基于域名的恶意行为检测技术

文章首先对域名恶意行为进行简述;然后从域名恶意行为生成机制、相似性、跳变性和互通性四个维度介绍现有的基于域名的恶意行为安全检测技术;之后从DNS流量检测系统和基于DNS数据挖据技术两个维度介绍现有的检测系统;最后展望了恶意域名检测的发展方向。     

网络恶意流量检测技术研究

随着社会的发展以及互联网技术的进步,越来越重视网络安全问题。文章主要分析了网络中日渐明显的恶意流量安全检测问题,着重研究了一些恶意流量安全检测技术,如自适应动态沙箱智能研判技术、僵木蠕流量高速识别技术等,最后依据集中管理全网监测,协同发展控制策略的理念,建立了云端一体化安全检测恶意流量技术体系。     

基于动态监控的Android恶意软件检测方法

Android平台是当今最热门的移动终端平台,但其平台开放性特点使得Android恶意软件数量众多,成为移动安全的重灾区。文中针对Android平台的恶意应用的行为进行检测分析,研究基于动态监控的异常检测技术,提出了一种基于应用行为动态监控的检测方法。测试结果表明,该方法能够有效识别恶意软件,标注出其恶意行为。适用于Android移动智能终端安全防护的需要。     

网络信息安全技术管理视角下的计算机应用

文中对网络信息安全技术管理视角下的计算机应用进行了研究,阐述了常见的几种计算机网络信息安全问题,如电脑病毒侵害问题、电脑黑客的恶意攻击问题、计算机软件漏洞问题等,并提出了切实可行的应用措施,包括建立健全信息技术安全管理机制,应用防病毒技术、身份验证技术、信息隐藏技术和敏感入侵检测技术等,以实现对网络信息安全的技术管理。     

NeighborWatcher:基于程序家族关系的附加恶意手机应用检测方法研究

经过对多个手机恶意应用程序的分析,发现其与被感染程序所属家族的不同版本在程序语义方面存在很大的相似性,并且这种相似性与原家族中不同版本之间的相似性有很大不同.基于该事实,本文借助于分层聚类技术,针对函数的调用图,提出了一种基于程序家族关系的恶意手机应用检测方法并构建了一个NeighborWatcher系统.实验结果表明当每个程序家族都含有四个以上的成员时,NeighborWatcher系统对附加恶意应用的检测率可以达到92.86%.     

Android应用异常检测方法研究

目前面向Android系统的攻击越来越多,因此,分析与检测Android恶意应用已经成为了一个非常重要的研究课题。本文主要从恶意应用类型,国内外主流检测技术等方面分析了Android恶意应用的检测方法研究现状,并基于当前的检测技术,提出仅将良性样本作为训练集来实现对未知Android应用进行异常检测的方法,取得了良好的实验结果。最后,本文分析了Android应用异常检测方法的发展趋势及未来主要研究方向。     

Android恶意应用HTTP行为特征生成与提取方法

Android恶意应用数量的不断增加不仅严重危害Android市场安全,同时也为Android恶意应用检测工作带来挑战。设计了一种基于HTTP流量的Android恶意应用行为生成与特征自动提取方法。该方法首先使用自动方式执行恶意应用,采集所生成的网络流量。然后从所生成的网络流量中提取基于HTTP的行为特征。最后将得到的网络行为特征用于恶意应用检测。实验结果表明,所设计的方法可以有效地提取Android恶意应用行为特征,并可以准确地识别Android恶意应用。     

基于MGS+NN算法的恶意流量安全检测技术研究

随着计算机技术及相关应用的高速发展,越来越多的信息系统投入应用到人们的日常生活中,与此同时,IPv6技术的普及也使得越来越多的物联网设备呈爆发式增长。然而针对各类信息系统及物联网设备的攻击层出不穷,已严重威胁日常信息系统的安全运行。所以,针对恶意流量的安全检测技术在网络安全中起到至关重要的作用。本文提出一种基于多粒度扫描和BP神经网络的恶意流量检测算法,通过对实验数据的计算与模拟,利用本算法得到了较好的准确率,证明了本算法的有效性。     

移动互联网手机应用安全研讨

介绍了移动互联网手机应用的安全现状、发展趋势以及典型的手机应用恶意行为。为降低恶意应用给用户带来的安全威胁,着眼整个移动互联网手机应用行业,提出了一个手机应用安全管控体系,该体系包含了应用上线前检测和上线后监控2个主要阶段。通过手机安全管控体系可以有效管控手机恶意应用,提高用户使用体验。     

基于智能沙盒的移动安全检测技术研究

随着移动终端的高速发展,移动恶意程序恶意扣费、隐私窃取、资费消耗等恶意行为严重威胁用户的隐私安全.因此,本文在此背景下首先提出研究移动检测技术的重要性,接着对当前主流的移动检测技术做分析对比,提出一种新型的智能沙盒检测技术和方法,通过深度检测构建恶意程序关联关系图、时序流图、数据流图等图形化手段,可以解决传统静态和动态检测技术无法检测的技术问题,如插件化恶意程序检测困难、检测结果无法研判等,重点分析其实践过程和效果,最后展望未来移动检测技术的发展趋势.     

基于混合特征的Android恶意软件静态检测

当前智能手机市场中,Android占有很大的市场份额,又因其他的开源,基于Android系统的智能手机很容易成为攻击者的首选目标。随着对Android恶意软件的快速增长,Android手机用户迫切需要保护自己手机安全的解决方案。为此,对多款Android恶意软件进行静态分析,得出Android恶意软件中存在危险API列表、危险系统调用列表和权限列表,并将这些列表合并,组成Android应用的混合特征集。应用混合特征集,结合主成分分析(PCA)和支持向量机(SVM),建立Android恶意软件的静态检测模型。利用此模型实现仿真实验,实验结果表明,该方法能够快速检测Android应用中恶意软件,且不用运行软件,检测准确率较高。     

Generating Lightweight Behavioral Signature for Malware Detection in People-Centric Sensing

People-centric sensing (PCS) is an emerging paradigm of sensor network which turns daily used mobile devices (such as smartphones and PDAs) to sensors. It is promising but faces severe security problems. As smartphones are already and will keep up to be attractive targets to attackers, even more, with strong connectivity and homogeneous applications, all mobile devices in PCS will risk being infected by malware more rapidly. Even worse, attackers usually obfuscate their malwares in order to avoid simple (syntactic signature based) detection. Thus, more intelligent (behavioral signature based) detection is needed. But in the field of network security, the state-of-the-art behavioral signature—behavior graph—is too complicated to be used in mobile devices. This paper proposes a novel behavioral signature generation system—SimBehavior—to generate lightweight behavioral signature for malware detection in PCS. Generated lightweight behavioral signature is a bit like regex (regular expression) rules. And thus, unlike malware detection using behavior graph is NP-Complete, using our lightweight behavioral signature is efficient and very suitable for malware detection in PCS. Our experimental results show that SimBehavior can extract behavioral signatures effectively, and generated lightweight behavioral signatures can be used to detect new malware samples in PCS efficiently and effectively.     

DroidEnemy: Battling adversarial example attacks for Android malware detection

In recent years, we have witnessed a surge in mobile devices such as smartphones, tablets, smart watches, etc., most of which are based on the Android operating system. However, because these Android-based mobile devices are becoming increasingly popular, they are now the primary target of mobile malware, which could lead to both privacy leakage and property loss. To address the rapidly deteriorating security issues caused by mobile malware, various research efforts have been made to develop novel and effective detection mechanisms to identify and combat them. Nevertheless, in order to avoid being caught by these malware detection mechanisms, malware authors are inclined to initiate adversarial example attacks by tampering with mobile applications. In this paper, several types of adversarial example attacks are investigated and a feasible approach is proposed to fight against them. First, we look at adversarial example attacks on the Android system and prior solutions that have been proposed to address these attacks. Then, we specifically focus on the data poisoning attack and evasion attack models, which may mutate various application features, such as API calls, permissions and the class label, to produce adversarial examples. Then, we propose and design a malware detection approach that is resistant to adversarial examples. To observe and investigate how the malware detection system is influenced by the adversarial example attacks, we conduct experiments on some real Android application datasets which are composed of both malware and benign applications. Experimental results clearly indicate that the performance of Android malware detection is severely degraded when facing adversarial example attacks.     

Mobile malware traffic detection approach based on value-derivative GRU

For the dramatic increase in the number and variety of mobile malware had created enormous challenge for information security of mobile network users,a value-derivative GRU-based mobile malware traffic detection approach was proposed in order to solve the problem that it was difficult for a RNN-based mobile malware traffic detection approach to capture the dynamic changes and critical information of abnormal network traffic.The low-order and high-order dynamic change information of the malicious network traffic could be described by the value-derivative GRU approach at the same time by introducing the concept of “accumulated state change”.In addition,a pooling layer could ensure that the algorithm can capture key information of malicious traffic.Finally,simulation were performed to verify the effect of accumulated state changes,hidden layers,and pooling layers on the performance of the value-derivative GRU algorithm.Experiments show that the mobile malware traffic detection approach based on value-derivative GRU has high detection accuracy.     

移动无线传感网中恶意软件传播的最优安全策略

移动无线传感器网络的大规模应用依赖于建立起应对恶意软件攻击的安全策略.一个有效的防护措施就是对传感器节点安装免疫补丁或清除节点中的病毒.考虑到传感器节点的移动特性,根据传染病学理论我们建立了恶意软件传播的动力学模型.基于此模型提出了以易感节点免疫比例与感染节点恢复比例作为优化控制变量的最优目标函数,使得在任意终止时刻被感染的节点数量最少并且实施安全措施成本最小.通过平衡点的稳定性分析,得到了恶意软件传播与否的阈值.运用庞德里亚金（Pontryagin）极大值原理得到了免疫比例与恢复比例的最优控制变量对.仿真结果表明,该模型对于建立遏制恶意程序在移动无线传感器网络中扩散传播的安全策略具有指导意义.     

基于改进贝叶斯分类的Android恶意软件检测

针对Android手机安全受恶意软件威胁越来越严重这一问题,提出一种改进的Android恶意软件检测算法。监控从Android移动设备应用程序获取的多种行为特征值,应用机器学习技术,通过与卡方检验滤波测试结合的方式改进传统的朴素贝叶斯算法,检测Android系统中的恶意软件。通过实验仿真,结果表明在采取朴素贝叶斯分类模型之前,使用卡方检验过滤应用程序的行为特征,可以使基于Android的恶意软件检测技术拥有较低的误报率和较高的精度。     

An Autonomous Host-Based Intrusion Detection System for Android Mobile Devices

Intrusion Detection System (IDS) is crucial to protect smartphones from imminent security breaches and ensure user privacy. Android is the most popular mobile Operating System (OS), holding above 85% market share. The traffic generated by smartphones is expected to exceed the one generated by personal computers by 2021. Consequently, this prevalent mobile OS will stay one of the most attractive targets for potential attacks on fifth generation mobile networks (5G). Although Android malware detection has received considerable attention, offered solutions mostly rely on performing resource intensive analysis on a server, assuming a continuous connection between the device and the server, or on employing supervised Machine Learning (ML) algorithms for profiling the malware’s behaviour, which essentially require a training dataset consisting of thousands of examples from both benign and malicious profiles. However, in practice, collecting malicious examples is tedious since it entails infecting the device and collecting thousands of samples in order to characterise the malware’s behaviour and the labelling has to be done manually. In this paper, we propose a novel Host-based IDS (HIDS) incorporating statistical and semi-supervised ML algorithms. The advantage of our proposed IDS is two folds. First, it is wholly autonomous and runs on the mobile device, without needing any connection to a server. Second, it requires only benign examples for tuning, with potentially a few malicious ones. The evaluation results show that the proposed IDS achieves a very promising accuracy of above 0.9983, reaching up to 1.

     

基于vmem文件的隐藏信息检测研究

针对采用Rootkit技术进行隐藏的恶意程序,文中提出了一种基于虚拟机内外视图交叉比对的恶意程序检测方案来提取其隐藏的信息。该方案通过将虚拟机内部获取的不可信系统信息和虚拟机外部通过vmem文件分析得到的可信系统信息进行交叉比对,发现系统中被Rootkit所隐藏的进程信息,使得Rootkit类型恶意代码检测的有效性得到了保障。     

异常检测技术在移动设备及网络安全防护中的应用

网络安全就是采取一定的手段对网络系统进行保护,避免用户系统内部的硬件、软件以及数据遭到他人的损坏、修改或者泄露,从而保障系统运行的安全性和可靠性。在移动设备和网络的安全防护中,由于恶意软件更新速度较快、移动网络本身稳定性较差,使得异常检测得到了广泛的应用和研究。文中探讨了异常检测技术在移动设备及网络安全防护中的应用,以期为网络安全相关研究提供借鉴意义。     

移动恶意软件现状及发展趋势

针对移动恶意软件以及防治技术进行研究,首先介绍移动恶意软件的定义与类型,对各种类型的恶意软件进行多种维度的比较,然后分析移动恶意软件的传播渠道与生产恶意软件的黑色产业链,最后提出适合运营商的移动恶意软件初步防治建议,以保证移动互联网产业正常、安全地发展。