CN108289073A - 基于安卓的app安全检测系统 - Google Patents
基于安卓的app安全检测系统 Download PDFInfo
- Publication number
- CN108289073A CN108289073A CN201710011621.3A CN201710011621A CN108289073A CN 108289073 A CN108289073 A CN 108289073A CN 201710011621 A CN201710011621 A CN 201710011621A CN 108289073 A CN108289073 A CN 108289073A
- Authority
- CN
- China
- Prior art keywords
- app
- safety
- detection
- android
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000001514 detection method Methods 0.000 claims abstract description 31
- 230000003068 static effect Effects 0.000 claims description 7
- 238000005516 engineering process Methods 0.000 claims description 5
- 230000001737 promoting effect Effects 0.000 abstract 1
- 238000000034 method Methods 0.000 description 10
- 238000004458 analytical method Methods 0.000 description 6
- 230000004224 protection Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 238000013500 data storage Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 2
- 238000012856 packing Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 244000144985 peep Species 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Virology (AREA)
- Databases & Information Systems (AREA)
- Bioethics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
本发明基于安卓的APP安全检测系统,从基于Android的APP应用开始入手,对当前常见的几类安全问题进行了分析,提出了对这些安全问题的检测方法和思路,智能终端的普及促进了各种APP应用的快速发展,这些应用极大地方便了人们的工作生活,但是在APP应用快速发展的同时由于其自身存在的一些安全问题也给民众造成了巨大的危害:个人隐私信息泄露、银行账户被窃取等;只有及时地发现存在的安全问题,才能更好地提高APP应用的安全性。
Description
技术领域
本发明是Android平台上的APP安全检测技术领域。
背景技术
随着智能终端的大量普及,各种APP应用应运而生,金融类APP、生活类APP,以及娱乐类APP应用程序数量众多,这些APP应用极大地方便了人们的生活,足不出户即可实现购物、订餐、金融等服务;但是这些APP应用在极大地便利了人们的同时还带来了一系列的安全问题,这些安全问题都可能造成个人信息泄露、财产损失等;如何对APP应用程序进行安全检测,提高APP的安全性成为目前一个亚需解决的问题。
发明内容
Android的APP应用程序的安全分析:在当前众多的APP应用中面临一系列的安全威胁,这些安全威胁都可能给民众造成巨大的损失,APP存在的主要安全问题有以下几方面;
1.程序安全:
(1)反编译二次打包安全:由于大部分基于Android的APP应用程序没有进行加壳保护,导致APP可以被攻击者反编译,反编译后植入广告、恶意代码、病毒等重新打包;二次打包后虽然从性能、用户体验、外观都与正规APP一模一样,但后台却在悄悄地进行着窃取用户信息、界面劫持、偷窥隐私、广告骚扰等恶意行为;
(2)Android组件安全:APP应用程序的后台服务、Content Provider、第三方调用和广播等组件权限的设置存在安全问题,导致数据失窃密等;
2.数据安全:
(1)Log日志安全:Log日志是APP运行期间自身产生的,是对程序运行情况的记录和监控,通过Log日志可以详细了解APP内部的运行状况;
(2)本地储存数据安全:本地文件存储经常会使用以下方式,同样也会遇到一些安全问题;
SharedPreferences:通过一个key-Value(键值对)来存储一些轻量级的数据,用于保存一些软件配置信息等小型数据,黑客破解后可以读取和修改value值;
文件存储:是文件(I/O)存储方案,用于存储大数量的数据;内容提供者:也称ContentProvider,是指能实现所有应用程序共享的一种数据存储方式;
SQLite数据库:是一种嵌入式的、关系型的数据库,黑客可以修改一些SQL语句或者读取数据库中的数据信息,导致APP用户的信息泄露;
3.数据传输安全
(1)网络监听与攻击:APP运行时,可以通过特定的工具对APP和外界之间发送或接收的网络包进行抓取;获取网络包后,可以分析APP自身的网络协议,从而针对服务器进行攻击,或逆向分析网络包的加密算法;
(2)登录请求重发攻击:大部分APP使用的是HTTP的传输,这样在网络请求时很容易被嗅探到数据,如果对登录过程中的网络封包进行重放攻击测试,攻击者可能会登录到系统,从而获取用户敏感信息。
Android的APP应用程序安全检测技术内容:
1.组件安全检测对Activity安全、Broadcast Receiver安全、Service安全、ContentProvider安全、Intent安全和WebView的规范使用检测分析,发现因为程序中不规范使用导致的组件漏洞;
2.代码安全检测:对代码混淆、Dex保护、SO保护、资源文件保护以及第三方加载库的代码的安全处理进行检测分析,发现代码被反编译和破解的漏洞;
3.内存安全检测:检测APP运行过程中的内存处理和保护机制进行检测分析,发现是否存在被修改和破坏的漏洞风险;
4.数据安全检测:对数据输入、数据存储、存储数据类别、数据访问控制、敏感数据加密、内存数据安全、数据传输、证书验证、远程数据通信加密、数据传输完整性、本地数据通讯安全、会话安全、数据输出、调试信息、敏感信息显示等过程进行漏洞检测,发现数据存储和处理过程中被非法调用、传输和窃取漏洞;
5.业务安全检测:对用户登录,密码管理,支付安全,身份认证,超时设置,异常处理等进行检测分析,发现业务处理过程中的潜在漏洞;
6.应用管理检测:
(1)下载安装:检测是否有安全的应用发布渠道供用户下载,检测各应用市场是否存在二次打包的恶意应用;
(2)应用卸载:检测应用卸载是否清除完全,是否残留数据;
(3)版本升级:检测是否具备在线版本检测、升级功能;检测升级过程是否会被第三方劫持、欺骗等漏洞。
APP应用程序漏洞安全检测技术:和传统的PC程序安全检测相比对APP应用程序漏洞的安全检测也分为动态检测和静态检测两部分;
1.静态检测:静态检测主要通过检测工具对APP应用程序的权限配置、程序代码进行检测;最常用的方法就是反编译,dex2jar和apktool分别代有两种反编译方式,dex2jar反编译出java源代码,apktool反编译出来的是java汇编代码;
通过静态反编译可以分析APP应用程序组件的配置与权限,检查APP代码的安全性;同时通过对源码的分析了解APP加密机制和数据存储位置;采用静态反编译方法对APP应用程序进行安全检测可以最大限度地对APP的安全性进行分析;
2.动态检测:除了静态对APP应用程序进行检测外,由于检测内容和APP自身安全加固的问题还可以利用动态方式对APP应用程序进行安全检测;
(1)brupsuite:利用brupsuite工具设置代理服务器,可以对APP应用程序中的http协议内容进行检测和分析,利用这种方法可以检测APP是否采用加密传输机制、登陆重放攻击等安全检测;
(2)IDA Pro:采用动态调试的方法可以对一些采用了加壳技术的APP程序进行检测,这样可以发现嵌入APP应用程序中的恶意程序,是一种比较深入的安全检测方式。
Claims (2)
1.基于安卓的APP安全检测系统,Android的APP应用程序安全检测内容包括组件安全检测、代码安全检测、内存安全检测、数据安全检测、业务安全检测和应用管理检测。
2.基于安卓的APP安全检测系统,采用APP应用程序漏洞安全检测技术的静态检测和动态检测来发现安全问题。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710011621.3A CN108289073A (zh) | 2017-01-07 | 2017-01-07 | 基于安卓的app安全检测系统 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710011621.3A CN108289073A (zh) | 2017-01-07 | 2017-01-07 | 基于安卓的app安全检测系统 |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108289073A true CN108289073A (zh) | 2018-07-17 |
Family
ID=62819129
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710011621.3A Withdrawn CN108289073A (zh) | 2017-01-07 | 2017-01-07 | 基于安卓的app安全检测系统 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108289073A (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108920960A (zh) * | 2018-07-26 | 2018-11-30 | 北京盘石信用管理有限公司 | 一种app安全验证方法及系统 |
CN113497743A (zh) * | 2020-04-07 | 2021-10-12 | 陈美章 | 一种网络应用监测分析系统及方法 |
-
2017
- 2017-01-07 CN CN201710011621.3A patent/CN108289073A/zh not_active Withdrawn
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108920960A (zh) * | 2018-07-26 | 2018-11-30 | 北京盘石信用管理有限公司 | 一种app安全验证方法及系统 |
CN113497743A (zh) * | 2020-04-07 | 2021-10-12 | 陈美章 | 一种网络应用监测分析系统及方法 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Alwan et al. | Detection and prevention of SQL injection attack: a survey | |
Kouliaridis et al. | A survey on mobile malware detection techniques | |
Arshad et al. | Android malware detection & protection: a survey | |
US10447730B2 (en) | Detection of SQL injection attacks | |
KR102368170B1 (ko) | 멀웨어의 자동화된 런타임 검출 | |
Bhandari et al. | Android inter-app communication threats and detection techniques | |
US11973780B2 (en) | Deobfuscating and decloaking web-based malware with abstract execution | |
US9892259B2 (en) | Security protection system and method | |
Skovoroda et al. | Securing mobile devices: malware mitigation methods. | |
Mos et al. | Mobile security: A look into android | |
CN112149123A (zh) | 一种应用程序的安全检查系统及方法 | |
Deng et al. | Lexical analysis for the webshell attacks | |
Albakri et al. | Survey on Reverse‐Engineering Tools for Android Mobile Devices | |
Feng et al. | Defense-in-depth security strategy in LOG4J vulnerability analysis | |
CN108289073A (zh) | 基于安卓的app安全检测系统 | |
Jang et al. | Function‐Oriented Mobile Malware Analysis as First Aid | |
Vigna et al. | Host-based intrusion detection | |
Vasudeo et al. | IMMIX-intrusion detection and prevention system | |
Viljanen | A survey on application level intrusion detection | |
Sharma et al. | Smartphone security and forensic analysis | |
Qi et al. | A comparative study on the security of cryptocurrency wallets in android system | |
Lei et al. | Self-recovery Service Securing Edge Server in IoT Network against Ransomware Attack. | |
Wang et al. | MobileGuardian: A security policy enforcement framework for mobile devices | |
Chen et al. | Identifying threat patterns of android applications | |
Kono et al. | An unknown malware detection using execution registry access |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20180717 |