通信学报 ›› 2018, Vol. 39 ›› Issue (6): 27-36.doi: 10.11959/j.issn.1000-436x.2018095

• 学术论文 • 上一篇    下一篇

Android共谋攻击检测模型

杨宏宇,王在明   

  1. 中国民航大学计算机科学与技术学院,天津 300300
  • 修回日期:2018-01-03 出版日期:2018-06-01 发布日期:2018-07-09
  • 作者简介:杨宏宇(1969-),男,吉林长春人,博士,中国民航大学教授,主要研究方向为网络信息安全、移动系统安全等。|王在明(1990-),男,山东临沂人,中国民航大学硕士生,主要研究方向为移动系统安全。
  • 基金资助:
    国家科技重大专项基金资助项目(2012ZX0300200);中国民航科技基金资助项目(MHRD201009);中国民航科技基金资助项目(MHRD201205)

Android collusion attack detection model

Hongyu YANG,Zaiming WANG   

  1. School of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300,China
  • Revised:2018-01-03 Online:2018-06-01 Published:2018-07-09
  • Supported by:
    The National Science and Technology Major Project(2012ZX0300200);The Science & Technology Project of CAAC(MHRD201009);The Science & Technology Project of CAAC(MHRD201205)

摘要:

为了解决对Android共谋攻击检测效率差和准确率低的问题,提出基于组件通信的Android共谋攻击检测模型。首先,提取已知应用的特征生成特征向量集。其次,对权限特征向量集进行训练和分类,生成安全策略规则集。然后,根据组件和通信方式特征向量集生成组件通信有限状态机并优化安全策略规则集。最后,通过提取待测应用的特征向量集生成新状态机,与已优化安全策略规则集进行匹配检测共谋攻击。实验结果表明,所提检测模型具有较好的检测效率和较高的准确率。

关键词: Android安全, 共谋攻击, 组件通信, 安全策略规则集, 有限状态机

Abstract:

In order to solve the problem of poor efficiency and low accuracy of Android collusion detection,an Android collusion attack model based on component communication was proposed.Firstly,the feature vector set was extracted from the known applications and the feature vector set was generated.Secondly,the security policy rule set was generated through training and classifying the privilege feature set.Then,the component communication finite state machine according to the component and communication mode feature vector set was generated,and security policy rule set was optimized.Finally,a new state machine was generated by extracting the unknown application’s feature vector set,and the optimized security policy rule set was matched to detect privilege collusion attacks.The experimental results show that the proposed model has better detective efficiency and higher accuracy.

Key words: Android security, collusion attack, component communication, security policy rule set, finite state machine

中图分类号: 

No Suggested Reading articles found!