| With the popularity of mobile Internet,mobile devices play a vital role in peo-ple's daily activities.As the most popular operating system in mobile devices market,Android has become the main target of mobile malicious attacks,which leads to the proliferation of malicious behaviors in Android environment.Among all malicious be-haviors,privacy disclosure is the most common because of its huge economic benefits.Malicious applications will steal users' privacy data covertly and sell them to third par-ties for profit,resulting in huge loss of users' interests.Redundant network transmission is another common malicious behavior.Malicious applications can forge network trans-mission to ensure the activity of their own processes,or utilize the network to transmit secret data to disclose privacy.This kind of redundant network transmission can not provide meaningful services for users,on the contrary,it increases the consumption of equipment power and mobile traffic,and may even reveal users' privacy.The detection granularity of existing research on these two kinds of malicious behaviors is still rela-tively coarse,and it is difficult to identify such malicious behaviors accurately.In view of the above problems and challenges,the following research work has been carried out in this paper:1.Detection of privacy leaks in Android applications.We analyzed the behavioral patterns of privacy disclosure,and found that besides the context information of sensitive data stream starting and ending function pro-posed by traditional methods,the context information such as trigger condition,entry point function,intent and UI control of privacy disclosure behavior is also distinct from normal data usage.For example,in order to avoid detection,pri-vacy disclosure may use rare trigger conditions and entry point functions.This paper proposes a privacy leak detection scheme based on data stream context.Five kinds of context information are extracted as features by static analysis,and outlier detection algorithm based on K-means clustering is used to detect privacy leak behavior in Android applications.These five contextual features of data stream proposed in this paper can describe privacy disclosure behavior more ac-curately and improve detection accuracy.The outlier detection algorithm based on clustering avoids the shortage of malicious samples in traditional supervised learning detection methods.The experimental results on real applications show that the accuracy of the scheme is 86.49%.2.Redundant network transmission activitymission,or fictitious network transmission can enhance their own process priority detection in Android applications.Malicious applications may leak user privacy information through network trans-to achieve the purpose of survival and killing.This kind of redundant network transmission can not provide meaningful services for users,on the contrary,it in-creases the consumption of equipment power and mobile traffic,and even leads to the leakage of user privacy.In this paper,an Android redundancy network transmission detection scheme is proposed,which identifies the status of network transmission activity by the transmission rate,associated files and other charac-teristics,so as to judge whether the network transmission is redundant or not.The recognition process of redundant network transmission activities does not depend on the information of the specific network protocol stack.The experimental re-sults show that the recognition accuracy of this scheme for redundant network transmission activities reaches 88.3%. |
PDF Full Text Request