| The Android system is currently the most widely used smart terminal system,with a huge and rich application ecosystem.People’s production and life have been deeply bound with Android applications.What follows is the growing risk of privacy leakage.Many facts and studies have shown that there is a risk of privacy leakage in the process of Android applications processing sensitive data such as device identification and location location.Governments of various countries have successively issued corresponding laws to address these issues.regulations.However,since some sensitive data is necessary for the application to provide functions,the collection of sensitive data cannot be simply judged as a privacy leakage behavior,so distinguishing between normal service provision behavior and malicious privacy leakage behavior becomes the basis for judging the legitimacy of application behavior.In this regard,in order to judge the motivation of application behavior and discover the logical relationship behind the application behavior,this paper designs and implements an analysis system for sensitive information processing behavior of Android applications.The results of this work are mainly divided into the following three aspects:1.Introduce the application call graph information into the analysis of application dynamic behavior logs.The specific method of analysis is to restore a certain length of application method call chain based on the call stack information in the application behavior log,and then perform subgraph isomorphic matching with the call graph obtained by static analysis,and the matched isomorphic subgraph The graph can be used to guide further analysis of the behavior log and discover the logical relationship between method calls in the log.2.According to the idea in 1,this paper researches and customizes the existing static analysis tools and dynamic detection methods.On the one hand,the application call graph obtained by the static analysis tool is split,filtered,and reorganized to obtain an easy-to-analyze call subgraph centered on sensitive data processing methods;on the other hand,the sensitive information API provided by the Android system and The key functions of the ART virtual machine are instrumented,and a dynamic behavior analysis environment for Android applications is built based on the customized Android system.The application behavior log is recorded when the application is running,and the method call records involving sensitive information are screened out by setting rules.The recorded logs generate call chains based locally on the call stack.So far,the dynamic and static analysis results have been successfully abstracted into a graph structure.3.The existing subgraph matching algorithms are investigated and compared.According to the characteristics of the call graph and call chain matching problems to be solved in this paper,suitable alternative algorithms are screened out,and the VF2 algorithm is further optimized.Finally,an experiment is designed to compare the algorithm efficiency.The results show that the improved VF2 algorithm has the best matching efficiency when solving the problems in this paper,and can be used as the core algorithm of the automatic matching system.4.Based on the above work,this paper implements a set of privacy leakage analysis system for Android application behavior logs,and designs experiments to test the system’s detection capabilities,anti-detection and confrontation capabilities,and performance overhead.Popular applications are detected and analyzed.Finally,the test results show that the system implemented in this paper can successfully restore the context relationship between method call records on the basis of capturing a large number of sensitive information usage behaviors,which proves that the system can discover the behavior motivation of the application through automatic analysis of dynamic and static test results,which objectively plays the role of supplementing and partially replacing the manual analysis process. |
PDF Full Text Request