Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们 横山亮次奖 百年刊庆
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  横山亮次奖  |  百年刊庆
清华大学学报(自然科学版)  2017, Vol. 57 Issue (11): 1139-1144    DOI: 10.16511/j.cnki.qhdxxb.2017.26.057
  计算机科学与技术 本期目录 | 过刊浏览 | 高级检索 |
基于API调用分析的Android应用行为意图推测
沈科1, 叶晓俊1, 刘孝男2, 李斌2
1. 清华大学 软件学院, 北京 100084;
2. 中国信息安全测评中心, 北京 100085
Android App behavior-intent inference based on API usage analysis
SHEN Ke1, YE Xiaojun1, LIU Xiaonan2, LI Bin2
1. School of Software, Tsinghua University, Beijing 100084, China;
2. China Information Technology Security Evaluation Center, Beijing 100085, China
全文: PDF(3377 KB)  
输出: BibTeX | EndNote (RIS)      
摘要 围绕移动应用程序的用户行为意图分析,结合后台应用程序接口(application program interface,API)调用和前台应用图形用户界面(graphic user interface,GUI)状态,该文提出一种在移动应用(App)运行时产生的多元时间序列数据上识别应用行为模式的方法,给出一个包括Android应用程序静态预处理、动态监控运行和行为意图推测3阶段的不良应用程序用户行为推测框架。介绍了基于Android平台API调用分析的应用行为意图动态推测系统原型实现技术,选取代表性应用案例验证了该文提出的不良行为模式识别算法的有效性,并通过实际应用剖析了基于API调用分析推测用户行为的实用性。
服务
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章
沈科
叶晓俊
刘孝男
李斌
关键词 数据安全Android应用应用编程接口(API)调用程序行为动态分析    
Abstract:An application behavior intention analysis is presented which analyzes the application program interface (API) usage in the background and the graphic user interface (GUI) state transitions in the foreground of the target App with behavior pattern recognition of the multivariate time series data at runtime. An API usage analysis based behavior intent inferring prototype was developed for Android Apps with static preprocessing, dynamic monitoring and behavior intent inference. This paper examines the effectiveness of the prototype on typical mobile Apps via case studies and validates the practicability and operability of the approach through real-world App profiling.
Key wordsdata security    Android application    API usage    application behavior    dynamic analysis
收稿日期: 2016-12-10      出版日期: 2017-11-15
ZTFLH:  TP309.2  
通讯作者: 叶晓俊,教授,E-mail:yexj@tsinghua.edu.cn     E-mail: yexj@tsinghua.edu.cn
引用本文:   
沈科, 叶晓俊, 刘孝男, 李斌. 基于API调用分析的Android应用行为意图推测[J]. 清华大学学报(自然科学版), 2017, 57(11): 1139-1144.
SHEN Ke, YE Xiaojun, LIU Xiaonan, LI Bin. Android App behavior-intent inference based on API usage analysis. Journal of Tsinghua University(Science and Technology), 2017, 57(11): 1139-1144.
链接本文:  
http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2017.26.057  或          http://jst.tsinghuajournals.com/CN/Y2017/V57/I11/1139
  图1 静态分析预处理流程
  表1 DexClassLoader构造函数的污点植入
  图2 动态监测运行示意图
  图3 时间序列数据处理算法
  图4 游离性API调用行为发现算法
  图5 案例应用运行时行为推测数据可视化
  表2 手机支付宝运行时行为推测数据可视化
[1] Arzt S, Rasthofer S, Fritz C, et al. Flowdroid:Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps[J]. ACM SIGPLAN Notices, 2014, 49(6):259-269.
[2] Li L, Bartel A, Bissyande T F, et al. Iccta:Detecting inter-component privacy leaks in Android Apps[C]//Proceedings of the 37th ICSE. Florence, Italy:IEEE, 2015:280-291.
[3] Wei F, Roy S, Ou X, et al. Amandroid:A precise and general inter-component data flow analysis framework for security vetting of Android Apps[C]//Proceedings of the 2014 ACM SIGSAC. Scottsdale, AZ, USA:ACM, 2014:1329-1341.
[4] Yang Z, Yang M, Zhang Y, et al. Appintent:Analyzing sensitive data transmission in Android for privacy leakage detection[C]//Proceedings of the SIGSAC. Berlin, German, 2013:1043-1054.
[5] Huang J, Zhang X, Tan L, et al. AsDroid:Detecting stealthy behaviors in Android applications by user interface and program behavior contradiction[C]//Proceedings of the 36th ICSE. Hyderabad, India:ACM, 2014:1036-1046.
[6] Bayer U, Comparetti P M, Hlauschek C, et al. Scalable, behavior-based malware clustering[C]//Network and Distributed System Security Symposium. San Diego, CA, USA:NDSS, 2009:8-11.
[7] Burguera I, Zurutuza U, Nadjm-Tehrani S. Crowdroid:Behavior-based malware detection system for Android[C]//Proceedings of the Security and Privacy in Smartphones and Mobile Devices. Chicago, IL USA:ACM, 2011:15-26.
[8] Jang J W, Yun J, Woo J, et al. Android-profiler:Anti-malware system based on behavior profiling of mobile malware[C]//Proceedings of the 23rd WWW. Seoul, Korea:2014:737-738.
[9] Yan L K, Yin H. Droidscope:Seamlessly reconstructing the os and dalvik semantic views for dynamic Android malware analysis[C]//USENIX Security Symposium. Bellevue, WA, USA:2012:569-584.
[10] Lantz P. Droidbox:Dynamic analysis of Android Apps[EB/OL].[2017-04-24]. https://github.com/pjlantz/droidbox.
[11] Hamilton J D. Time Series Analysis[M]. Princeton:Princeton University Press, 1994.
[12] Winsniewski R, Tumbleson C. Apktool[EB/OL].[2017-04-24]. http://ibotpeaches.github.io/Apktool/.
[13] Zheng M, Sun M, Lui J. Droidtrace:A ptrace based Android dynamic analysis system with forward ution capability[C]//Proceeding of the IWCMC. Jersey City, NJ, USA:IEEE, 2014:128-133.
[14] Roberts J M. Virusshare[EB/OL].[2017-04-24]. https://virusshare.com/.
[1] 方勇, 刘道胜, 黄诚. 基于层次聚类的虚假用户检测[J]. 清华大学学报(自然科学版), 2017, 57(6): 620-624.
[2] 韩心慧, 丁怡婧, 王东祺, 黎桐辛, 叶志远. Android恶意广告威胁分析与检测技术[J]. 清华大学学报(自然科学版), 2016, 56(5): 468-477.
[3] 李舟军, 吴春明, 王啸. 基于沙盒的Android应用风险行为分析与评估[J]. 清华大学学报(自然科学版), 2016, 56(5): 453-460.
[4] 董国伟, 王眉林, 邵帅, 朱龙华. 基于特征匹配的Android应用漏洞分析框架[J]. 清华大学学报(自然科学版), 2016, 56(5): 461-467.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
版权所有 © 《清华大学学报(自然科学版)》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn