基于权限的Android应用风险评估方法

针对Android权限机制存在的问题以及传统的应用风险等级评估方法的不足,提出了一种基于权限的Android应用风险评估方法。首先,通过对应用程序进行逆向工程分析,提取出应用程序声明的系统权限、静态分析的权限以及自定义的权限,和通过动态检测获取应用程序执行使用到的权限;然后,从具有恶意倾向的组合权限、"溢权"问题和自定义权限三个方面对应用程序进行量性风险评估;最后,采用层次分析法(AHP)计算上述三个方面的权重,评估应用的风险值。对6 245个软件样本进行训练,构建自定义权限数据集和具有恶意倾向的权限组合数据集。实验结果表明,与Androguard相比,所提方法能更精确地评估应用软件的风险值。

Risk assessment method of Android application based on permission

Focusing on the problems existing in Android permission mechanism and poor capability of traditional measurement methods of Android software security, a risk assessment method of Android APP based on permission was proposed. Firstly, the system permissions declared by application, the permissions obtained through static analysis and custom permissions were extracted by reverse-engineering analysis of application. At the same time, the permissions used by executing application were extracted through dynamic detection. Secondly, quantitative risk assessment of applications was performed from three aspects:permission combination of hiding malicious intent, "over-privilege" problem and custom permission vulnerability. Finally, the Analytic Hierarchy Process (AHP) evaluation model was adopted to calculate the weights of three aspects above for estimating risk value of application. In addition, custom permission data set and permissions combination dataset with hiding malicious intent were built by training 6245 software samples collected from application store and VirusShare. The experimental results show that the proposed method can assess risk value of application software more accurately compared with Androguard.