基于攻击的安卓应用安全检测及评估标准研究
Research on Security Detection and Evaluation Criteria of Android Application Based on Attack
DOI: 10.12677/CSA.2021.115151, PDF,   
作者: 喻毫博, 甘 刚:成都信息工程大学网络空间安全学院,四川 成都
关键词: 移动安全安卓应用安全检测评估Mobile Security Android Applications Security Detection Evaluation
摘要: 随着手机的发展,开源的安卓系统也慢慢填补了自己的劣势,在市场占有上大大超越了苹果手机。同样因为安卓的开源性,各种鱼龙混杂的安卓应用都进入了安卓市场,所以安卓应用安全性研究就成了近年来的重中之重。本文就现阶段安卓应用安全检测需求进行深度剖析,从攻击者的角度出发,结合现有检测指标,设计出详细全面的安卓应用安全检测评估指标。针对部分评估指标,给出相应的测试内容。按照当前主流的安全检测指标权重,计算出一个简单的线性检测评估模型。此模型可以有效发现安卓应用在不同评估指标下的安全强度,以及安卓应用所面对的安全风险。
Abstract: With the development of mobile phones, the open source Android system has gradually filled its disadvantage and greatly surpassed Apple’s mobile phone in market share. Also because of the open source nature of Android, a variety of mixed Android applications have entered the Android market, so Android application security research has become a top priority in recent years. This paper analyzed the current Android application security detection requirements in depth, and from the perspective of attackers, combined with the existing detection indicators, designed detailed and comprehensive Android application security detection evaluation indicators. According to some evaluation indexes, the corresponding test contents were given. According to the current main-stream safety detection index weight, a simple linear detection evaluation model was calculated. This model can effectively discover the security strength of Android applications under different evaluation indicators, as well as the security risks Android applications face.
文章引用:喻毫博, 甘刚. 基于攻击的安卓应用安全检测及评估标准研究[J]. 计算机科学与应用, 2021, 11(5): 1474-1483. https://doi.org/10.12677/CSA.2021.115151

参考文献

[1] 裘文成. 安卓APP安全性在线分析系统设计[J]. 电子世界, 2019(10): 141-142.
[2] 李涛, 张旭. 一种Android应用程序的安全检测方法及系统[P]. 中国专利, CN102831338A. 2012-06-28.
[3] 陈洋. 面向Android平台的软件安全检测技术研究[D]: [硕士学位论文]. 大连: 大连海事大学, 2015.
[4] 刘玮, 李蜀瑜. Android移动应用检测研究[J]. 计算机应用与软件, 2019, 36(6): 322-326.
[5] 王喆. Android移动终端数据安全检测方法研究[J]. 网络安全技术与应用, 2019(1): 63-64.
[6] 张静, 宋巍, 张炽华. 安卓应用服务泄露静态检测工具[J]. 电子设计工程, 2019, 27(13): 1-6.
[7] Martinelli, F., Mercaldo, F., Saracino, A., et al. (2016) I Find Your Behavior Disturbing: Static and Dynamic App Behavioral Analysis for Detection of Android Malware. 2016 14th Annual Conference on Pri-vacy, Security and Trust (PST), Auckland, 12-14 December 2016, 129-136. [Google Scholar] [CrossRef
[8] 齐林, 刘功申, 孟魁, 蔡逆水. 基于静态分析的虚假安卓APP分析与检测[J]. 通信技术, 2017, 50(12): 2840-2845.
[9] Wu, H., Yang, S. and Rountev, A. (2016) Static Detection of Energy Defect Patterns in Android Applications. Proceedings of the 25th International Conference on Compiler Con-struction, Barcelona, 17-18 March 2016, 185-195. [Google Scholar] [CrossRef
[10] Fang, Z., Liu, Q., Zhang, Y., et al. (2015) IVDroid: Static Detection for Input Validation Vulnerability in Android Inter-Component Communication. Springer International Publishing, Springer, Cham. [Google Scholar] [CrossRef
[11] Narayanan, A., Chandramohan, M., Chen, L., et al. (2017) A Multi-View Context-Aware Approach to Android Malware Detection and Malicious Code Localization. Empirical Soft-ware Engineering, 6, 1-53.
[12] 巫志文, 李炜. 基于Android平台的软件加固方案的设计与实现[J]. 电信工程技术与标准化, 2015(1): 33-37.