| 基于多因素聚类选择的Android应用程序分类风险评估方法 |
| |
| 作者姓名: | 超凡 杨智 杜学绘 韩冰 |
| |
| 作者单位: | 信息工程大学,河南 郑州 450001 |
| |
| 基金项目: | 国家重点研发计划(2018YFB0803603);国家自然科学基金(61802436)。 |
| |
| 摘 要: | 大多数现有的Android应用程序风险评估根据经验直接指定因素的权重,通过统计少量因素的使用频率来计算安全风险。提出一种新的Android应用风险评估方法,能够同时提供定量和定性评估。该方法融合系统权限、API调用、Intent Filter的action属性以及数据流等多种风险因素,基于因素的风险分类与加成进行风险赋值,基于层次聚类对因素子集进行权重分配。实验表明,评估结果能够有效地反映Android应用程序的真实安全风险。
|
| 关 键 词: | 安卓 风险评估 安全威胁 静态分析 层次聚类 |
Classified risk assessment method of Android application based on multi-factor clustering selection |
| |
| Authors: | CHAO Fan YANG Zhi DU Xuehui HAN Bing |
| |
| Affiliation: | Information Engineering University, Zhengzhou 450001, China |
| |
| Abstract: | Most existing risk assessments of Android applications directly assign weights to factors according to experience,and calculate security risks by counting the frequency statistics of few factors.A new method for risk assessment of Android applications is proposed,which can provide both quantitative and qualitative assessment.This method integrates multiple risk factors such as system permissions,API calls,the action properties of Intent Filter,and data flow.The risks of factors are assigned based on their risk classification and addition,and the weights of factor subsets are distributed based on hierarchical clustering.Experiments show that the assessment results can effectively reflect the real security risks of Android applications. |
| |
| Keywords: | Android risk assessment security threat static analysis hierarchical clustering |
| 本文献已被 维普 等数据库收录! |
| 点击此处可从《》浏览原始摘要信息 |
|
点击此处可从《》下载全文 |
