Android恶意应用HTTP行为特征生成与提取方法

罗亚玲; 黎文伟; 苏欣

doi:10.11959/j.issn.1000-0801.2016222

您当前的位置：

首页 >

文章列表页 >

Android恶意应用HTTP行为特征生成与提取方法

运营技术广角 | 更新时间：2024-06-05

- Android恶意应用HTTP行为特征生成与提取方法
- HTTP behavior characteristics generation and extraction approach for Android malware
- 电信科学 2016年32卷第8期页码：136-145
- 作者机构：
  
  1. 广东松山职业技术学院计算机系，广东韶关 512126
  2. 湖南大学信息科学与工程学院，湖南长沙 410082
  3. 湖南警察学院网络侦查技术湖南省重点实验室，湖南长沙 410138
- 作者简介：
  
  [ "罗亚玲（1977-），女，广东松山职业技术学院讲师，主要研究方向为 Web 开发与研究、移动应用。" ]
  [ "黎文伟（1975-），男，博士，湖南大学信息科学与工程学院副教授，主要研究方向为可信系统与网络、网络测试。" ]
  [ "苏欣（1983-），男，湖南大学信息科学与工程学院博士生，主要研究方向为移动应用安全、移动互联网大数据挖掘。" ]
- 基金信息：
  
  国家自然科学基金资助项目;The National Natural Science Foundation of China(61173168);国家自然科学基金资助项目;The National Natural Science Foundation of China(61471169);广东省教育厅资助项目粤教高函;Foundation of the Education Department of Guangdong Province of China([2012]54-A12);网络犯罪侦查湖南省普通高等学校重点实验室开放研究基金资助项目;The Open Research Fund of Key Laboratory of Network Crime Investigation of Hunan Provincial Colleges(2016WLFZZC008)
- DOI：10.11959/j.issn.1000-0801.2016222
  中图分类号： TP393.08
- 网络出版日期：2016-08，
  
  纸质出版日期：2016-08-20
- 稿件说明：
移动端阅览
罗亚玲, 黎文伟, 苏欣. Android恶意应用HTTP行为特征生成与提取方法[J]. 电信科学, 2016,32(8):136-145.

Yaling LUO, Wenwei LI, Xin SU. HTTP behavior characteristics generation and extraction approach for Android malware[J]. Telecommunications science, 2016, 32(8): 136-145.
罗亚玲, 黎文伟, 苏欣. Android恶意应用HTTP行为特征生成与提取方法[J]. 电信科学, 2016,32(8):136-145. DOI： 10.11959/j.issn.1000-0801.2016222.

Yaling LUO, Wenwei LI, Xin SU. HTTP behavior characteristics generation and extraction approach for Android malware[J]. Telecommunications science, 2016, 32(8): 136-145. DOI： 10.11959/j.issn.1000-0801.2016222.

摘要

Android恶意应用数量的不断增加不仅严重危害Android市场安全，同时也为Android恶意应用检测工作带来挑战。设计了一种基于HTTP流量的Android恶意应用行为生成与特征自动提取方法。该方法首先使用自动方式执行恶意应用，采集所生成的网络流量。然后从所生成的网络流量中提取基于HTTP的行为特征。最后将得到的网络行为特征用于恶意应用检测。实验结果表明，所设计的方法可以有效地提取Android恶意应用行为特征，并可以准确地识别Android恶意应用。

Abstract

Growing of Android malware，not only seriously endangered the security of the Android market，but also brings challenges for detection.A generation and extraction approach of automatic Android malware behavioral signatures was proposed based on HTTP traffic.Firstly，the behavioral signatures were extracted from the traffic traces generated by Android malware.Then，network behavioral characteristics were extracted from the generated network traffic.Finally，these behavioral signatures were used to detect Android malware.The experimental results show that the approach is able to extract Android malware network traffic behavioral signature with accuracy and efficiency.

关键词

Keywords

references

上年国内在网活跃移动智能设备数量达到 8.99 亿 [EB/OL ] .[2016-04-25 ] . http://www.ce.cn/culture/whcyk/cysj/201601/18/t20160118_8352012.shtml http://www.ce.cn/culture/whcyk/cysj/201601/18/t20160118_8352012.shtml .

The number of online active smart devices reach 0.899 billion in first half of 2015 in China [EB/OL ] .[2016-04-25 ] . http://www.ce.cn/culture/whcyk/cysj/201601/18/t20160118_8352012.shtml http://www.ce.cn/culture/whcyk/cysj/201601/18/t20160118_8352012.shtml .

GRACE M , ZHOU Y , ZHANG Q , et al . RiskRanker:scalable and accurate zero-day Android malware detection [C ] // The 10th International Conference on Mobile Systems,Applications and Services(MobiSys 2012),April 5-11,2012 , San Diego,CA,USA . New York ： ACM Press , 2012 : 281 - 294 .

ARP D , SPREITZENBARTH M , HUBNER M , et al . Drebin:effective and explainable detection of Android malware in your pocket [C ] // Network and Distributed System Security Symposium(NDSS 2014),June 11-15,2014 , San Diego,CA,USA . Washington ： IEEE Computer Society , 2014 : 199 - 210 .

Linear SVM [EB/OL ] .[2016-04-25 ] . http://www.linearsvm.com http://www.linearsvm.com .

HAO S , LIU B , NATH S , et al . Programmable UI-automation for large-scale dynamic analysis of mobile apps [C ] // 12th International Conference on Mobile Systems,Applications and Services(MobiSys 2014),September 5-11,2014 , Bretton Woods,New Hampshire,USA . New York ： ACM Press , 2014 : 204 - 217 .

ENCK W , GILBERT P , CHUN B , et al . Taintdroid:an information-flow tracking system for realtime privacy monitoring on smartphones [C ] // 9th USENIX Conference on Operating Systems Design and Implementation,December 9-12,2010 , Vancouver,BC,Canada . New Jersey ： IEEE Press , 2010 : 1 - 6 .

Monkey [EB/OL ] .[2016-04-25 ] . http://developer.android.com/tools/help/monkey.html http://developer.android.com/tools/help/monkey.html .

WEI X , GOMEZ L , NEAMTIU I , et al . Profile droid:multilayer profilin g of android applications [C ] // 18th Annual International Conference on Mobile Computing and Networking(MobiCom 2012),June 11-15,2012 , Istanbul,Turkey . New York ： ACM Press , 2012 : 137 - 148 .

JIANG X , ZHOU Y . Dissecting android malware:Characterization and evolution [C ] // 2012 IEEE Symposium on Security and Privacy,May 20-23,2012 , San Francisco,USA . New Jersey ： IEEE Press , 2012 : 95 - 109 .

SU X , ZHANG D , DAI S , et al . Mobile traffic Identification based on applications network signature [J ] . International Journal of Embedded Systems , 2016 , 8 ( 2-3 ): 217 - 227 .

DAI S , TONGAONKAR A , WANG X , et al . Network profiler:Towards automatic fingerprinting of android apps [C ] // 32nd IEEE International Conference on Computer Communications,Infocom 2013,June 5-7,2013 , Turin,Italy . New Jersey ： IEEE Press , 2013 : 809 - 817 .

XU Q , LIAO Y , MISKOVIC S , et al . Automatic generation of mobile App signatures from traffic observations [C ] // 34th IEEE International Conference on Computer Communications,Infocom 2015,November 3-5,2015 , Hong Kong,China . New Jersey ： IEEE Press , 2015 : 1481 - 1489 .

ZHOU Y , JIANG X . Dissecting android malware:characterization and evolution [C ] // IEEE Symposium on Security and Privacy,June 5-9,2012 , San Francisco,CA,USA . New Jersey ： IEEE Press , 2012 : 95 - 109 .

Tcpdump [EB/OL ] .[2016-04-25 ] . http://www.tcpdump.org http://www.tcpdump.org .

Tools [EB/OL ] .[ 2016-04-25 ] . http://developer.android.com/tools http://developer.android.com/tools .

Jaccard index [EB/OL ] .[2016-04-25 ] . http://en.wikipedia.org/wiki/Jaccard_index http://en.wikipedia.org/wiki/Jaccard_index .

Adrd [EB/OL ] .[2016-04-25 ] . https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx？Name=TrojanSpy%3AAndroid OS%2FAdrd.A https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx？Name=TrojanSpy%3AAndroid OS%2FAdrd.A .

Trojan:droid dream light [EB/OL ] .(2011-07-23)[2016-04-25 ] . http://tools.cisco.com/security/center/viewAlert.x？alertId=23296 http://tools.cisco.com/security/center/viewAlert.x？alertId=23296 .

Alexa [EB/OL ] .[2016-04-25 ] . http://www.alexa.com http://www.alexa.com .

GRACE M , ZHOU W , JIANG X , et al . Unsafe exposure analysis of mobile in-app advertisements [C ] // Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks(WiSec 2012),November 3-5,2012 , Tucson,Arizona,USA . New York ： ACM Press , 2012 : 101 - 112 .

苏欣 , 张大方 , 罗章琪 , 等 . 基于Command and Control通信信道流量属性聚类的僵尸网络检测方法 [J ] . 电子与信息学报 , 2012 , 34 ( 8 ): 1993 - 1999 .

SU X , ZHANG D F , LUO Z Q , et al . Botnet detecting method based on clustering flow attributes of Command and Control communication channel [J ] . Journal of Electronics ＆ Information Technology , 2012 , 34 ( 8 ): 1993 - 1999 .

Virus total [EB/OL ] .[2016-04-25 ] . https://www.virustotal.com/ https://www.virustotal.com/ .

浏览量

1302

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

使能未来工厂的5G能力综述

异构网络融合共生的需求、挑战与架构

一种轻量可信的物联网通信协议

基于幅度和相位联合分区的无线物理层密钥生成方法

移动应用全生命周期管理平台的研究与实践