In order to restrict the behaviors of applications, a permission system is designed in Android system. However, for the permissions granted by the users, applications will no longer be restricted and can use these permissions at will, which may cause the potential permission abuse attacks. To detect the permission abuse behaviors of applications, an association analysis based detection method was proposed. This method dynamically detects sensitive behaviors of applications and operations of users, then calculates the degree of association between them. Detection result will be obtained through comparing the differences between detected applications and benign applications. A prototype system named DroidDect was designed and implemented based on the above method. The experimental results show that permission abuse behaviors in Android applications can be effectively detected by DroidDect with advantages including low system overhead.%为了限制应用软件的行为,Android系统设计了权限机制.然而对于用户授予的权限,Android应用软件却可以不受权限机制的约束,任意使用这些权限,造成潜在的权限滥用攻击.为检测应用是否存在权限滥用行为,提出了一种基于关联分析的检测方法.该方法动态检测应用的敏感行为与用户的操作,并获得两者的关联程度.通过比较待检测应用与良性应用的关联程度的差别,得到检测结果.基于上述方法,设计并实现了一个原型系统DroidDect.实验结果表明,DroidDect可以有效检测出Android应用的权限滥用行为,并具有系统额外开销低等优点.
展开▼
