面向应用商店的移动智能终端恶意软件检测关键技术研究

项目名称： 面向应用商店的移动智能终端恶意软件检测关键技术研究

项目编号： No.61502468

项目类型： 青年科学基金项目

立项/批准年度： 2016

项目学科： 自动化技术、计算机技术

项目作者： 应凌云

作者单位： 中国科学院软件研究所

项目金额： 20万元

中文摘要： 作为移动终端应用软件的分发中心，应用商店是检测恶意软件的关键环节。由于应用商店面对的是开发者提交的全新的、未知的应用软件，目前基于杀毒软件、人工分析的方案在检测率、分析效率方面不能满足应用商店的需求。为此，本项目提出了以基于虚拟化的动态分析方法为核心，开展面向应用商店的恶意软件检测技术研究的方案，包括：研究高仿真度的移动智能终端虚拟分析环境构建技术，解决现有方案存在的软硬件环境仿真度过低的问题；研究敏感行为路径识别和路径约束条件分析技术，减少动态分析需要分析的路径空间，提高分析效率和针对性；研究交互行为动态分析技术，解决依赖特定条件的动态行为触发问题，提高分析全面性；研究行为语义推断和行为合法性判定技术，解决已授权行为与未授权行为难以区分的问题。本项目研究预期可有效提高对智能终端恶意软件的分析能力和检测准确性，对提升智能终端安全性、改善移动互联网的安全状况具有重要意义。

中文关键词： 恶意软件检测；恶意软件分析；移动终端安全；动态污点传播分析

英文摘要： Online application stores are the hub of mobile application distribution systems, and play an important role in the malware detection mechanism. Because the target applications are newly developed and submitted by the developers to application stores, they are unknown to the public, malware detection by antivirus software or human analysis, which is commonly adopted by application stores, faces big effectiveness and efficiency problems. In this proposal, we conduct research on key technology of malware detection in application stores, mainly using dynamic analysis technology based on virtualization environment. Our research includes the following parts: a) Research on high fidelity virtualized smart device and analysis environment building methods; we try to reduce the differences between virtualized and physical devices, which are common drawbacks in previous works. b) Research on identification methods of execution paths representing sensitive behaviors and analysis methods of execution path constraints; we try to decrease the number of execution paths that need be analyzed in dynamic analysis, and improve the analysis efficiency. c) Research on dynamic analysis approaches of interactive behaviors, by solving the problem of actively triggering conditional triggered dynamic behaviors, we can get a more complete analysis result than before. d) Research on behavioral semantic inference and behavior legitimacy judgment methods, we try to make it easier to distinguish authorized behaviors from unauthorized ones. We expect our research work can effectively improve analysis efficiency and detection accuracy of mobile malware, and it’s also helpful to enhance the security situation of smart devices and mobile internet.

英文关键词： malware detection;malware analysis;smart device security;dynamic taint analysis