Study On Android Platform Privilege Escalation Attack Protection Method

Android system with its open source characteristics, and soon became the highest market share of smart phone operating platform, but also attracted the attention of malicious attackers, security issues become increasingly prominent. Therefore, the research on the malicious behavior detection is very important. The traditional security protection method only for a single application form of protection, and can not have a good protective effect to the malicious application logic, such as privilege escalation attack.In view of the present situation of the research on Android security protection, this paper introduces the attack graph model to the Android security protection method. Using the attack graph, intuitively show the risk between the components of Android applications.Through the PageRank algorithm to quantify the risk value of each node, and proposed a new algorithm based on multi path and sensitivity MPageRank. MPageRank has made two improvements to PageRank:(1) Usually adopt multiple paths, and an improved algorithm based on multi path GPageRank is proposed. Compared with the PageRank algorithm to evenly distribute the weight, according to a GPageRank algorithm of node, non uniform of different proportion of weight, the risk value of the right distribution nodes in the attack graph is more targeted. (2) on the basis of GPageRank algorithm, the improved algorithm based on multi path and sensing MPageRank is proposed.Different levels of sensitivity are given to different levels, which can reduce the interference of the risk value and improve the accuracy and credibility of the risk value. The proposed power attack graph is the core of the Android authority to enhance the attack defense model. By calculating the risk value of the sequence among the components, the call sequence with a higher risk is intercepted.Finally, through the Genymotion Android virtual machine equipment, verify the effectiveness of the security model, and the accuracy rate, false positive rate and false negative rate as the evaluation criteria, to test the performance of the three algorithms. The experimental results show that the risk value, through the calculation of MPageRank in accuracy, the rate of false positives and non-response rates three aspects were superior to other algorithms. Can to give better protection to the Android permission to promote attack.