|
|
- 2017
基于语义的Android敏感行为静态分析方法
|
Abstract:
提出一种基于语义的Android敏感行为静态分析方法。该方法首先基于样本统计结果,利用精简Dalvik指令集作为本文分析的中间语言,实现对指令层的形式化语义描述;之后,基于中间语言发现检测样本中的敏感调用,并通过控制依赖关系追溯调用路径;最后,在控制流分析基础上,对存在敏感调用的路径约束求解路径条件。最终求解出具体后台行为及触发条件,揭示出样本后台行为的执行全过程。该方法缓解了符号执行中的路径爆炸问题,实验验证了该方法可以有效地对移动应用后台行为进行分析,并及时获取特征检测无法发现的未知移动恶意应用程序。
| [1] | CHEUNG J, WONG S, YANG H, et al. Smartsiren:Virus detection and alert for smartphones[C]//Proc of the 5th Int Conf on Mobile Systems, Applications and Services. New York:ACM, 2007:258-271. |
| [2] | SHABTAI A, FLEDEL Y, KANONOV U, et al. Google Android:a state-of-the-art review of security mechanisms[EB/OL].[2014-03-20]. http://www.docin.com/p-189587298.html. |
| [3] | 工信部国家互联网应急中心. 2013年我国互联网网络安全态势综述[EB/OL].[2014-03-20]. http://www.199it.com/archives/206597.html. CNCERT. Overview of 2013 China's Internet network security situation[EB/OL].[2014-03-20]. http://www.199it.com/archives/206597.html. |
| [4] | DAGON D, MARTIN T, STARNER T. Mobile phones as computing devices:the viruses are coming![J]. Pervasive Computing, 2004, 3(4):11-15. |
| [5] | DESNOS A. Android:Static analysis using similarity distance[C]//201245th Hawaii Int Conf on System Science (HICSS). Los Alamitos:IEEE Computer Society, 2012:5394-5403. |
| [6] | 李挺, 董航, 袁春阳, 等. 基于Dalvik指令的Android恶意代码特征描述及验证[J]. 计算机研究与发展, 2014, 51(7):1458-1466. LI Ting, DONG Hang, YUAN Chun-yang, et al. Description of android malware feature based on dalvik instructions[J]. Journal of Computer Research and Development, 2014, 51(7):1458-1466. |
| [7] | 王蕊, 冯登国, 杨轶, 等. 基于语义的恶意代码行为特征提取及检测方法[J]. 软件学报, 2012(2):378-393. WANG Rui, FENG Deng-guo, YANG-Yi, et al. Semanticsbased malware behavior signature extraction and detection method[J]. Journal of Software, 2012(2):378-393. |
| [8] | SIVERONI I A. Operational semantics of the java card virtual machine[J]. The Journal of Logic and Algebraic Programming, 2004, 58(1):3-25. |
| [9] | MIRZAEI N, MALEK S, PASAREANU C S, et al. Testing Android apps through symbolic execution[J]. Sigsoft Softw Eng Notes, 2012, 37(6):1-5. |
| [10] | KARLSEN HS, WOGENSEN ER, OLESEN MC, et al. Study, formalisation, and analysis of Dalvik bytecode[C]//Proc of the Seventh Workshop on Bytecode Semantics, Verification, Analysis and Transformation (BYTECODE 2012). Tallinn:ETAPS, 2012. |
| [11] | SCHMIDT A D, BYE R, SCHMIDT H G, et al. Static analysis of executables for collaborative malware detection on Android[C]//ICC'09 IEEE Int Conf on Communications.[S.l.]:IEEE, 2009:1-5. |
