Android应用日益流行,但是Android广告库存在收集用户敏感信息(如IMEI等)并通过网络发送的行为.因此,提出了使用基于HTTP数据包目的和内容距离的层次化聚类算法的检测方法来检测敏感信息的泄露.该方法首先对HTTP数据包的目的和内容距离进行聚类,随后从聚类的结果中生成特征签名,并使用这些特征签名来检测是否存在敏感信息泄露.实验表明提出的检测方法可以检测到95%的敏感信息泄露,并只有2.7%的漏判率和2.3%的误判率.%Android applications become popular,but its advertisement libraries can collect a user's sensitive information (e.g.,IMEI) and transmit it across the network.Therefore,this paper proposed a clustering method based on the HTTP packet destination and content distances to detect sensitive information leakage from Android apps.This method first clustered destination and content distance of HTTP packets.Then,it generated signatures from clustering results and used them to detect sensitive information leakage.In the experiment,this approach accurately detectes 95 % of the sensitive information leakage and produces 2.7% false negative results,and 2.3% false positive results.
展开▼
