Several Key Issues Of Security Analysis Of Intelligent Terminal Application

With more and more tasks processed on smartphones,more and more privacy data stored in phones.This private data includes bank card information,contact information,scheduling,browsing history and emails,etc.Currently,the Android operating system in smartphones occupies the highest market share.Developers leverage the openness and scalability of the Android platform to release millions of applications in different application markets to meet user needs.At the same time,sensitive data stored in smartphones attracts a large amount of malicious attacks.In recent years,Android malware has been growing rapidly and becoming more and more sophisticated,and leading to Android user rights to be greatly challenged.Typical security threats include privacy leakage,financial charge,remote control,repackaging,privilege escalation and component hijacking,etc.Based on the in-depth research of existing Android security researches,this thesis finds that there exist critical security flaws in the current information flow security analysis methods and malware detection methods for Android applications: firstly,existing information flow analysis methods can hardly distinguish malicious privacy collection from benign sensitive data usage,which affects the accuracy of malicious privacy leakage detection;secondly,existing machine learning-based malware detection methods train detection models from known benign and malicious applications,and thus cannot effectively identify new type of malwares that are very different from known malicious behaviors;thirdly,Android malware is being more and more sophisticated and widely adopts code obfuscation techniques,such as bytecode encryption,reflection and dynamic loading,etc.,which makes existing static analysis methods invalid,and it is necessary to research on malware detection methods based on dynamic behavior.Aiming at solving the above problems,this thesis proposes an abnormal information leakage behavior detection method based on sensitive data propagation path,a new malware identification method based on critical data flow and a dynamic malware detection method based on Stacking model.The main research contributions are as follows:(1)Aiming at the inability of existing information flow analysis methods to distinguish malicious privacy collection from benign sensitive data usage,this thesis proposes an abnormal information leakage behavior detection method based on sensitive data propagation path.This method adopts an abnormal information leakage behavior detection method to detect privacy collection behavior in malware.Through analysis and comparison,this thesis finds and verifies the universality of frequency difference of sensitive data propagation paths between benign and malware,and then proposes an algorithm RValue Cal based on frequency difference.This algorithm could automatically calculates risk weights for each sensitive data propagation paths,and these weights can be used to guide the identification of unusually information leakage behavior in malware.This thesis firstly discovers that frequencies of sensitive data propagation paths can affect the detection accuracy of malware.The experimental results show that RValue Cal algorithm increases the difference between malicious and benign applications,and then improves the malware detection accuracy of Mud Flow by6.54%.(2)Aiming at the problem that the existing mainstream machine learning-based malware detection methods train detection models from known benign and malicious applications,which cannot effectively identify new type of malwares that are very different from known malicious behaviors,this thesis proposes a new malware identification method based on critical data flow.This method adopts an anomaly detection algorithm to train the detection model from sensitive data flows of benign applications,which can implement the identification of novel malware based on its abnormal data flows.This thesis finds that sensitive data flows are unevenly distributed in benign and malicious applications,and then,based on distribution difference,proposes a feature selection algorithm CFlow Sel to select critical data flows.The experimental results show that the performance of CFlow Sel algorithm is superior to existing feature selection algorithms Mutual Information and Chi-Square,and the malware detection rate of Mud Flow is increased by 9.07%.(3)Aiming at the problem that Android malware is being more and more sophisticated and widely adopts code obfuscation techniques,such as bytecode encryption,reflection and dynamic loading,etc.,which makes existing static analysis methods invalid,this thesis proposes a dynamic malware detection method En Droid based on ensemble learning.This method implements fine-grained dynamic analysis to accurately characterize application behaviors,and alleviates the threat of code obfuscation techniques.The dynamic analysis covers system calls trace and common application-level malicious behaviors,such as privacy theft,system event monitoring,financial charge,code encryption and dynamic loading,etc.En Droid adopts feature selection algorithms to remove redundant or irrelevant features to extract critical behavior features,in addition these critical features contribute to the identification of risk behaviors among actual applications.Base on existing ensemble learning algorithms,En Droid designs a Stacking model which adopts meta-classifier to combine different types of base classifiers on the basis of their performance differences,and then improves the generalization ability of existing models.The experimental results show that En Droid achieves97.61% malware detection rate and 94.50% malware family classification accuracy rate,and its detection accuracy is higher than the existing dynamic detection method Maline by5.33%.