围绕移动应用程序的用户行为意图分析,结合后台应用程序接口(application program interface,API)调用和前台应用图形用户界面(graphic user interface,GUI)状态,该文提出一种在移动应用(App)运行时产生的多元时间序列数据上识别应用行为模式的方法,给出一个包括Android应用程序静态预处理、动态监控运行和行为意图推测3阶段的不良应用程序用户行为推测框架。介绍了基于Android平台API调用分析的应用行为意图动态推测系统原型实现技术,选取代表性应用案例验证了该文提出的不良行为模式识别算法的有效性,并通过实际应用剖析了基于API调用分析推测用户行为的实用性。
Abstract
An application behavior intention analysis is presented which analyzes the application program interface (API) usage in the background and the graphic user interface (GUI) state transitions in the foreground of the target App with behavior pattern recognition of the multivariate time series data at runtime. An API usage analysis based behavior intent inferring prototype was developed for Android Apps with static preprocessing, dynamic monitoring and behavior intent inference. This paper examines the effectiveness of the prototype on typical mobile Apps via case studies and validates the practicability and operability of the approach through real-world App profiling.
关键词
数据安全 /
Android应用 /
应用编程接口(API)调用 /
程序行为 /
动态分析
Key words
data security /
Android application /
API usage /
application behavior /
dynamic analysis
{{custom_sec.title}}
{{custom_sec.title}}
{{custom_sec.content}}
参考文献
[1] Arzt S, Rasthofer S, Fritz C, et al. Flowdroid:Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps[J]. ACM SIGPLAN Notices, 2014, 49(6):259-269.[2] Li L, Bartel A, Bissyande T F, et al. Iccta:Detecting inter-component privacy leaks in Android Apps[C]//Proceedings of the 37th ICSE. Florence, Italy:IEEE, 2015:280-291.[3] Wei F, Roy S, Ou X, et al. Amandroid:A precise and general inter-component data flow analysis framework for security vetting of Android Apps[C]//Proceedings of the 2014 ACM SIGSAC. Scottsdale, AZ, USA:ACM, 2014:1329-1341.[4] Yang Z, Yang M, Zhang Y, et al. Appintent:Analyzing sensitive data transmission in Android for privacy leakage detection[C]//Proceedings of the SIGSAC. Berlin, German, 2013:1043-1054.[5] Huang J, Zhang X, Tan L, et al. AsDroid:Detecting stealthy behaviors in Android applications by user interface and program behavior contradiction[C]//Proceedings of the 36th ICSE. Hyderabad, India:ACM, 2014:1036-1046.[6] Bayer U, Comparetti P M, Hlauschek C, et al. Scalable, behavior-based malware clustering[C]//Network and Distributed System Security Symposium. San Diego, CA, USA:NDSS, 2009:8-11.[7] Burguera I, Zurutuza U, Nadjm-Tehrani S. Crowdroid:Behavior-based malware detection system for Android[C]//Proceedings of the Security and Privacy in Smartphones and Mobile Devices. Chicago, IL USA:ACM, 2011:15-26.[8] Jang J W, Yun J, Woo J, et al. Android-profiler:Anti-malware system based on behavior profiling of mobile malware[C]//Proceedings of the 23rd WWW. Seoul, Korea:2014:737-738.[9] Yan L K, Yin H. Droidscope:Seamlessly reconstructing the os and dalvik semantic views for dynamic Android malware analysis[C]//USENIX Security Symposium. Bellevue, WA, USA:2012:569-584.[10] Lantz P. Droidbox:Dynamic analysis of Android Apps[EB/OL].[2017-04-24]. https://github.com/pjlantz/droidbox.[11] Hamilton J D. Time Series Analysis[M]. Princeton:Princeton University Press, 1994.[12] Winsniewski R, Tumbleson C. Apktool[EB/OL].[2017-04-24]. http://ibotpeaches.github.io/Apktool/.[13] Zheng M, Sun M, Lui J. Droidtrace:A ptrace based Android dynamic analysis system with forward ution capability[C]//Proceeding of the IWCMC. Jersey City, NJ, USA:IEEE, 2014:128-133.[14] Roberts J M. Virusshare[EB/OL].[2017-04-24]. https://virusshare.com/.
PDF(3377 KB)
