| With the rapid development of broadband wireless access technology and mobile terminal, it is hoped that people will easily obtain information and services on the internet at any time and any place even when they are moving, so the mobile internet developed quickly in recent years. Mobile Internet is one kind of business service by which people can access to data and services using mobile wireless communication on smart phones.With the gradual improvement of computing ability on mobile intelligent terminal, sophisticated functions of smart phone bring about the increasing number of mobile operation system problems and relative security events. The spread of malicious programs on smart phones is quicker with the rapid development of mobile internet. Such malicious applications are usually used to steal privacy information or illegally order value-added services for smart phone users, which will cause direct economic losses to users.Neglecting safety will have serious consequences under such adverse circumstances of mobile application security. Mobile malicious applications have become one of the key factors threatening the development of mobile internet. In order to protect vital interest of mobile terminal users as well as the healthy development of mobile internet industry, mobile malicious applications should be effectively prevented and controlled. However, mobile internet security is very different from traditional internet security environment. Smart phones have characteristics like mobility and privacy, which means that traditional software security analysis and protection methods can’t provide effective support for mobile platform. So, the study of mobile platform based software security analysis and protection technology is of great significance. This paper summarizes the recent achievements of mobile internet application security, analyzes the existence limitation of current technology in the view of threats and challenges of mobile application security. According to different situations, this paper put forward with core issues such as mobile application security static behavioral analysis method, mobile application dynamic behavior sequence analysis model and mobile application security protection framework. A mobile application security service platform was established to carry out large amounts of experiments to verify the proposed scheme.The major work and contributions of this paper can be summarized as follows:1. An instruction sequence based malicious code family birthmark discrimination method is proposed in this paper. This method is aimed at the characteristics analysis of mobile application, especially the signature extraction of android malicious applications. Based on the statistical results of instruction distribution of large numbers of applications, this method simplifies and optimizes the218instructions of Dalvik instruction sets into an intermediate language, SDIL (Simple-Dalvik Intermediate Language). The instruction characteristics of mobile application can easily be extracted using SDIL with the semantics and control relationship of source code being maintained. With the concise summary of SDIL instruction sets, the improved MOSS(Measure Of Software Similarity) algorithm is used in this paper to respectively analyze samples from different mobile malicious application families. The common features of malicious application families will be extracted with the normal ones being removed. Such features will be used as the characteristic codes of malicious families so as to build a malicious family characteristic library. Experiments proved that this method can find both known and unknown samples of malicious families quickly and effectively.2. Because malicious coders always hide the malicious code into deep execution route, which will be triggered at certain conditions, this paper symbolic descripts instruction semantics based on SDIL and shows the working mechanism and control dependencies. Sensitive call and change of both control and data stream are also be followed, so as to find out malicious code with deep execution route. Meanwhile, in order to calculate and verify the trigger conditions of such background malicious behavior and the specific parameters of sensitive call, this paper uses symbolic execution as reference on the base of stream tracing, constraint solves execution routes with sensitive calls according to SDIL semantic description. Analysis path is optimized during stream tracing and symbolic computation according to analysis features of malicious code control stream. So the path explosion problem in symbolic execution can be eased and the background behaviors with trigger conditions can be finally solved, and the whole process of background behavior execution will be showed. Experiments showed that background behaviors of mobile application can be effectively analyzed by this method and unknown mobile malicious applications that can’t be found out by traditional feature detection methods can be discovered.3. To solve the analysis and classification problem of mobile application behavior sequences, this paper starts with the idea of anomaly detection in traditional intrusion detection. Hidden Markov Model (HMM) in machine learning and Support Vector Machine (SVM) are combined to build model. The HMMs-SVM based application behavior classification method is proposed in this paper, which takes dynamic behavior sequences as key features and builds model for behaviors like network access, data read and hardware resource access. This model takes the advantages of both HMM and SVM and overcomes the shortcomings of them, which is suitable for behavior classification after extracting the continuous dynamic behavior feature sequences. Abnormal behaviors during application execution process can be found actively in time using this model so as to discover unknown application with modeled behavior or variant of modeled program. Experiments showed that this method has high accuracy and can effectively capture the abnormal behaviors in applications and further categorize applications according to types of damages.4. Mobile applications are facing a variety of security issues, especially android applications, which are easily to be tampered and repacked. In order to save developers’investment in software security, this paper proposes a mobile platform suitable software protection framework based on traditional software protection technology. This framework developed a set of custom applications loader for android system by reverse analyzing system source code. This applications loader can be released at runtime and load data into memory to prevent attacker getting protected data. At the same time, according to the limit computing and storage resource of smart phone, the white box AES algorithm is introduced to solve the secret key protection problem during encryption and decryption process, thus improve the efficiency of encryption and decryption operations. The proposed mobile application protection framework solves the problem that traditional software protection technology can be easily bypassed on the mobile platform and application protection platform based on signature mechanism. Combined confuse algorithm with traditional protection methods like anti-debug and verification, the difficulty of protection data analysis is increased, mobile applications can be effectively protected from being tampered. |
PDF Full Text Request