基于权限的Android恶意程序预过滤方法研究
本课题以Android系统权限机制为中心,以对应用程序的权限分析为切入点,设计并实现了一个Android恶意程序预过滤方法。本文的主要研究内容有:
(1)分析并研究了Android系统权限模型,并在此基础上针对恶意程序样本的权限集合进行了剖析,完成了对Android敏感权限集合的标识与定义;
(2)设计并实现了一个基于Android平台的敏感权限预过滤系统原型,能够通过对应用程序的权限分析,确定其所申请的敏感权限与敏感权限组合,实现了基于Android应用和基于特定敏感权限的权限预过滤功能;
(3)对所实现的敏感权限预过滤系统原型进行了实验验证,实验结果表明,系统能够根据预定义的敏感权限集合,有效地检测Android apk所申请并使用的敏感权限组合,对用户识别Android应用的风险具有较好的参考作用。
关键词 Android 恶意程序 敏感权限 预过滤
毕业设计说明书(毕业论文)外文摘要
Title The prefilter of Android malware based on permissions
Abstract
Android is a kind of free and open source code based on Linux operating system, due to the structure characteristic of the open system characteristic and malicious attacker to attacks on system, stealing and leak users' personal information.
This topic with Android system permissions mechanism as the center, with permissions on the analysis of the application as the breakthrough point, designs and realizes an Android malware prefiltering method.. In this paper, the main research contents are as follows:
(1)Analysis and research the Android permission model, and on this basis for malware samples, analyzes the privilege set of completed identification and definition of sensitive to Android privilege set.
(2)Designed and implemented a sensitive privileges pre filtering system based on Android platform prototype, through analyzing the application permissions, determine its portfolio for sensitive sensitive privileges and permissions.
(3)Sensitive to implement the permissions filtration system prototype experimental verification, the experimental results show that the system can according to the privilege set of predefined, effectively detect Android apk application and use of sensitive permissions combination, for the user to identify the risk of the Android has a good reference.
Keywords Android malware sensitive permission Pre-filter
目 录 I
1 引言 1
1.1 论文研究背景及意义 1
1.2 国内外研究现状 2
1.3 论文的研究内容 2
1.4 论文的组织结构 3
2 Android系统及其安全机制 4
2.1 Android系统概述 4
2.1.1 Android系统发展历程 4
2.1.2 Android系统结构 5
2.1.3 Android系统开发环境 7
2.2 Android系统安全机制分析 8
2.2.1 基于权限的安全机制 8
2.2.2 基于沙箱的安全机制 10
2.2.3 数字签名安全机制 11
2.3 Android权限模型分析 11
2.3.1 Manifest.xml文件概述 12