| With the increasing popularity of mobile devices,a variety of mobile applications provide users with great convenience,the consequent threat of mobile application threats also exposes users to various kinds of security risks,such as privacy theft,malicious deduction,extortion,etc.Faced with millions of mobile applications today,an important issue to consider is how to ensure the security of mobile applications,in particular,one wishes to detect whether an application contains malicious behavior.However,this is often very challenging.On one hand,in order to resist the continuous development of automated analysis technology,attackers try to avoid these automated analysis by applying various evasive technologies(such as anti-analysis),so as to hide and execute malicious behavior as long as possible.These evasion technologies greatly increase the sophistication of malicious applications,making malicious behavior more hidden,and bring great challenges to the current automatic analysis and detection methods for malicious applications.On the other hand,with the continuous development of malicious applications,they usually disguise as legitimate applications and achieve corresponding malicious purposes by imitating normal application behavior,namely seemingly ”benign” malicious behavior.As a result,more information is often needed to distinguish between malicious and benign behaviors in mobile applications,which poses another challenge to the automated analysis and manual analysis of potential malicious applications.Aiming at the above challenges,in this thesis,we take Android applications as the research object,we propose three automation methods to enhance the ability of malicious behavior detection for mobile applications by using a variety of program analysis techniques.Specifically,(1).In order to solve the limitation that it is difficult for mobile applications privacy leak detection methods to justifiy its reasonablenes,we propose a method to justify the reasonableness of privacy leak in mobile applications based on program context,named PrivacyContext.Given a privacy disclosure,PrivacyContext can extract the prorgam context information of the process of this privacy disclosure,and accurately justify its reasonableness through classification,which can help analysts quickly detect and focus on potential malicious privacy leaks;(2).In order to deal with the anti-analysis commonly used in mobile malicious applications,we proposed an automated anti-analysis detection and taming method for mobile malicious applications,named Droid-AntiRM.Droid-AntiRM adopts symbolic data flow analysis to detect the potential anti-analysis in malware,and tame them through bytecode instrumentation,which can help dynamic analysis to detect more hidden malicious behaviors;(3).In order to further enhance the effectiveness and efficiency of current automated analysis methods,we propose a new hybrid analysis method for mobile applications,named DirectDroid.DirectDroid combines fuzzing and on-demand forced execution,and can bypass some complex condition checking in malware withoug numbers of complex constraints solving,which can help trigger the hidden sensitive behavior in mobile malicious applications more efficiently.Experimental results show that our proposed method can not only effectively improve the effectiveness of malicious behavior detection for current mobile malicious applications,but also provide sufficient objective evidence for further analysts' s manual analysis,which has strong research and practical use value. |
PDF Full Text Request