CN108229158A - A kind of guard method of the user privacy information stored in Android - Google Patents

A kind of guard method of the user privacy information stored in Android Download PDF

Info

Publication number
CN108229158A
CN108229158A CN201810024121.8A CN201810024121A CN108229158A CN 108229158 A CN108229158 A CN 108229158A CN 201810024121 A CN201810024121 A CN 201810024121A CN 108229158 A CN108229158 A CN 108229158A
Authority
CN
China
Prior art keywords
application software
information
application
privacy information
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810024121.8A
Other languages
Chinese (zh)
Other versions
CN108229158B (en
Inventor
朱晓妍
章辉
马建峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201810024121.8A priority Critical patent/CN108229158B/en
Publication of CN108229158A publication Critical patent/CN108229158A/en
Application granted granted Critical
Publication of CN108229158B publication Critical patent/CN108229158B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Telephone Function (AREA)

Abstract

The present invention proposes a kind of guard method of the user privacy information stored in Android, for solving to exist in the prior art to steal the technical issues of user privacy information can not achieve accurate comprehensive interception to malicious application software.It is realized by the XMonitor systems being mounted on intelligent mobile terminal, the system includes application class module, privacy information management module and collusion attack management module, application software is classified as normal use software and malicious application software by application class module by data digging method, the behavior that privacy information management module obtains malicious application software user privacy information intercepts, and collusion attack management module intercepts the inter-application communication content for meeting the normal use software of the collusion attack rules of competence.The present invention can realize the higher autonomous interception of accuracy, to user privacy information protection more comprehensively, available for carrying the smart mobile phone of android system.

Description

A kind of guard method of the user privacy information stored in Android
Technical field
The invention belongs to mobile terminal safety fields, are related to a kind of method for protecting privacy, and in particular to a kind of The guard method of the user privacy information stored in Android, available for the monitoring of the user privacy information stored in Android And interception.
Background technology
In recent years, it as the fast development of mobile Internet, the popularity rate of smart mobile phone quickly increase, is increasingly becoming each The object of the indispensability of people.The whole world intelligent mobile phone system of the first quarter in 2017 city issued according to Market Research Corporation of America Gartner Market share report display, the market share of global Android phone are up to 86.1%, are still occupied predominantly with absolute advantage Position.At the same time, the application software based on Android platform is increased sharply, wherein it is no lack of the malicious application with leakage privacy information, Serious threat is caused to the security of private data of user.Therefore, these malicious applications are correctly identified and are taken corresponding anti- Model measure has become the important subject in one, mobile security field.
Dynamic analysing method is to detect one of method that malicious application software steals user privacy information behavior.Enck William et al. 2014 is in ACM Transactions on Computer System " TaintDroid:An information-flow tracking system for realtime privacy monitoring on Smartphones. in article ", a kind of monitoring side based on dynamic stain realized using TaintDroid systems is disclosed Method, the system are marked private data using the method for dynamic pitching pile, when labeled private data by network or Other approach have left cell phone system, which records the whereabouts of private data, and warning is made to user.Although the system energy Enough monitoring private data flow directions, but real-time blocking cannot be carried out, do not prevent the leakage of private data.
Malicious application software can be told by data mining technology, for prevent private data leakage provide according to According to.Application publication number be CN 106997434A, entitled " secret protection module and guard method based on android system " Application for a patent for invention, disclose a kind of secret protection module based on android system and guard method, which is based on number Application software is classified as malicious application software and normal use software according to grader is excavated, according to classification results to application software Permission carry out dynamic control, and the collusion attack behavior of malicious application software is intercepted.The invention can tell evil Meaning application software, and the behavior of malicious application software application acquisition privacy information makes into user warning, and can intercept The collusion attack behavior of malicious application software.But have a defect that the interception that privacy information is obtained to malicious application software is practical Upper dependence user selection, it is impossible to the accurate autonomous leakage for intercepting user privacy information, and data mining technology detection exists The malicious application software of collusion attack has relatively low correctness.
Invention content
It is an object of the invention to be directed to the deficiency of above-mentioned technology, propose that the privacy of user stored in a kind of Android is believed The guard method of breath, for solving to exist in the prior art to steal user privacy information to malicious application software and can not achieve accurately The technical issues of comprehensive interception.
The present invention technical thought be:The application software of user installation is classified as by normal use by data digging method Software and malicious application software are inserted into before the function interface for being related to user privacy information and intercept code, when malicious application software The function interface for being related to user privacy information is had invoked, the false value replacement function for intercepting code null value or generating at random connects The return value of mouth realizes the interception to user privacy information, while is inserted into and intercepts before the function interface of inter-application communication channel Code, and the collusion attack rules of competence are set, lead between the normal use software for meeting the collusion attack rules of competence is applied During letter, the return value that code replaces the function interface of inter-application communication channel with null value is intercepted, realizes the interception to Content of Communication.
According to above-mentioned thinking, realize that the technical solution that the object of the invention is taken is:
Include application class module, privacy information management module and collusion attack pipe by being mounted on intelligent mobile terminal The XMonitor systems of module are managed, realize the protection of the user privacy information to being stored in android system, implement step For:
(1) it obtains using sample set model file:
(1a) collects the application sample set for including malicious application sample set and normal use sample set from network, and from this Using the authority information set that application software is extracted in sample set, construction feature vector set;
(1b) is trained set of eigenvectors using Data Mining Classification device, and be applied sample set model file, and It will be in the model file built-in application sort module;
(2) application class module is by classifying to the application software of installation using sample set model file:
(2a) creates malicious application software database, for storing the application software title for being judged as malice;
(2b) application class module solves the AndroidManifest.xml files of the application software of user installation Analysis, the authority information set S for the software application that is applied, and build the feature of the corresponding application software of authority information set S to Amount;
(2c) application class module passes through application software according to sample set model file is applied using Data Mining Classification device Feature vector classify to the application software of user installation, obtain malicious application software or normal use software, and will The title of malicious application software is added in malicious application software database;
(3) privacy information management module is monitored the user privacy information stored in android system, and to malice The behavior that application software obtains user privacy information is intercepted:
(3a) privacy information management module searches privacy of user involved in android system when android system starts The position of the function interface of information, and be inserted into before the position found write in advance for storing in android system It is related to the interception code of each function interface of user privacy information, wherein, user privacy information is included on intelligent mobile terminal Associated person information, message registration, equipment mark code, browser browsing record, the travel information on calendar, the multimedia text of storage Part and the current geographical location information of mobile terminal;
Interception code in (3b) privacy information management module is after android system startup, when the application of user installation Software transfer is related to being triggered during the function interface of user privacy information, intercepts code and is inquired in malicious application software database With the presence or absence of the title of the application software of user installation, if so, intercepting code by null value or the void generated using random function Falsity replaces the privacy information that function interface provides originally, and as the return value of function interface, realizes and privacy information is blocked It cuts, otherwise android system returns to the execution flow of application software script;
(4) Content of Communication of the collusion attack management module between the application software of user installation in android system carries out Monitoring, and the Content of Communication for meeting the collusion attack rules of competence is intercepted:
(4a) collusion attack management module communicates when android system starts between lookup android system application software The position of the function interface of channel, and be inserted into before the position found write in advance for android system application software Between communications conduit each function interface interception code, wherein, communications conduit include four kinds of channels:Intent、 ContentProvider, SharedPreferences are stored and external storage;
The privacy authority collection that (4b) defines android system is combined into SP, the authority set of application software PERCOM peripheral communication is combined into ST, Wherein, PERCOM peripheral communication mode includes short message, network and bluetooth;
The interception code of (4c) collusion attack management module is after android system startup, when the application of user installation is soft Part A calls the function interface of communications conduit between application software, and while passing data to the application software B of user installation is touched Hair, intercepts whether at least code inquires that there are the names of the application software of a user installation in malicious application software database Claim, if so, android system returns to the execution flow of application software script, otherwise, intercept code the application of user installation is soft Part obtains the authority information deposit privacy authority set S that user privacy information needs are appliedP, while the application of user installation is soft Part carries out the authority information that PERCOM peripheral communication needs are applied and is stored to PERCOM peripheral communication permission set ST
The authority set that (4d) defines the application software A of user installation is combined into SA, the authority set of the application software B of user installation It is combined into SB
The authority information of the application software A of user installation is stored in permission by the code that intercepts of (4e) collusion attack management module Set SA, while the authority information of the application software B of user installation is stored in permission set SB, and judge SP、ST、SAAnd SBWhether Meet the pre-defined collusion attack rules of competence simultaneously, if so, the data that null value is replaced function interface to transmit by code are intercepted, As the return value of function interface, the interception to Content of Communication is realized, and the title of application software A and application software B are added Into malicious application software database, otherwise android system returns to the execution flow of application software script.
Compared with prior art, the present invention it has the following advantages that:
(1) present invention is inserted into before the function interface of inter-application communication channel and intercepts code, and sets collusion attack permission Rule when the application software for meeting the collusion attack rules of competence carries out inter-application communication, intercepts code and replaces application with null value Between communications conduit function interface return value, realize the interception to Content of Communication, compared with prior art, user privacy information Protection is more comprehensively;
(2) application software of user installation is classified as normal use software and malice by the present invention by data digging method Application software is inserted into before the function interface for being related to user privacy information and intercepts code, when malicious application software transfer is related to The function interface of user privacy information, the return of false value replacement function interface for intercepting code null value or generating at random Value, realizes the interception to user privacy information, compared with prior art, can realize that accuracy is higher to privacy of user data It is autonomous to intercept.
Description of the drawings
Fig. 1 is the realization flow chart of the present invention;
Fig. 2 is the expression figure of eigenvectors matrix in the present invention;
Fig. 3 is the interception daily record figure of privacy information management module in the present invention;
Fig. 4 is the interception daily record figure of collusion attack management module in the present invention.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, below in conjunction with attached drawing and specific implementation Example, the present invention is further described in detail.
The guard method of user privacy information stored in reference Fig. 1, a kind of Android, is by being mounted on intelligent sliding XMonitor systems in dynamic terminal realize that the system includes application class module, privacy information management module and collusion attack Management module, specific implementation step are:
Step 1) is obtained using sample set model file:
Step 1a) the application sample set for including malicious application sample set and normal use sample set is collected from network, and From this using the authority information set that application software is extracted in sample set, construction feature vector set;
Step 1a1) all permissions information of android system offer is numbered:
Due to the character string that authority information is made of English alphabet, according to the lexicographic order of A to Z to Android The all permissions information that system provides is arranged, and all authority informations arranged are numbered, and obtains all permissions The corresponding permission number P of informationj
Step 1a2) as shown in Fig. 2, defined feature vector matrix M:
Using the type of the application software in application sample set as last row of matrix M, all permissions information is corresponded to Permission number PjAccording to being ranked sequentially from small to large, remaining row of different rights number as matrix M are obtained, using sample The application software A of concentrationiAs the row of matrix M, the expression formula of eigenvectors matrix M is obtained:
M={ mij,ti(p+1)|1≤i≤n,1≤j≤p}
Wherein mijIt represents using the application software A in sample setiIt is P in permission numberjAuthority credentials, ti(p+1)Representing should With the application software A in sample setiTypes value, the line number of i representing matrixes M, the row number of j representing matrixes M, n represented using sample The number of this pooled applications software, p represent the number for all permissions information that android system provides;
Step 1a3) as the application software A in application sample setiWith permission number PjCorresponding authority information, by mijIt assigns It is 1 to be worth, the application software A in application sample setiWithout permission number PjCorresponding authority information, by mij0 is assigned a value of, when Using the application software A in sample setiFor malicious application software, by ti(p+1)1 is assigned a value of, when the application in application sample set is soft Part AiFor normal use software, by ti(p+1)0 is assigned a value of, obtains eigenvectors matrix M, and using eigenvectors matrix M as feature Vector set;
Step 1b) set of eigenvectors is trained using random forest grader, be applied sample set model file, It and will be in the model file built-in application sort module;
Integrated study can often be obtained and be shown than single learner by the way that multiple learners are combined in existing machine learning Write superior performance.Random forest is an extension variant of parallel type integrated study Bagging, it is using decision tree as base On the basis of habit device structure Bagging is integrated, further random feature selection is introduced in the training process of decision tree.Its letter It is single, easy to implement, computing cost is small, powerful performance is shown in many realistic tasks, and also show in the present invention Go out effect more better than other single graders, thus the present embodiment using random forest as grader;
Step 2) application class module is by classifying to the application software of installation using sample set model file:
Step 2a) malicious application software database is created, for storing the application software title for being judged as malice;
Step 2b) AndroidManifest.xml file progress of the application class module to the application software of user installation Parsing, the authority information set S for the software application that is applied, and build the feature of the corresponding application software of authority information set S Vector;
Step 2b1) defined feature vector V:
The corresponding permission number P of all permissions information that step (1a1) is obtainedjAccording to being ranked sequentially from small to large, A line is obtained by feature vector V of the different rights number as row, the expression formula of feature vector V is:
V={ vj|1≤j≤p}
Wherein vjRepresent that permission number is PjAuthority credentials, j represents the row number of feature vector V, and p represents that android system carries The number of all permissions information of confession;
Step 2b2) when there are permission number P in authority information set SjCorresponding authority information, by vj1 is assigned a value of, is held power Permission number P is not present in limit information set SjCorresponding authority information, by vj0 is assigned a value of, obtains feature vector V, and by feature Feature vectors of the vectorial V as the corresponding application software of authority information set S;
Step 2c) application class module according to apply sample set model file, pass through application using random forest grader The feature vector of software classifies to the application software of user installation, obtains malicious application software or normal use software, And the title of malicious application software is added in malicious application software database;
Step 3) privacy information management module is monitored the user privacy information stored in android system, and right The behavior that malicious application software obtains user privacy information is intercepted:
Step 3a) privacy information management module is when android system starts, user involved in lookup android system The position of the function interface of privacy information, and be inserted into before the position found write in advance for depositing in android system The interception code of each function interface for being related to user privacy information of storage, wherein, it is whole that user privacy information includes intelligent mobile Associated person information, message registration, equipment mark code, the browser stored on end browses record, the travel information on calendar, more matchmakers Body file and the current geographical location information of mobile terminal;
Step 3b) interception code in privacy information management module after android system startup, when user installation should It is related to being triggered during the function interface of user privacy information with software transfer, intercepts code and looked into malicious application software database The title of the application software with the presence or absence of user installation is ask, if so, intercepting what code was generated by null value or using random function Falseness value replaces the privacy information that function interface provides originally, and as the return value of function interface, realizes to privacy information It intercepts, otherwise android system returns to the execution flow of application software script;
Step 4) privacy information management module is intercepted for single malicious application software, can't resolve two applications Software obtains user privacy information by collusion attack, but two application software need to transmit user during collusion attack Privacy information, for this feature, collusion attack management module is logical between the application software of user installation in android system Letter content is monitored, and the Content of Communication for meeting the collusion attack rules of competence is intercepted:
Step 4a) collusion attack management module is when android system starts, between lookup android system application software The position of the function interface of communications conduit, and be inserted into before the position found write in advance for android system application The interception code of each function interface of communications conduit between software, wherein, communications conduit includes four kinds of channels:Intent、 ContentProvider, SharedPreferences are stored and external storage;
Step 4b) the privacy authority collection that defines android system is combined into SP, the authority set of application software PERCOM peripheral communication is combined into ST, wherein, PERCOM peripheral communication mode includes short message, network and bluetooth;
Step 4c) collusion attack management module interception code android system startup after, when the application of user installation Software A calls the function interface of communications conduit between application software, and while passing data to the application software B of user installation is touched Hair, intercepts whether at least code inquires that there are the names of the application software of a user installation in malicious application software database Claim, if so, android system returns to the execution flow of application software script, otherwise, intercept code the application of user installation is soft Part obtains the authority information deposit privacy authority set S that user privacy information needs are appliedP, while the application of user installation is soft Part carries out the authority information that PERCOM peripheral communication needs are applied and is stored to PERCOM peripheral communication permission set ST
Step 4d) authority set of application software A that defines user installation is combined into SA, the power of the application software B of user installation Limit collection is combined into SB
Step 4e) authority information of the application software A of user installation is stored in by the code that intercepts of collusion attack management module Permission set SA, while the authority information of the application software B of user installation is stored in permission set SB, and judge SP、ST、SAAnd SB Whether the pre-defined collusion attack rules of competence are met simultaneously, if so, intercept code replaces what function interface transmitted by null value Data as the return value of function interface, realize the interception to Content of Communication, and by the title of application software A and application software B It is added in malicious application software database, otherwise android system returns to the execution flow of application software script;
Judge SP、ST、SAAnd SBWhether meet the pre-defined collusion attack rules of competence simultaneously, refer to:
Wherein, SPRepresent the privacy authority set of android system, STRepresent the permission set of application software PERCOM peripheral communication, SARepresent the permission set of the application software A of user installation, SBRepresent the permission set of the application software B of user installation,It represents Empty set, formula (1) represent SAWith SPIntersection for empty set, i.e. the application software A of user installation has the application software of user installation The permission that user privacy information needs are applied is obtained, formula (2) represents SAWith STIntersection for empty set, i.e. the application of user installation is soft The application software that part A does not have user installation carries out the permission that PERCOM peripheral communication needs are applied, formula (3) represents SBWith STIntersection not For empty set, i.e. there is the application software B of user installation the application software of user installation to carry out the permission that PERCOM peripheral communication needs are applied, Formula (4) represents SBWith SPIntersection for empty set, i.e. the application software that the application software B of user installation does not have user installation obtains The permission that user privacy information needs are applied, formula (2) and formula (4) are the segmentations for collusion attack, while are missed to reduce The rule sentenced rate and added.
The effect of the present invention can be further illustrated by following experiment:
1st, experimental development environment and tool
All experiments of the present invention save as 6G inside, and processor is Intel (R) CoreTMI5-3210M 2.50GHz's It is completed in Win7 systems, collects normal use software sample collection and structure using the use of sample set corresponding set of eigenvectors Python, remaining operates with Java language, and developing instrument is Eclipse and Android Studio.
2nd, experiment content and result
Experiment 1, this experiment obtains private data to test the privacy information management module of the present invention by malicious application, hidden Private information management module obtains the malicious application software installed on mobile phone the interception that the behavior of user privacy information is intercepted Daily record such as Fig. 3, log content include the privacy of user letter that the function interface of malicious application software transfer and function interface are related to Breath.
Experiment 2, this experiment between application software by being communicated come the collusion attack management module for testing the present invention, collusion Attack management module interception daily record such as Fig. 4 that two application software there are collusion attack on mobile phone are intercepted, in daily record Hold the title for including application software both sides and the communications conduit and communication position of application software both sides.

Claims (4)

1. the guard method of the user privacy information stored in a kind of Android, which is characterized in that be by being mounted on intelligent sliding XMonitor systems in dynamic terminal realize that the system includes application class module, privacy information management module and collusion attack Management module, specific implementation step are:
(1) it obtains using sample set model file:
(1a) collects the application sample set for including malicious application sample set and normal use sample set from network, and from the application The authority information set of application software, construction feature vector set are extracted in sample set;
(1b) is trained set of eigenvectors using Data Mining Classification device, and be applied sample set model file, and should In model file built-in application sort module;
(2) application class module is by classifying to the application software of installation using sample set model file:
(2a) creates malicious application software database, for storing the application software title for being judged as malice;
(2b) application class module parses the AndroidManifest.xml files of the application software of user installation, obtains To the authority information set S of application software application, and build the feature vector of the corresponding application software of authority information set S;
(2c) application class module is according to application sample set model file, the spy for passing through application software using Data Mining Classification device Sign vector classifies to the application software of user installation, obtains malicious application software or normal use software, and will malice The title of application software is added in malicious application software database;
(3) privacy information management module is monitored the user privacy information stored in android system, and to malicious application The behavior that software obtains user privacy information is intercepted:
(3a) privacy information management module searches user privacy information involved in android system when android system starts Function interface position, and being related to for what is stored in android system of writing in advance is inserted into before the position found The interception code of each function interface of user privacy information, wherein, user privacy information includes storing on intelligent mobile terminal Associated person information, message registration, equipment mark code, browser browsing record, the travel information on calendar, multimedia file and The current geographical location information of mobile terminal;
Interception code in (3b) privacy information management module is after android system startup, when the application software of user installation Calling be related to being triggered during the function interface of user privacy information, intercept code inquired in malicious application software database whether There are the title of the application software of user installation, if so, intercepting code by null value or the false value generated using random function Instead of the privacy information that function interface provides originally, and as the return value of function interface, realize the interception to privacy information, it is no Then android system returns to the execution flow of application software script;
(4) Content of Communication of the collusion attack management module between the application software of user installation in android system is monitored, And the Content of Communication for meeting the collusion attack rules of competence is intercepted:
(4a) collusion attack management module searches communications conduit between android system application software when android system starts Function interface position, and leading between android system application software of writing in advance is inserted into before the position found Believe the interception code of each function interface of channel, wherein, communications conduit includes four kinds of channels:Intent、 ContentProvider, SharedPreferences are stored and external storage;
The privacy authority collection that (4b) defines android system is combined into SP, the authority set of application software PERCOM peripheral communication is combined into ST, wherein, PERCOM peripheral communication mode includes short message, network and bluetooth;
The interception code of (4c) collusion attack management module is after android system startup, when the application software A tune of user installation With the function interface of communications conduit between application software, and while passing data to the application software B of user installation, is triggered, and intercepts Whether code is inquired in malicious application software database at least there are the title of the application software of a user installation, if so, Android system returns to the execution flow of application software script, otherwise, intercepts code and the application software of user installation is obtained use The authority information deposit privacy authority set S that family privacy information needs are appliedP, while the application software progress of user installation is outer Portion's communication needs the authority information applied to be stored to PERCOM peripheral communication permission set ST
The authority set that (4d) defines the application software A of user installation is combined into SA, the authority set of the application software B of user installation is combined into SB
The authority information of the application software A of user installation is stored in permission set by the code that intercepts of (4e) collusion attack management module SA, while the authority information of the application software B of user installation is stored in permission set SB, and judge SP、ST、SAAnd SBWhether simultaneously Meet the pre-defined collusion attack rules of competence, if so, the data that null value is replaced function interface to transmit by code are intercepted, as The return value of function interface realizes the interception to Content of Communication, and the title of application software A and application software B is added to evil It anticipates in application of software data library, otherwise android system returns to the execution flow of application software script.
2. the guard method of the user privacy information stored in Android according to claim 1, which is characterized in that step Suddenly construction feature vector set described in (1a) realizes that step is:
The all permissions information that (1a1) provides android system is numbered:
The all permissions information provided in alphabetical order android system arranges, and to all permissions arranged Information is numbered, and obtains the corresponding permission number P of all permissions informationj
(1a2) defined feature vector matrix M:
Using the type of the application software in application sample set as last row of matrix M, by the corresponding power of all permissions information Limit number PjAccording to being ranked sequentially from small to large, remaining row of different rights number as matrix M are obtained, using in sample set Application software AiAs the row of matrix M, the expression formula of eigenvectors matrix M is obtained:
M={ mij,ti(p+1)|1≤i≤n,1≤j≤p}
Wherein mijIt represents using the application software A in sample setiIt is P in permission numberjAuthority credentials, ti(p+1)It represents using sample The application software A of concentrationiTypes value, the line number of i representing matrixes M, the row number of j representing matrixes M, n represented using in sample set The number of application software, p represent the number for all permissions information that android system provides;
(1a3) is as the application software A in application sample setiWith permission number PjCorresponding authority information, by mij1 is assigned a value of, when Using the application software A in sample setiWithout permission number PjCorresponding authority information, by mij0 is assigned a value of, when using sample The application software A of concentrationiFor malicious application software, by ti(p+1)1 is assigned a value of, the application software A in application sample setiIt is normal Application software, by ti(p+1)0 is assigned a value of, obtains eigenvectors matrix M, and using eigenvectors matrix M as set of eigenvectors.
3. the guard method of the user privacy information stored in Android according to claim 1, which is characterized in that step Suddenly the feature vector of the corresponding application software of authority information set S is built described in (2b), realizes that step is:
(2b1) defined feature vector V:
The corresponding permission number P of all permissions information that step (1a1) is obtainedjAccording to being ranked sequentially from small to large, one is obtained By different rights number as the feature vector V arranged, the expression formula of feature vector V is row:
V={ vj|1≤j≤p}
Wherein vjRepresent that permission number is PjAuthority credentials, j represents the row number of feature vector V, and p represents what android system provided The number of all permissions information;
(2b2) is when there are permission number P in authority information set SjCorresponding authority information, by vj1 is assigned a value of, works as authority information Permission number P is not present in set SjCorresponding authority information, by vj0 is assigned a value of, obtains feature vector V, and by feature vector V Feature vector as the corresponding application software of authority information set S.
4. the guard method of the user privacy information stored in Android according to claim 1, which is characterized in that step Suddenly judge S described in (4e)P、ST、SAAnd SBWhether meet the pre-defined collusion attack rules of competence simultaneously, refer to:
Wherein, SPRepresent the privacy authority set of android system, STRepresent the permission set of application software PERCOM peripheral communication, SATable Show the permission set of the application software A of user installation, SBRepresent the permission set of the application software B of user installation,Represent empty Collection, formula (1) represent SAWith SPIntersection for empty set, i.e. the application software that the application software A of user installation has user installation obtains The permission that user privacy information needs is taken to apply, formula (2) represent SAWith STIntersection be empty set, i.e. user installation application software A Application software without user installation carries out the permission that PERCOM peripheral communication needs are applied, formula (3) represents SBWith STIntersection for sky There is the application software of user installation to carry out the permission that PERCOM peripheral communication needs are applied, formula by collection, i.e. the application software B of user installation (4) S is representedBWith SPIntersection for empty set, i.e. the application software that the application software B of user installation does not have user installation is obtained and is used The permission that family privacy information needs are applied.
CN201810024121.8A 2018-01-10 2018-01-10 Method for protecting user privacy information stored in Android Active CN108229158B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810024121.8A CN108229158B (en) 2018-01-10 2018-01-10 Method for protecting user privacy information stored in Android

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810024121.8A CN108229158B (en) 2018-01-10 2018-01-10 Method for protecting user privacy information stored in Android

Publications (2)

Publication Number Publication Date
CN108229158A true CN108229158A (en) 2018-06-29
CN108229158B CN108229158B (en) 2019-12-24

Family

ID=62641715

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810024121.8A Active CN108229158B (en) 2018-01-10 2018-01-10 Method for protecting user privacy information stored in Android

Country Status (1)

Country Link
CN (1) CN108229158B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109787945A (en) * 2017-11-15 2019-05-21 武汉斗鱼网络科技有限公司 The implementation method and device of nest in a kind of android system
CN110309628A (en) * 2019-05-24 2019-10-08 北京指掌易科技有限公司 A kind of method of the safe sharing of mobile terminal application
CN110309646A (en) * 2019-06-28 2019-10-08 广州小鹏汽车科技有限公司 Personal information protecting method, protective device and vehicle
CN111131189A (en) * 2019-12-09 2020-05-08 维沃移动通信有限公司 Data protection method and electronic equipment
CN111984434A (en) * 2020-06-23 2020-11-24 北京智慧章鱼科技有限公司 Cross-process data reading and writing method and device based on android system and storage medium
CN113190836A (en) * 2021-03-29 2021-07-30 贵州电网有限责任公司 Web attack behavior detection method and system based on local command execution
CN113282909A (en) * 2021-05-11 2021-08-20 南京大学 Equipment fingerprint information acquisition item identification method
CN113449332A (en) * 2020-03-24 2021-09-28 中国电信股份有限公司 Access right monitoring method and device and computer readable storage medium
CN116561808A (en) * 2023-07-05 2023-08-08 北京瑞莱智慧科技有限公司 Security determination method, device, equipment and medium for secure multiparty calculation
CN117313110A (en) * 2023-11-27 2023-12-29 北京网藤科技有限公司 Method and system for protecting integrity and running state of software

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140093121A1 (en) * 2012-10-01 2014-04-03 Fujitsu Limited Image processing apparatus and method
US8837738B2 (en) * 2011-04-08 2014-09-16 Arizona Board Of Regents On Behalf Of Arizona State University Methods, systems, and apparatuses for optimal group key management for secure multicast communication
CN105653979A (en) * 2015-12-29 2016-06-08 银江股份有限公司 Code injection based privacy information protection method
JP5974463B2 (en) * 2011-11-29 2016-08-23 富士通株式会社 Digital watermark embedding device, digital watermark embedding method, digital watermark detection device, and digital watermark detection method
CN106845240A (en) * 2017-03-10 2017-06-13 西京学院 A kind of Android malware static detection method based on random forest
CN106997434A (en) * 2017-03-28 2017-08-01 西安电子科技大学 Secret protection module and guard method based on android system
CN107153789A (en) * 2017-04-24 2017-09-12 西安电子科技大学 The method for detecting Android Malware in real time using random forest grader
CN107463847A (en) * 2017-09-18 2017-12-12 中国民航大学 A kind of authority collusion attack detection method under android system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8837738B2 (en) * 2011-04-08 2014-09-16 Arizona Board Of Regents On Behalf Of Arizona State University Methods, systems, and apparatuses for optimal group key management for secure multicast communication
JP5974463B2 (en) * 2011-11-29 2016-08-23 富士通株式会社 Digital watermark embedding device, digital watermark embedding method, digital watermark detection device, and digital watermark detection method
US20140093121A1 (en) * 2012-10-01 2014-04-03 Fujitsu Limited Image processing apparatus and method
CN105653979A (en) * 2015-12-29 2016-06-08 银江股份有限公司 Code injection based privacy information protection method
CN106845240A (en) * 2017-03-10 2017-06-13 西京学院 A kind of Android malware static detection method based on random forest
CN106997434A (en) * 2017-03-28 2017-08-01 西安电子科技大学 Secret protection module and guard method based on android system
CN107153789A (en) * 2017-04-24 2017-09-12 西安电子科技大学 The method for detecting Android Malware in real time using random forest grader
CN107463847A (en) * 2017-09-18 2017-12-12 中国民航大学 A kind of authority collusion attack detection method under android system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
俞航坚: "《中国优秀硕士学位论文全文数据库信息科技辑(月刊)》", 31 May 2016 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109787945B (en) * 2017-11-15 2021-09-07 武汉斗鱼网络科技有限公司 Method and device for realizing user component in Android system
CN109787945A (en) * 2017-11-15 2019-05-21 武汉斗鱼网络科技有限公司 The implementation method and device of nest in a kind of android system
CN110309628A (en) * 2019-05-24 2019-10-08 北京指掌易科技有限公司 A kind of method of the safe sharing of mobile terminal application
CN110309628B (en) * 2019-05-24 2021-06-01 北京指掌易科技有限公司 Method for safely sharing application of mobile terminal
CN110309646A (en) * 2019-06-28 2019-10-08 广州小鹏汽车科技有限公司 Personal information protecting method, protective device and vehicle
CN111131189A (en) * 2019-12-09 2020-05-08 维沃移动通信有限公司 Data protection method and electronic equipment
CN113449332A (en) * 2020-03-24 2021-09-28 中国电信股份有限公司 Access right monitoring method and device and computer readable storage medium
CN111984434A (en) * 2020-06-23 2020-11-24 北京智慧章鱼科技有限公司 Cross-process data reading and writing method and device based on android system and storage medium
CN111984434B (en) * 2020-06-23 2024-04-02 北京智慧章鱼科技有限公司 Cross-process data read-write method and device based on android system and storage medium
CN113190836A (en) * 2021-03-29 2021-07-30 贵州电网有限责任公司 Web attack behavior detection method and system based on local command execution
CN113282909A (en) * 2021-05-11 2021-08-20 南京大学 Equipment fingerprint information acquisition item identification method
CN113282909B (en) * 2021-05-11 2024-04-09 南京大学 Equipment fingerprint information acquisition item identification method
CN116561808A (en) * 2023-07-05 2023-08-08 北京瑞莱智慧科技有限公司 Security determination method, device, equipment and medium for secure multiparty calculation
CN116561808B (en) * 2023-07-05 2023-09-15 北京瑞莱智慧科技有限公司 Security determination method, device, equipment and medium for secure multiparty calculation
CN117313110A (en) * 2023-11-27 2023-12-29 北京网藤科技有限公司 Method and system for protecting integrity and running state of software

Also Published As

Publication number Publication date
CN108229158B (en) 2019-12-24

Similar Documents

Publication Publication Date Title
CN108229158A (en) A kind of guard method of the user privacy information stored in Android
CN104766012B (en) The data safety dynamic testing method and system followed the trail of based on dynamic stain
Yu et al. Deescvhunter: A deep learning-based framework for smart contract vulnerability detection
Narayanan et al. Context-aware, adaptive, and scalable android malware detection through online learning
Xi et al. Deepintent: Deep icon-behavior learning for detecting intention-behavior discrepancy in mobile apps
Andow et al. Uiref: analysis of sensitive user inputs in android applications
Lee et al. A novel approach for event detection by mining spatio-temporal information on microblogs
Zhu et al. Android malware detection based on multi-head squeeze-and-excitation residual network
JP6838560B2 (en) Information analysis system, information analysis method, and program
CN109614795B (en) Event-aware android malicious software detection method
CN105045715B (en) Leak clustering method based on programming mode and pattern match
CN111586695B (en) Short message identification method and related equipment
CN107832618A (en) A kind of SQL injection detecting system and its method based on fine granularity control of authority
CN117375792B (en) Method and device for detecting side channel
CN114036059A (en) Automatic penetration testing system and method for power grid system and computer equipment
CN112817877A (en) Abnormal script detection method and device, computer equipment and storage medium
US20150310199A1 (en) Secure data entry
Rahman et al. Permpress: Machine learning-based pipeline to evaluate permissions in app privacy policies
CN109344614A (en) A kind of Android malicious application online test method
CN105631336A (en) System and method for detecting malicious files on mobile device, and computer program product
CN107239387A (en) A kind of data exception detection method and terminal
Singh et al. Understanding research trends in android malware research using information modelling techniques
CN106020923A (en) SELinux strategy compiling method and system
CN116167057B (en) Code dynamic safe loading method and device based on key code semantic detection
CN116778306A (en) Fake object detection method, related device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant