APP检测技术在移动互联网安全管控中的应用

针对智能手机的普及,手机恶意程序日益泛滥。文章在分析传统安全措施技术存在缺陷的基础上,提出一种可及时发现未知恶意程序的APP检测技术。该技术在网络侧实时监控手机恶意程序,采集疑似样本,实现对已知恶意程序及时处置,对未知恶意程序及时发现。给出APP检测技术的系统架构设计和部署方案,分析结果认为该技术可大大提高移动互联网中对恶意程序的防范能力。     

Android系统恶意程序检测技术研究

随着Android系统的不断发展,人们对该平台的安全问题也更为关注。针对Android恶意应用程序存在的安全隐患,提出一种基于事件的恶意程序检测技术。系统采用C/S结构,通过手机客户端获取目标分析程序的系统调用序列,提交服务器端分析处理,分析服务器预先运行大量的已知恶意程序和良性程序作为训练样本,利用支持向量机学习算法对调用序列流进行聚类分类学习,检测出与样本类似特征的恶意程序。实验测试表明,该技术对恶意程序检出率高,误报率低,为Android恶意程序检测系统的设计提供有价值的参考。     

Android系统手机安全机制研究

Android系统手机安全涉及到不同的安全环节,在手机ROOT后,如何保证用户的信息安全,防止出现各种信息泄露、恶意扣费、系统破坏等事件。通过对Android现在防御安全方案分析,有动态改变权限和入侵检测系统检测和控制恶意软件的危害两种方案,经吸收这两种方案的优点,提出了基于异常行为的动态管理权限方案,用于实时监测手机的异常行为,从而保证手机系统安全。     

联想网御入侵检测系统通过评测

近日,赛迪评测对联想新推出的网御入侵检测系统进行了全面的产品评测。联想网御入侵检测系统是基于网络的入侵检测及响应系统(NIDS)。其采用分布式入侵检测系统构架,综合使用模式匹配、异常分析、状态协议分析、行为分析、内容恢复、网络审计等入侵分析技术,全面监视网络的通信状态,实时捕获入侵、误用、滥用等违反网络安全策略的行为,并针对可疑的入侵行为,依据策略做出主动反应、及时告警及事件日志记录,最大限度保障网络系统安全。经赛迪评测全面评估,联想网御入侵检测系统属于一款优秀的入侵检测系统。(吕莉,摘自《通信产业报》)联想…     

基于自律计算的主动入侵检测模型

针对传统入侵检测系统的被动检测机制问题,借鉴自律计算思想,提出了一个具有自律特性的主动入侵检测模型．该模型以自主管理器为核心,在Agent协同层引入拍卖机制感知系统环境变化和管理调配被管资源,自主处理入侵信息,实现对入侵行为的主动响应．实验结果表明,通过合理的参数配置,该模型能有效提高入侵检测系统的自适应性和检测准确率．     

应用于移动互联网的入侵检测系统的研究

随着移动互联网的迅猛发展,智能手机越来越普及,其安全问题也随之而来。入侵检测技术能收集信息并进行分析,通过与规则库比较,发现是否含有入侵攻击。由于目前移动互联网监测能力不足,大量木马入侵手机,严重影响了手机用户的生活。提出了一套应用于移动互联网的入侵检测系统,能有效检测到入侵攻击,并及时响应,保证手机安全。     

基于android和云平台的智能家居系统设计与实现

为解决智能家居系统大规模数据的存储、管理及移动终端的可靠接入等问题,本文设计了一种基于嵌入式家庭网关、Android和云平台服务的智能家居系统。利用极光云推送服务及时将家庭的异常报警信息推送到手机客户端,系统还提供了视频监控功能,用户随时随地通过手机查看家庭动态。当监测异常时会自动拍照记录异常场景,并上传至yeelink物联网云平台,进行图像云存储。另外通过手机客户端可以查看所选时间范围内的报警图像,随时掌控家庭生活。     

面向智能手机的入侵检测系统研究

随着智能手机的普及和移动购物及手机银行的流行,智能手机的安全问题也变得非常突出.由于处理能力和电源的限制及移动网络的特性,智能手机入侵检测系统需要解决特有的技术难题.全面分析了Android系统和iOS系统的安全模型,基于机器学习和支持向量机技术提出了一个新的面向智能手机的入侵检测系统模型,可以有效检测和抵御各种恶意程序.     

入侵检测机制分析

入侵检测定义及分类1. 入侵检测定义入侵定义为试图危害计算机资源,及危害计算机所处理的信息的行动集合。入侵检测系统(IDS)是试图完成检测入侵的工具。入侵检测假设计算机系统中的用户的活动,程序的活动,不管是入侵还是合法的,都可以监测到。入侵对系统的影响与正常操作对系统的影响是不同的。不同的入侵检测系统使用不同的特征集合(对审计数据的量度)与不同的分析方法以决定系统的活动是否是入侵。入侵检测可分为误用检测与异常检测。2. 误用(misuse)检测定义误用(misuse)检测定义:记录和表达入侵的特定模式,利用已经知道的系统漏洞,或…     

Android平台下的安全检测软件的设计与实现

本文为了阻止Android手机恶意软件病毒的危害,分析了入侵病毒的类型,提出了一个基于Android平台的安全检测软件的设计方案,并实现了该方案。该软件基于Android的体系机构,结合Android体系自身的特点,实现了查杀病毒、检测支付环境、监听电话短信、检测流量等功能,保障了用户的安全。经过真机和模拟机测试,该软件能够有效查杀病毒、检测到潜在的病毒危害并及时采取措施,达到了设计目的。     

基于Android的木马检测引擎的研究与实现

近几年来,Android手机木马病毒发展迅速,Android手机安全问题成为大家关注的焦点,基于Android的木马检测引擎的研究与实现变得日益迫切。为此,提出了一套特征码提取检测算法（FCPA）,FCPA通过调用Android系统库函数获取恶意文件的源路径,利用源路径找到相应文件并对文件进行散列处理,获取文件特征信息,生成一个唯一标识该木马病毒的特征值,然后构建特征码库。同时,设计并实现了木马检测引擎,其利用特征码提取算法快速扫描并检测出手机应用程序中的恶意程序。实验结果表明,该木马检测引擎能够有效检测恶意应用。     

Monitoring Smartphones for Anomaly Detection

In this paper we demonstrate how to monitor a smartphone running Symbian operating system and Windows Mobile in order to extract features for anomaly detection. These features are sent to a remote server because running a complex intrusion detection system on this kind of mobile device still is not feasible due to capability and hardware limitations. We give examples on how to compute relevant features and introduce the top ten applications used by mobile phone users based on a study in 2005. The usage of these applications is recorded by a monitoring client and visualized. Additionally, monitoring results of public and self-written malwares are shown. For improving monitoring client performance, Principal Component Analysis was applied which lead to a decrease of about 80% of the amount of monitored features.     

一种恶意软件实时检测模型

启发式扫描检测入侵行为未知的恶意软件,存在误报及漏报问题,且不能有效监控Rootkit。基于＂通过监控某种恶意行为,实现对一类入侵方式未知的恶意软件的实时检测＂的思想,提出了一种实时检测入侵行为未知恶意软件的Petri网模型,给出了性能测量及优化方法。通过在模型指导下建立的恶意软件实时检测系统中采集关键参数,完成了模型性能评价和调整。设计的系统可实时准确地检测具有特征行为的恶意软件。     

Collaborative techniques for intrusion detection in mobile ad-hoc networks

In this paper, we present two intrusion detection techniques for mobile ad-hoc networks, which use collaborative efforts of nodes in a neighborhood to detect a malicious node in that neighborhood. The first technique is designed for detection of malicious nodes in a neighborhood of nodes in which each pair of nodes in the neighborhood are within radio range of each other. Such a neighborhood of nodes is known as a clique [12]. The second technique is designed for detection of malicious nodes in a neighborhood of nodes, in which each pair of nodes may not be in radio range of each other but where there is a node among them which has all the other nodes in its one-hop vicinity. This neighborhood is identical to a cluster as mentioned in [12]. Both techniques use message passing between the nodes. A node called the monitor node initiates the detection process. Based on the messages that it receives during the detection process, each node determines the nodes it suspects to be malicious and send votes to the monitor node. The monitor node upon inspecting the votes determines the malicious nodes from among the suspected nodes. Our intrusion detection system is independent of any routing protocol. We give the proof of correctness of the first algorithm, which shows that it correctly detects the malicious nodes always when there is no message loss. We also show with the help of simulations that both the algorithms give good performance even when there are message losses arising due to unreliable channel.     

基于Android的手机恶意代码检测与防护技术

随着通信技术以及移动终端的发展,Android系统由于其本身的开源性,滋生了大量的恶意代码。为了满足Android手机用户的安全需求,文中基于Android,采用SVM机器学习思想,构建了恶意代码检测模型,并开发了一套手机恶意代码检测与防护系统,可以对其进行快速检测和深度检测。系统经Android手机测试结果表明,其具有较好的检测精度以及较低的恶意代码漏报率。     

Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework

Since current computer infrastructures are increasingly vulnerable to malicious activities, intrusion detection is necessary but unfortunately not sufficient. We need to design effective response techniques to circumvent intrusions when they are detected. Our approach is based on a library that implements different types of counter-measures. The idea is to design a decision support tool to help the administrator to choose, in this library, the appropriate counter-measure when a given intrusion occurs. For this purpose, we formally define the notion of anti-correlation which is used to determine the counter-measures that are effective to stop the intrusion. Finally, we present a platform of intrusion detection that implements the response mechanisms presented in this paper.     

支持数据隐私保护的恶意加密流量检测确认方法

为解决基于机器学习的恶意加密流量检测易产生大量误报的问题,利用安全两方计算,在不泄露具体数据内容的前提下实现网络流量内容和入侵检测特征间的字符段比对。基于字符段比对结果,设计入侵检测特征匹配方法,完成关键词的精准匹配。为保证所提方法的有效执行,提出用户终端输入随机验证策略,使恶意用户终端难以使用任意数据参与安全两方计算进而躲避检测确认。对所提方法的安全性和性能进行了理论分析,并采用真实部署和仿真实验相结合的方式进行验证。实验结果表明,所提方法能显著提升检测效果,且资源消耗低。     

Control theoretic approach to intrusion detection using a distributed hidden Markov model

Cooperative ad hoc wireless networks are more vulnerable to malicious attacks than traditional wired networks. Many of these attacks are silent in nature and cannot be detected by conventional intrusion detection methods such as traffic monitoring, port scanning, or protocol violations. These sophisticated attacks operate under the threshold boundaries during an intrusion attempt and can only be identified by profiling the complete system activity in relation to normal behavior. In this article we discuss a control- theoretic hidden Markov modelstrategy for intrusion detection using distributed observation across multiple nodes. This model comprises a distributed HMM engine that executes in a randomly selected monitor node and functions as a part of the feedback control engine. This drives the defensive response based on hysteresis to reduce the frequency of false positives, thereby avoiding inappropriate ad hoc responses.