| With the rapid development of the mobile network,the sensor network and the internet of things,and moreover,the BYOD(Bring Your Own Device)office mode becoming more and more popular,the Android Apps installed on the mobile devices and intelligent terminal are widely used in the areas of national economy and people's livelihood,involving financial,taxation,industry and commerce,transportation,power,social networking,communications,and many other industries.How to guarantee the security of the Android Apps has become an important problem in the development of mobile network and the Internet of things.The security for the current mobile network fields is a concern,and constructing a model to analyze and detect software behaviors is an effective solution.However,the traditional security methods and technologies cannot be directly applied because of the dynamic characteristics of the mobile terminal,borderless,processing ability and the inherent characteristics such as limited capacity.Moreover,in order to improve the concurrent execution performance,the Android Apps widely used multithreading and inter-component communication,and that introduced a large number of uncertainties and security issues.The existing behavior modeling and detection techniques have some problems,such as how to accurately describe the interaction and concurrent characteristics and how to reduce the complexity of modeling.To address these problems,the main researches are as follows.Firstly,a software behavior formalization description and mapping mechanism based on the PiDroid process algebra is proposed,to solve the problem that the existing models cannot effectively describe the interaction and concurrent behavior characteristics for the Android Apps.Using the reverse analysis and code optimization techniques,the behavior characteristics are extracted by control flow and data flow analysis.The PiDroid for Android Apps behavior modeling characteristics are constructed by extending the Pi calculus,and on the basis of Pi Droid syntax semantic and process equivalence,the extracted behavior characteristics are formalized mapping,the corresponding relationship between software behaviors and semantic of PiDroid process algebra are constructed.That lay the software behavior formalization foundation.Secondly,a concurrent behavior analysis and detection method is proposed,to solve the problem that the existing behavior detection models cannot effectively describe and detect the concurrent behaviors introduced by multi-threaded,event-driven and asynchronous dispatch in the Android Apps.The concurrent behavior mapping method is given,and the concurrent characteristics such as time-series,interaction,synchronization and mutex in the applications are formally described.The concurrent behavior calculus and transition rules are constructed,and the behavior detection algorithm is proposed by discussing concurrent behavior detection methods and steps according to these rules.The accuracy and efficiency of model is verified through theoretical analysis and experimental.Thirdly,an Android Apps inter-component communication behavior analysis and detection method is proposed through discussing deeply into the interactive problem introduced by the Android Apps inter-component communication mechanism.Through the analysis of data flow graph and data fact,the data dependency relationship is got.And tracking the control flow and data flow across component-boundaries,the inter-component communication model are constructed and formally mapped.Based on the model,the runtime sensitive path trigger algorithm is given,and the component hijacking attacks are detected by analyzing the Intent anomaly.Theoretical analysis and experiment demonstrates the effectiveness of the method.Finally,a uniform behavior detection model is constructed.The overall framework of the model,the behavior modeling and detection steps are given.Expanded application methods of the behavior detection model are illustrated by analyzing the case of privilege escalation attacks and discussing coping strategy. |
PDF Full Text Request