Research On Security Checking On Mobile Intelligent Terminal Applications

As the vigorous development of mobile Internet,the mobile intelligent terminal devices are widely used in people's daily life.More and more malicious hackers take the mobile platform as attack target.Android operation system allows users to install applications from official application stores or other application markets.Decentralized application distribution channels and imperfect security mechanisms may cause security problems on Android platforms.A variety of attack means exploit malicious applications to lunch attacks.The security of Android applications should be in-depth study.This dissertation focuses on the Android application security and protection,and studies a number of security issues for Android applications.First of all,the extensive usage of third-party libraries provides a variety of advanced features to promote the rapid development of applications,while brings a security risk to users.Malicious application developers can forge and inject malicious code into third-party libraries.Due to the widespread usage of code protection techniques such as code obfuscation,it is difficult to detect abnormal third-party libraries.In this dissertation,we observed that libraries are widely used in applications.We proposed a method that combines name-based and feature-based library detection method to discover library instances.In addition,we treat every class file as a term in a third-party library,and then we propose a method based on frequent pattern outlier factor to analyze the protential abnormal libraries.Secondly,as the functions of applications become more and more complex,the number of permissions required by applications is gradually increasing.It is difficult to efficiently distinguish between malicious and normal applications by leveraging permissions.To improve accuracy of machine learing based malware detection methods,not only application permissions but also other vector features should be used in malware dectction.Comparing with benign applications,malicious applications not only request dangerous Android permissions,but also monitor many system event messages.Malicious applications leverage system events to tigger their malicious components.In this dissertation,we used experiments to find the differences between benign applications and malicious applications.In additional,we used two machine learning methods and three feature vector sets to detect malicious applications.Our experimental results show that taking permissions and events as feature vectors can effectively improve the accuracy of machine learning based malware detection.Thirdly,as a smartphone is a privacy-intensive device,various applications have been found using privacy information.Although several tools were developed to discovery privacy leakage in Android applications,they cannot explain why an application needs privacy information.It needs an automatic method to decide which applications are eligible to using privacy information.This dissertation presents a case-based reasoning approach to analyzing privacy problems with applications.We designed a privacy case reasoning engine.It can analyze the legitimacy of the privacy usage,and effectively identify the potential malicious privacy disclosure in applications.Finally,users usually install multiple applications on the smart devices.Applications can provide services to users not only through a single application,but also through collaboration between multiple applications.However,malicious applications can use this feature to initiate privilege escalation attacks.Therefore,we need to analyze the security issue of multi-application coexistence.In this dissertation,we leverage frequent pattern mining to discover application usage pattern.The pattern indicates that users likely to install applications on the same device at the same time.Inter-application communication is used to effective filter interesting application usage patterns.We analyze the risk of multi-application coexistence and introduce the knapsack problem solving the problem.We propose a reasonable way to solve security of the multiple applications coexistence by finding reasonable security isolation methods.