【摘要】：隨著智能手機的高度普及和手機性能的增強,人們各式各樣的信息也逐漸從PC端轉移到了手機端。目前最流行的智能手機為Android手機,這是由于其具有開源的平臺和良好的接口。這種開放性使得Android平臺廣受各大廠商和用戶的追捧,但是這也給Android平臺帶來巨大安全威脅。手機勒索軟件就是最具代表性的一種安全威脅。這種流氓軟件通過鎖屏或加密文件的方式使用戶不能正常的訪問自己的設備或文件,并以此為籌碼向用戶勒索解鎖或解密的費用。針對這種Android勒索軟件,本文提出了一種主動實時的檢測方法,能在用戶失去對設備或文件的控制權之前,檢測并消除勒索軟件惡意行為的危害。首先,本文對Android勒索軟件樣本進行了詳細的分析,并對其特征進行了總結,發(fā)現這些惡意應用存在以下特征:顯示勒索信息、鎖定手機屏幕、加密用戶文件。然后,根據Android勒索軟件這些特征,對Android勒索軟件主動實時檢測方法進行設計。檢測方法分為三個階段,分別是應用過濾、靜態(tài)特征分析和動態(tài)行為實時監(jiān)控,這三個階段分別實現了對應用捕捉過濾、勒索文本與鎖屏策略檢測和加密行為檢測。最后,本文對Android勒索軟件的主動實時方法進行實現,并使用收集到的675個勒索軟件樣本和9238個正常應用,通過三個實驗對系統(tǒng)進行全面的測試。測試實驗顯示,本系統(tǒng)在檢測勒索軟件方面有很高的準確性和很低的誤報率。同時系統(tǒng)在移動設備上資源消耗低,具有很高的實用性。
[Abstract]:With the popularity of smart phones and the enhancement of mobile phone performance, all kinds of information is gradually transferred from PC to mobile phone. The most popular smartphone is the Android phone, due to its open source platform and good interface. This kind of openness makes the Android platform popular with the major manufacturers and users, but it also brings a huge security threat to the Android platform. Mobile blackmail software is the most representative of a security threat. This kind of rogue software can not access their equipment or files normally by locking screen or encrypting files, and it is used as a bargaining chip to extort the cost of unlocking or decrypting. For this Android blackmail software, this paper proposes an active real-time detection method, which can detect and eliminate the harm of malicious behavior of extortion software before the user loses control of the device or file. Firstly, this paper analyzes the sample of Android extortion software in detail, and summarizes its features. It is found that these malicious applications have the following characteristics: displaying extortion information, locking the mobile phone screen, and encrypting user files. Then, according to the characteristics of Android blackmail software, the active real-time detection method of Android blackmail software is designed. The detection method is divided into three stages: application filtering, static feature analysis and real-time monitoring of dynamic behavior. These three phases implement application capture filtering, extortion text and screen locking strategy detection and encryption behavior detection respectively. Finally, this paper implements the active real-time method of Android blackmail software, and uses the collected 675 samples of extortion software and 9238 normal applications to test the system through three experiments. The test results show that the system has high accuracy and low false alarm rate in detecting extortion software. At the same time, the system has low resource consumption and high practicability on mobile devices.
【學位授予單位】：武漢大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TP316;TP309

【相似文獻】

相關期刊論文 前10條

1 林耕宇;;觀摩50名Google Android程序開發(fā)競賽作品[J];電子與電腦;2008年08期

2 樹子;;Android中文版不完全體驗[J];互聯(lián)網天地;2009年04期

3 Jason Whitmire;;產業(yè)軟件專家如何協(xié)助解決Android的分裂困境[J];電子與電腦;2010年02期

4 蔣彬;;10款Android手機必備應用——Android操作系下的軟件評測[J];微電腦世界;2010年04期

5 ;PCWorld Windows Phone 7挑戰(zhàn)Android 毅然崛起的AndroidⅠ洗心革面的Windows Phone 7[J];微電腦世界;2010年08期

6 韓青;;Android平臺發(fā)展的動力與挑戰(zhàn)[J];中國電子商情(基礎電子);2010年09期

7 方智勇;;Android手機這樣用[J];電腦迷;2010年15期

8 缺少浪漫;;Android的另一面[J];電腦迷;2010年13期

9 ;ZTE and Three Release Android ，

本文編號：2211586