| 引用本文: |
-
姜艾,李振源,张帆,蒋屹新,徐文倩,梁志宏.移动平台间谍软件防范:洞察、挑战与展望[J].信息安全学报,已采用 [点击复制]
- Yi Jiang,Zhenyuan LI,Fan Zhang,Yixin Jiang,Wenqian XU,Zhihong Liang.Mobile Spyware and Its Detection: A Survey[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 随着移动设备的普及与性能提升,手机已取代个人电脑,成为个人信息处理的主要工具,承载着大量重要或敏感数据,也因此成为继主机、云平台和工控系统之后的新一代网络攻击主要目标。2010年左右,早期移动平台间谍软件(如FlexiSPY、Spyera等)开始流行,它们驻扎于移动设备中,监控电话、短信、社交媒体、电子邮件及GPS位置等信息,并具备远程操控设备的能力。与此同时,移动设备硬件与操作系统的不断升级催生了以“飞马”(Pegasus)为代表的新一代间谍软件,其能够利用零日漏洞实施“零点击”攻击,呈现出典型的链条化、体系化攻击模式,对包括我国在内的全球网络安全构成严重威胁。然而,当前针对移动端间谍软件的防护手段与工具仍较为匮乏,内置安全机制、碎片化的主动检测技术和被动的离线取证难以有效抵御此类高级威胁,导致攻防能力呈现显著的“非对称性”。基于此,本文从攻击与防御两个维度,对移动平台间谍软件的攻击技术(如渗透、提权、规避)与防御机制(如检测、取证、溯源)进行了系统的调研与梳理。研究深度分析了现有防御体系的普遍短板,并凝练出当前领域面临的三大核心挑战:信任生态的持续侵蚀、安全与性能之间的固有矛盾、以及取证的复杂性及其对抗性升级。为应对上述挑战,本文在总结研究洞察的基础上,进一步借鉴主机端安全领域的成熟经验,前瞻性地设计了一套集实时检测、动态取证与主动溯源于一体的移动端实时攻击分析框架。该框架旨在推动移动安全从被动的“事件响应”向主动的“威胁预测与对抗”范式转型,为相关领域的研究与实践提供有益的理论支撑。 |
| 关键词: 移动计算 间谍软件 恶意文件检测 取证分析 |
| DOI: |
| 投稿时间:2025-07-23修订日期:2025-09-22 |
| 基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目) |
|
| Mobile Spyware and Its Detection: A Survey |
|
Yi Jiang1, Zhenyuan LI1, Fan Zhang1, Yixin Jiang2, Wenqian XU2, Zhihong Liang2
|
| (1.Zhejiang University;2.Electric Power Research Institute) |
| Abstract: |
| With the proliferation and enhanced performance of mobile devices, smartphones have replaced personal computers as the primary tools for managing personal information. They carry a vast amount of important or sensitive data, making them a prime target for the next generation of network attacks following PCs, cloud, and industrial control platforms. Around 2010, early mobile platform spyware such as FlexiSPY and Spyera began to gain popularity. These programs reside on mobile devices, monitoring calls, text messages, social media, emails, GPS locations, and are capable of re-motely controlling the device. However, the continuous evolution of mobile hardware and operating systems has cata-lyzed a new generation of sophisticated spyware, epitomized by Pegasus. This advanced malware leverages zero-day vulnerabilities to execute "zero-click" attacks, demonstrating systematic, chain-like attack patterns that pose a severe threat to global cybersecurity. In response, current defensive measures are critically inadequate. Built-in security mecha-nisms, fragmented active detection techniques, and passive offline forensics are unable to effectively counter these ad-vanced threats, leading to a significant "asymmetry" in offensive and defensive capabilities. Against this backdrop, this paper systematically surveys mobile spyware from the dual perspectives of attack and defense. We analyze key attack techniques, including penetration, privilege escalation, and evasion, and examine corresponding defensive mechanisms such as detection, forensics, and tracing. Our study thoroughly investigates the shortcomings of existing defense systems and identifies three core challenges confronting the field: the continuous erosion of the mobile trust ecosystem, the in-herent trade-off between security and performance, and the escalating complexity and adversarial nature of digital fo-rensics. To address these challenges, and drawing upon mature strategies from the host security domain, this paper pro-actively designs an integrated, real-time mobile attack analysis framework. This framework combines real-time detec-tion, dynamic forensics, and active tracing to shift the mobile security paradigm from passive "incident response" to a proactive model of "threat prediction and confrontation." Ultimately, this work aims to provide beneficial theoretical support for future research and practice in the field of mobile security. |
| Key words: mobile computing spyware malware detection forensic analysis |
