使用敏感路径识别方法分析安卓应用安全性

摘要

Android system dominates the mobile operating systems at present.Compared with iOS system,Android system is more open and has lots of third-party markets with loose audit mechanism.Therefore,there are more malwares in Android platform.In this paper,an Android security analysis based on sensitive path identification,which includes the static analysis and machine learning methods,is presented.Firstly,since malicious behaviors in malwares have their trigger conditions,the definition of sensitive path is provided.Secondly,a method is proposed to generate the inter-component call graph based on APK files base in the fact that there are a lot of inter-component call relations in Android applications.Thirdly,since the sensitive paths cannot be directly used as features,a method is designed to abstract the sensitive paths.Finally,493 applications APK files are collected from Android markets and the existing data sets,such as Google Play,Wandoujia and Drebin,to construct a benchmark.Experiments indicate that the proposed method has higher accuracy (97.97％) than the method based on API-feature (90.47％),and its precision,recall and F-measure are also better than API-feature method.Furthermore,the scale of the APK file has influence to the experiment results,especially in analyzing time (when the APK files are within 0-4MB,the average analyzing time is 89 seconds;and when the files become larger,the time increases significantly).%安卓系统在手机端操作系统中长期占据主导地位,但由于安卓系统开放共享的特性和不够严谨的第三方市场审核机制,安卓平台受到众多恶意应用的侵扰.结合静态程序分析和机器学习方法,提出了基于敏感路径识别的安卓应用安全性分析方法.首先,针对恶意应用中存在的恶意行为以及触发条件,定义了敏感路径;其次,针对安卓应用中存在大量组件间函数调用关系问题,提出了一种生成应用组件间函数调用关系图的方法;再次,由于提取出的敏感路径信息无法直接作为识别特征,实现了一种基于敏感路径信息抽象的特征提取方法;最后,从Google Play、豌豆荚、Drebin等来源收集了493个应用APK文件作为实验数据集,该方法的准确率为97.97％,高于基于API-Feature 的检测方法(90.47％).此外,在恶意应用和良性应用检测的精度、召回率、F度量等方面,该方法均优于API-Feature 方法.另外,实验结果表明:APK文件大小会影响实验的结果,尤其体现在分析时间上(0～4MB大小的APK平均分析用时89s;文件增大后,平均分析用时增长明显).