| 摘要: |
| 随着移动应用(App)的广泛使用,移动应用的安全事件也频频发生。从数以亿计的移动应用中准确地识别出潜在的安全隐患成为了信息安全领域重要的难题之一。移动应用数量级增长的同时,也产生了海量的应用安全数据。这些数据使得移动应用的安全解析成为了可能。本文分别从用户界面解析、重打包应用检测、应用功能与安全行为一致性检测、基于上下文的恶意行为检测、终端用户应用管理和使用行为分析这五个方面介绍了移动应用安全解析学目前的成果。同时,基于以上的研究成果,对未来的研究方向进行了展望,并讨论了这些研究方向面临的挑战。 |
| 关键词: 移动安全 数据解析 机器学习 程序分析 |
| DOI:10.19363/j.cnki.cn10-1380/tn.2016.02.001 |
| 投稿时间:2016-03-08修订日期:2016-04-26 |
| 基金项目:本文工作得到国家科技部863计划项目(2015AA01A202);国家自然科学基金委创新群体项目(61421091);海外合作基金项目(61529201)和国家自然科学基金青年-面上连续资助项目(61370020);美国自然科学基金(CNS-1513939);谷歌教授研究奖的资助。 |
|
| Security Analytics for Mobile Apps: Achievements and Challenges |
| YANG Wei,XIAO Xusheng,LI Dengfeng,LI Huoran,LIU Xuanzhe,WANG Haoyu,GUO Yao,XIE Tao |
| Department of Computer Science, University of Illinois at Urbana-Champaign, Urbana, 61801, USA;NEC Laboratories America, Princeton, 08540, USA;School of Electronics Engineering and Computer Science, Peking University, Beijing 100871, China |
| Abstract: |
| With the increasing popularity of mobile apps, security incidents of mobile apps frequently occur. Accurately identifying security threats among billions of mobile apps has become an important and difficult topic in information security. In the meantime, the increasing number of mobile apps leads to a massive amount of mobile security data, which enables security analytics for mobile apps. In this article, we illustrate recent research achievements on mobile security analytics from five different perspectives:User Interface (UI) analytics, identification of repackage apps, consistency checking between apps functionality and security behaviors, context-sensitive detection of malicious behaviors, and client app management/usage. We also discuss future directions on security analytics for mobile apps, along with challenges in these directions. |
| Key words: mobile security data analytics machine learning program analysis |
