DroidBet：事件驱动的Android应用网络行为的自动检测系统

魏松杰; 吴高翔; 罗娜; 时召伟; 周紫阳

doi:10.11959/j.issn.1000-436x.2017103

您当前的位置：

首页 >

文章列表页 >

DroidBet：事件驱动的Android应用网络行为的自动检测系统

学术论文 | 更新时间：2024-06-05

- DroidBet：事件驱动的Android应用网络行为的自动检测系统
- DroidBet:event-driven automatic detection of network behaviors for Android applications
- 通信学报 2017年38卷第5期页码：84-95
- 作者机构：
  
  南京理工大学计算机科学与工程学院，江苏南京 210094
- 作者简介：
  
  [ "魏松杰（1977-），男，江苏南京人，南京理工大学副教授，主要研究方向为信息安全、无线网络与移动计算、智能计算与云计算等。" ]
  [ "吴高翔（1990-），男，江西高安人，南京理工大学硕士生，主要研究方向为信息安全、移动互联网安全。" ]
  [ "罗娜（1992-），女，福建福州人，南京理工大学硕士生，主要研究方向为信息安全、移动互联网安全。" ]
  [ "时召伟（1992-），男，江苏南通人，南京理工大学硕士生，主要研究方向为信息安全、移动互联网安全。" ]
  [ "周紫阳（1986-），男，江苏南京人，南京理工大学硕士生，主要研究方向为信息安全、移动互联网安全。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61472189)
- DOI：10.11959/j.issn.1000-436x.2017103
  中图分类号： TP393
- 网络出版日期：2017-05，
  
  纸质出版日期：2017-05-25
- 稿件说明：
移动端阅览
魏松杰, 吴高翔, 罗娜, 等. DroidBet：事件驱动的Android应用网络行为的自动检测系统[J]. 通信学报, 2017,38(5):84-95.

Song-jie WEI, Gao-xiang WU, Na LUO, et al. DroidBet:event-driven automatic detection of network behaviors for Android applications[J]. Journal on communications, 2017, 38(5): 84-95.
魏松杰, 吴高翔, 罗娜, 等. DroidBet：事件驱动的Android应用网络行为的自动检测系统[J]. 通信学报, 2017,38(5):84-95. DOI： 10.11959/j.issn.1000-436x.2017103.

Song-jie WEI, Gao-xiang WU, Na LUO, et al. DroidBet:event-driven automatic detection of network behaviors for Android applications[J]. Journal on communications, 2017, 38(5): 84-95. DOI： 10.11959/j.issn.1000-436x.2017103.

摘要

多数Android应用需要通过连入互联网与外界进行通信，所有与网络相关的活动都涉及网络流量，通过分析建模Android应用的网络流量，可以一定程度上掌握Android应用的网络行为。因此，设计了一个事件驱动的网络行为自动检测系统DroidBet，来对Android应用进行自动测试评估。首先，建立一个场景模拟事件库，用来模拟应用程序运行过程中可能执行的事件，从而尽可能地触发应用程序的网络行为；然后，自动生成基于状态转移分析方法的测试序列，同时对应用程序测试过程中的网络行为进行动态收集；最后，采用机器学习方法对收集到的网络行为进行学习、训练，生成基于BP神经网络的网络行为模型，实现对未知的Android应用的行为检测。实验结果表明，DroidBet能够有效地触发并提取应用程序的网络行为，并具有准确度高、系统资源开销低等优点。

Abstract

The most Android applications connect to Internet to communicate with the outside world.Applications’ network-related activities were reflected and described with network traffic.By analyzing and modeling network traffic of Android applications

network behaviors of Android applications could be subsequently characterized.Therefore

DroidBet:an event-driven network behavior automatic detection system was presented

to test and evaluate Android applications automatically.Firstly

a scenario simulation event library was built to simulate the events that applications may be executed in the process

so as to trigger the network behavior of the application as much as possible.Then

the test sequence based on the state transition analysis method was automatically generated

and the network behavior was dynamically collected during the application testing process.Finally

the machine learning method was used to learn and train the collected network behavior

and the network behavior model based on BP neural network was generated to detect the behavior of the unknown Android application.The experimental results show that DroidBet can effectively trigger and extract the network behavior of the application

which has the advantages of high accuracy and low resource cost.

关键词

Keywords

references

SORONCHO M F M , CHERUIYOT W , KIMANI S . Framework for vetting and identifying emulated Android mobile apps [J ] . International Journal of Computer (IJC) , 2016 , 23 ( 1 ): 35 - 41 .

陈宏伟 , 熊焰 , 黄文超 , 等 . 基于关联分析的 Android 权限滥用攻击检测系统 [J ] . 计算机系统应用 , 2016 , 25 ( 4 ): 36 - 42 .

CHEN H W , XIONG Y , HUANG W C , et al . Association analysis based detection system for Android permission abuse attacks [J ] . Computer Systems ＆ Applications , 2016 , 25 ( 4 ): 36 - 42 .

BOWMAN-AMUAH M K . System,method and article of manufacture for security management in a development architecture framework:U.S.Patent 6,324,647 [P ] . 2001 - 11 - 27

TAYLOR V F , MARTINOVIC I . To update or not to update:insights from a two-year study of Android app evolution [C ] // The 2017 ACM on Asia Conference on Computer and Communications Security . ACM , 2017 : 45 - 57 .

杨欢 , 张玉清 , 胡予濮 , 等 . 基于多类特征的Android应用恶意行为检测系统 [J ] . 计算机学报 , 2014 , 37 ( 01 ): 15 - 27 .

YANG H , ZHANG Y Q , HU Y P , et al . A malware behavior detection system of android application based on multi-class features [J ] . Chinese Journal of Computers , 2014 , 37 ( 01 ): 15 - 27 .

SUI A F , GUO D F , GUO T , et al . Network behavior based mobile virus detection [C ] // IEEE,International Conference on Communication Technology . 2012 : 872 - 876 .

KIM J , YI K , et al . SCANDal:static analyzer for detecting privacy leaks in Android applications [J ] . Mobile Security Technologies , 2012 , 12 .

LU L , LI Z , WU Z , et al . CHEX:statically vetting Android apps for component hijacking vulnerabilities [C ] // The 2012 ACM Conference on Computer and Communications Security . ACM , 2012 : 229 - 240 .

FUCHS A P , CHAUDHURI A , FOSTER J S . Scandroid:automated security certification of Android [R ] . 2009 .

SHABTAI A , KANONOV U , ELOVICI Y , et al . “Andromaly”:a behavioral malware detection framework for Android devices [J ] . Journal of Intelligent Information Systems , 2012 , 38 ( 1 ): 161 - 190 .

BURGUERA I , ZURUTUZA U , NADJM-TEHRANI S . Crowdroid:behavior based malware detection system for Android [C ] // The 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices . ACM , 2011 : 15 - 26 .

DINI G , MARTINELLI F , SARACINO A , et al . MADAM:a multi-level anomaly detector for Android malware [C ] // International Conference on Mathematical Methods,Models,and Architectures for Computer Network Security . Springer Berlin Heidelberg , 2012 : 240 - 253 .

MAO C H , JENG A B , Lee H M , et al . Android malware detection via a latent network behavior analysis [C ] // IEEE,International Conference on Trust,Security and Privacy in Computing and Communications . IEEE , 2012 : 1251 - 1258 .

卿斯汉 , 蒋建春 , 马恒太 , 等 . 入侵检测技术研究综述 [J ] . 通信学报 , 2004 , 25 ( 7 ): 19 - 29 .

QING S H , JIANG J C , MA H T , et al . Research on intrusion detection techniques：a survey [J ] . Journal on Communications , 2004 , 25 ( 7 ): 19 - 29 .

KRÜGEL C , TOTH T , KIRDA E . Service specific anomaly detection for network intrusion detection [C ] // The 2002 ACM Symposium on Applied Computing . ACM , 2002 : 201 - 208

ZHOU Y , JIANG X . Dissecting Android malware:characterization and evolution [C ] // Security and Privacy (SP),2012 IEEE Symposium on . IEEE , 2012 : 95 - 109 .

ALAZAB M , MOONSAMY V , BATTEN L , et al . Analysis of malicious and benign Android applications [C ] // Distributed Computing Systems Workshops (ICDCSW),32nd International Conference on IEEE , 2012 : 608 - 616 .

CHIN E , FELT A P , GREENWOOD K , et al . Analyzing inter-application communication in Android [C ] // International Conference on Mobile Systems,Applications,and Services . ACM , 2011 : 239 - 252 .

BURGUERA I , ZURUTUZA U,NADJM-TEHRANI S . Crowdroid:behavior-based malware detection system for Android [C ] // ACM Workshop on Security and Privacy in Smartphones and Mobile Devices . ACM , 2011 : 15 - 26 .

李舟军 , 吴春明 , 王啸 . 基于沙盒的 Android 应用风险行为的分析与评估 [J ] . 清华大学学报 , 2016 , 56 ( 5 ): 453 - 460 .

LI Z J , WU C M , WANG X . Assessment of Android application's risk behavior based on a sandbox system [J ] . Journal of Tsinghua University (Science and Technology) , 2016 , 56 ( 5 ): 453 - 460 .

BLÄSING T , BATYUK L , SCHMIDT A D , et al . An Android application sandbox system for suspicious software detection [C ] // International Conference on Malicious and Unwanted Software . IEEE , 2010 : 55 - 62 .

JANG J , YUN J , MOHAISEN A , et al . Detecting and classifying method based on similarity matching of Android malware behavior with profile [J ] . SpringerPlus , 2016 , 5 ( 1 ).

浏览量

1982

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

Android设备中基于流量特征的隐私泄露评估方案

基于大数据和物联网的空气质量预测监测研究

基于多层SimHash的Android恶意应用程序检测方法

基于BP神经网络的Wi-Fi安全评价模型的研究

Android智能终端安全综述