欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2015, Vol. 32 ›› Issue (6): 807-815.DOI: 10.7523/j.issn.2095-6134.2015.06.013

• 计算机科学 • 上一篇    下一篇

基于有向信息流的Android隐私泄露类恶意应用检测方法

吴敬征1,2, 武延军1,2, 武志飞1, 杨牧天1, 罗天悦1, 王永吉2,3   

  1. 1. 中国科学院软件研究所总体部, 北京 100190;
    2. 中国科学院软件研究所计算机科学国家重点实验室, 北京 100190;
    3. 中国科学院软件研究所基础软件国家工程中心, 北京 100190
  • 收稿日期:2014-10-11 修回日期:2015-03-27 发布日期:2015-11-15
  • 通讯作者: 吴敬征
  • 基金资助:

    国家自然科学基金(61303057,61170072)和核高基国家科技重大专项(2012ZX01039-004)资助

An Android privacy leakage malicious application detection approach based on directed information flow

WU Jingzheng1,2, WU Yanjun1,2, WU Zhifei1, YANG Mutian1, LUO Tianyue1, WANG Yongji2,3   

  1. 1. Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;
    2. State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;
    3. National Engineering Research Center for Foundamental Software, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
  • Received:2014-10-11 Revised:2015-03-27 Published:2015-11-15

摘要:

Android系统占据智能移动终端市场81.9%的份额,预计还会持续增长.同时,针对Android系统的恶意应用日益增多,Android恶意应用程序检测技术已经成为安全领域研究的热点问题.本文提出一种基于有向信息流的针对Android隐私泄漏类恶意应用的检测方法.该方法首先反编译应用程序,分析配置文件中的权限申明;基于隐私点数据集构建隐私数据有向信息流模型;通过在信息流模型中对隐私点的跟踪分析,检测隐私数据是否被发送出去而导致信息泄漏.该方法在对Android第三方市场的7 985个应用程序检测中,发现357个恶意应用.通过实验方式验证了检测结果的准确性.结果表明该方法对Android隐私泄露类恶意应用具有很好的检测效果.

关键词: Android应用, 隐私泄露, 有向信息流, 恶意应用检测, 反编译

Abstract:

Android devices occupy 81.9% of the total smart phone market. However, the malicious applications of Android system are increasing, and the detection technology has become the hot topic in security research. We propose a new Android detection approach of privacy leakage malicious application based on directed information flow. This approach first decompiles the application and analyzes the permissions. Then, it builds directed information flow model according to the privacy points. By tracking the flows of the points, the information flows are monitored and the privacy leakages are detected. We tested 7 985 applications and detected 357 privacy leakage ones. We analyzed one of the results and confirmed that it was indeed a privacy leakge appliction. The results show that this new approach has good detection capacity.

Key words: Android applicaiton, pricacy leakage, directed infromation flow, malicious application detectoin, decompile

中图分类号: