIU Yi(College of Cybersecurity,Sichuan University,Chengdu 610064,China)
出处 《四川大学学报(自然科学版)》 CAS CSCD 北大核心 2021年第1期84-90,共7页 Journal of Sichuan University(Natural Science Edition)
基金 国家重点研发计划(2017YFB0802900)。
关键词 传感器 应用行为 API调用 行为分析 Sensor Application behavior API call Behavior analysis
  • 相关文献

参考文献5

二级参考文献89

  • 1Steven M P.Contrary to what you've heard,Android is almost impenetrable to malware[EB/OL].[2014-06-23].http://qz.com/131436/contrary-to-what-youveheard-android-is-almost-impenetrable-to-malware/. 被引量:1
  • 2Zhou Y,Jiang X.An analysis of the AnserverBot trojan[EB/OL].[2014-06-23].http://www.csc.ncsu.edu/faculty/jiang/pubs/AnserverBot_Analysis.pdf. 被引量:1
  • 3F-Secure’s Security Labs.Trojan:Android/BaseBridge.A[EB/OL].[2014-06-23].http://www.fsecure.com/v-descs/trojan_android_basebridge.shtml. 被引量:1
  • 4F-Secure’s Security Labs.Droid KungFu Utilizes an Update Attack[EB/OL].(2011-10-05)[2014-06-23].http://www.f-secure.com/weblog/archives/00002259.html. 被引量:1
  • 5Jiang X X.Security Alert:New Stealthy Android Spyware-Plankton-Found in Official Android Market[EB/OL].[2014-06-23].http://www.csc.ncsu.edu/faculty/jiang/Plankton/. 被引量:1
  • 6Goegre code.Asroot[EB/OL].[2012-02-07].http://code.google.com/p/flashrec/source/browse/#svn%2Ftrunk%2Fandroid-root. 被引量:1
  • 7SEBASTIAN.Android trickery[EB/OL].[2014-06-23].http://c-skills.blogspot.com/2010/07/androidtrickery.html. 被引量:1
  • 8SEBASTIAN.Droid2[EB/OL].[2014-06-23].http://c-skills.blogspot.com/2010/08/droid2.html. 被引量:1
  • 9SEBASTIAN.Zimperlich sources[EB/OL].[2014-06-23].http://c-skills.blogspot.com/2011/02/zimperlich-sources.html. 被引量:1
  • 10SEBASTIAN.adb trickery#2[EB/OL].[2014-06-23].http://c-skills.blogspot.com/2011/01/adbtrickery-again.html. 被引量:1

共引文献79

同被引文献27

二级引证文献2

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部