摘要
通过Android系统提供的MessageDigest工具类使用SM3杂凑算法对APK进行完整性计算,得到其Hash值;将得到的Hash值与服务器中正确的Hash值进行比较,若两个Hash值不一致,说明此APK程序已被篡改,可以卸载。同时,文章设计了一种权限静态分析和多特征恶意软件检测模型,通过反编译应用程序,得到AndroidManifest.xml和smali文件,获取权限特征和API方法调用特征。权限静态分析是根据权限比重分数,计算危险权限分数,判断应用程序危险程度。多特征恶意软件检测使用Jaccard距离计算权限特征相似度和API方法调用特征相似度,识别良性软件和恶意软件。实验结果显示,该方案SM3完整性计算速度是MD5、SHA-1算法速度的3倍左右,检测模型能有效识别恶意软件,并对恶意软件分类,从而保护用户的隐私资料,防止恶意软件窃取用户隐私。
The MessageDigest tool class provided by the Android system uses the SM3 hash algorithm to calculate the integrity of the APK,obtains its hash value,compares the obtained hash value with the correct hash value in the server.IF two Hash values are inconsistent,,indicating that the APK has been tampered and can be uninstalled.The permission static analysis and multi-feature malware detection model are designed.By decompiling the application,the AndroidManifest.xml and smali files are obtained,and the permission feature and API method call feature are obtained.Permission static analysis is to calculate the dangerous permission score according to the permission weight score and judge the application danger degree.Multi-feature malware detection uses Jaccard distance calculation permission feature similarity and API method call feature similarity to identify benign software and malware.The experimental results show that the SM3 integrity calculation speed is about 3 times faster than the MD5 and SHA-1 algorithms.The detection model can effectively identify malicious applications and classify malicious applications,thus protecting users'private data and preventing malware theft.User privacy.
作者
郑东
赵月
ZHENG Dong;ZHAO Yue(National Engineering Laboratory for Wireless Security,Xi’an University of Posts and Telecommunications,Xi’an 710121,China)
出处
《信息网络安全》
CSCD
北大核心
2020年第6期17-25,共9页
Netinfo Security
基金
国家自然科学基金[61772418]。
