期刊文献+

DroidBet:事件驱动的Android应用网络行为的自动检测系统 被引量:8

Droid Bet: event-driven automatic detection of network behaviors for Android applications
下载PDF
导出
摘要 多数Android应用需要通过连入互联网与外界进行通信,所有与网络相关的活动都涉及网络流量,通过分析建模Android应用的网络流量,可以一定程度上掌握Android应用的网络行为。因此,设计了一个事件驱动的网络行为自动检测系统DroidBet,来对Android应用进行自动测试评估。首先,建立一个场景模拟事件库,用来模拟应用程序运行过程中可能执行的事件,从而尽可能地触发应用程序的网络行为;然后,自动生成基于状态转移分析方法的测试序列,同时对应用程序测试过程中的网络行为进行动态收集;最后,采用机器学习方法对收集到的网络行为进行学习、训练,生成基于BP神经网络的网络行为模型,实现对未知的Android应用的行为检测。实验结果表明,DroidBet能够有效地触发并提取应用程序的网络行为,并具有准确度高、系统资源开销低等优点。 The most Android applications connect to Internet to communicate with the outside world. Applications' net- work-related activities were reflected and described with network traffic. By analyzing and modeling network traffic of Android applications, network behaviors of Android applications could be subsequently characterized. Therefore, Droid- Bet: an event-driven network behavior automatic detection system was presented, to test and evaluate Android applica- tions automatically. Firstly, a scenario simulation event library was built to simulate the events that applications may be executed in the process, so as to trigger the network behavior of the application as much as possible. Then, the test se- quence based on the state transition analysis method was automatically generated, and the network behavior was dynam- ically collected during the application testing process. Finally, the machine learning method was used to learn and train the collected network behavior, and the network behavior model based on BP neural network was generated to detect the behavior of the unknown Android application. The experimental results show that DroidBet can effectively trigger and extract the network behavior of the application, which has the advantages of high accuracy and low resource cost.
出处 《通信学报》 EI CSCD 北大核心 2017年第5期84-95,共12页 Journal on Communications
基金 国家自然科学基金资助项目(No.61472189)~~
关键词 ANDROID 场景模拟 网络行为 自动化检测 Android, scenario simulation, network behavior, auto-detection
  • 相关文献

参考文献4

二级参考文献80

  • 1LEE W,STOLFO S,MOK K. A data mining framework for adaptive intrusion detection[EB/OL]. http://www.cs.columbia.edu/~sal/ hpapers/framework.ps.gz.
  • 2LEE W, STOLFO S J, MOK K. Algorithms for mining system audit data[EB/OL]. http://citeseer.ist.psu.edu/lee99algorithms.html. 1999.
  • 3KRUEGEL C, TOTH T, KIRDA E.Service specific anomaly detection for network intrusion detection[A]. Proceedings of the 2002 ACM Symposium on Applied Computing[C]. Madrid, Spain, 2002. 201-208.
  • 4LIAO Y, VEMURI V R. Use of text categorization techniques for intrusion detection[A]. 11th USENIX Security Symposium[C]. San Francisco, CA, 2002.
  • 5An extensible stateful intrusion detection system[EB/OL]. http://www.cs.ucsb.edu/~kemm/NetSTAT/doc/index.html.
  • 6ILGUN K. USTAT: A Real-Time Intrusion Detection System for UNIX[D]. Computer Science Dep University of California Santa Barbara, 1992.
  • 7The open source network intrusion detection system [EB/OL]. http://www.snort.org/.
  • 8KO C, FINK G, LEVITT K. Automated detection of vulnerabilities in privileged programs by execution monitoring[A]. Proceedings of the 10th Annual Computer Security Applications Conference [C]. Orlando, FL: IEEE Computer Society Press, 1994. 134-144.
  • 9Computer security & other applications of immunology[EB/OL]. http://www.cs.unm.edu/~forrest/isa_papers.htm.
  • 10GRUNDSCHOBER S. Sniffer Detector Report[R]. IBM Research Division Zurich Research Laboratory Global Security Analysis Lab, 1998.

共引文献329

同被引文献64

引证文献8

二级引证文献10

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部