使用敏感路径识别方法分析安卓应用安全性

安卓系统在手机端操作系统中长期占据主导地位，但由于安卓系统开放共享的特性和不够严谨的第三方市场审核机制，安卓平台受到众多恶意应用的侵扰.本文结合静态程序分析和机器学习方法，提出了基于敏感路径识别的安卓应用安全性分析方法.首先，针对恶意应用中存在的恶意行为以及触发条件，定义了敏感路径.其次，针对安卓应用中存在大量组件间函数调用关系，提出了一种生成应用组件间函数调用关系图的方法.再次，由于提取出的敏感路径信息无法直接作为识别特征，实现了一种基于敏感路径信息抽象的特征提取方法.最后，从GooglePlay、豌豆荚、Drebin等来源收集了493个应用APK文件作为实验数据集，本文方法的准确率为97.97%，高于基于API-Feature的检测方法（90.47%），此外，在恶意应用和良性应用检测的精度、召回率、F度量等方面，本文方法均优于API-Feature方法.另外，实验表明APK文件大小会影响实验的结果，尤其体现在分析时间上（0-4MB大小的APK平均分析用时89秒；文件增大后，平均分析用时增长明显）.

Security Analysis for Android Applications Using Sensitive Path Identification

Android system dominates the mobile operating systems at present. Compared with iOS system, Android system is more open and has lots of third-party markets with loose audit mechanism. Therefore, there are more malwares in Android platform. In this paper, we propose the Android security analysis based on sensitive path identification, which includes the static analysis and machine learning methods. Firstly, since malicious behaviors in malwares have their trigger conditions, we give the definition of sensitive path. Secondly, we propose a method to generate the inter-component call graph based on APK files due to the fact that there are a lot of inter-component call relations in Android applications. Thirdly, since the sensitive paths cannot be directly used as features, we design a method to abstract the sensitive paths. Finally, we collected 493 applications APK files from Android markets and the existed data sets, such as Google Play, Wandoujia, and Drebin, to construct our benchmark, and our experiments indicate that our method has higher accuracy (97.97%) than the method based onAPI-Feature(90.47%), and its precision, recall and F-Measure are also better than API-Feature method.Furthermore, the scale of the APKfile has influence to the experiment results, especially in analyzing time (when the APK files are within 0-4MB, the average analyzing time is 89 seconds; and when the files become larger, the time increases significately).