基于函数调用图分析的NGB TVOS恶意应用检测方法
|
摘要
TVOS是我国自主研发的新一代具有自主知识产权、可管可控、安全高效的智能电视操作系统.TVOS自带应用商店是TVOS应用安装的唯一途径,但也对应用的检测提出了更高的要求.与Android应用不同,TVOS应用中很多权限和硬件调用均不涉及.采用函数调用图作为特征来弥补权限、API调用等在TVOS应用上表征能力上的不足的缺点.该方法采用基于核函数的分析方法和基于图相似度算法的分析方法提取TVOS应用的结构信息作为特征,使用SVM、RF、KNN 3种机器学习算法进行训练和分类.实验结果表明:所提出的基于函数调用图分析的NGB TVOS恶意应用检测方法能有效地检测出TVOS中的恶意应用,检测率最高达98.38%.
TVOS is a new generation of smart TV operating system independently developed by China with independent intellectual property rights,manageable and controllable,safe and efficient.TVOS owns application(app)stores that are the only way to install TVOS apps.However,it also imposes higher requirements on the detection of TWOS malicious applications(malapps).Moreover,different from Android apps,many permissions and hardware calls in TVOS apps are not involved.Therefore,we use the Function Call Graph(FCG)as features to make up for the shortcomings of TVOS apps that have insufficient characterization capabilities in terms of permissions and API calls and so on.This method adopts the analysis method based on kernel-based algorithm and graph similarity algorithm to extract the structural information of the TVOS app as features.We use three kinds of machine learning algorithms,i.e.,SVM,RF,and KNN,for training and classification.Experimental results show that the NGB TVOS malapp detection method based on FCG analysis can effectively detect malappsof TVOS.The detection rate is up to 98.38%.
TVOS is a new generation of smart TV operating system independently developed by China with independent intellectual property rights,manageable and controllable,safe and efficient.TVOS owns application(app)stores that are the only way to install TVOS apps.However,it also imposes higher requirements on the detection of TWOS malicious applications(malapps).Moreover,different from Android apps,many permissions and hardware calls in TVOS apps are not involved.Therefore,we use the Function Call Graph(FCG)as features to make up for the shortcomings of TVOS apps that have insufficient characterization capabilities in terms of permissions and API calls and so on.This method adopts the analysis method based on kernel-based algorithm and graph similarity algorithm to extract the structural information of the TVOS app as features.We use three kinds of machine learning algorithms,i.e.,SVM,RF,and KNN,for training and classification.Experimental results show that the NGB TVOS malapp detection method based on FCG analysis can effectively detect malappsof TVOS.The detection rate is up to 98.38%.
引文
[1]张仪.TVOS结束智能电视系统之争[J].卫星电视与宽带多媒体,2014(5):34-36.ZHANG Yi.TVOS ends the intelligent television system debate[J].Satellite TV&IP Multimedia,2014(5):34-36.(in Chinese)
[2]陈德林,黎政,王颖,等.NGB TVOS的软件架构及其主要技术特点[J].广播电视信息,2013(10):21-25.CHEN Delin,LI Zheng,WANG Ying,et al.NGBTVOS software architecture and its main technical characteristics[J].Radio&Television Information,2013(10):21-25.(in Chinese)
[3]张定京,王颖,黎政,等.NGB TVOS Java应用框架层API的封装模型分析[J].电视技术,2015,39(13):114-117.ZHANG Dingjing,WANG Ying,LI Zheng,et al.Analysis of package model for NGB TVOS Java application framework layer API[J].Video Engineering,2015,39(13):114-117.(in Chinese)
[4]张定京,王颖,付光涛,等.NGB TVOS组件层组件封装模型分析[J].广播电视信息,2015(8):37-40.ZHANG Dingjing,WANG Ying,FU Guangtao,et al.Analysis of component packaging model of NGB TVOScomponent Layer[J].Radio&Television Information,2015(8):37-40.(in Chinese)
[5]WANG X,CHEN D,SUN Y,et al.The security model of broadcast intelligent terminal application and technology realization on TVOS[C]//2nd International Conference on Teaching and Computational Science,2014.
[6]白伟,杨勍,王强,等.NGB TVOS应用签名机制解析[J].广播与电视技术,2015,42(7):96-99.BAI Wei,YANG Qing,WANG Qiang,et al.Analysis on NGB TVOS Apps signature mechanism[J].Radio&TV Broadcast Engineering,2015,42(7):96-99.(in Chinese)
[7]朱允斌,王明敏.基于智能电视操作系统TVOS 2.0的终端软件管理与应用开发探索[J].广播与电视技术,2016(3):40-43.ZHU Yunbin,WANG Mingmin.Terminal software management and application development based on TVOS 2.0[J].Radio&TV Broadcast Engineering,2016(3):40-43.(in Chinese)
[8]张定京,赵良福,付光涛,等.基于NGB电视操作系统业务应用探讨[J].广播电视信息,2013(10):26-29.ZHANG Dingjing,ZHAO Liangfu,FU Guangtao,et al.Discussion of business application based on NGB television operating system[J].Radio&Television Information,2013(10):26-29.(in Chinese)
[9]WANG X,WANG W,HE Y,et al.Characterizing Android apps’behavior for effective detection of malapps at large scale[J].Future Generation Computer Systems,2017,75:30-45.
[10]SUAREZ-TANGIL G,DASH S K,AHMADI M,et al.DroidSieve:fast and accurate classification of obfuscated Android malware[C]//Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy,2017:309-320.
[11]WANG W,GAO Z,ZHAO M,et al.DroidEnsemble:detecting Android malicious applications with ensemble of string and structural static features[J].IEEEAccess,2018,6:31798-31807.
[12]WANG W,WANG X,FENG D,et al.Exploring permission-induced risk in Android applications for malicious application detection[J].IEEE Transactions on Information Forensics and Security,2014,9(11):1869-1882.
[13]WANG W,LI Y,WANG X,et al.Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers[J].Future Generation Computer Systems,2018,78:987-994.
[14]LI Z,SUN J,YAN Q,et al.GranDroid:graph-based detection of malicious network behaviors in Android applications[C]//International Conrference on Secunity and Privaey in Commcnicaion Systems,2018:264-280.
[15]KIM J,KIM T G,IM E G.Structural information based malicious app similarity calculation and clustering[C]//Proceedings of the Conference on Research in Adaptive and Convergent Systems,2015:314-318.
[16]古辉,李荣荣.一种静态的Java程序函数调用关系图的构建方法[J].计算机系统应用,2012,21(5):209-212.GU Hui,LI Rongrong.A static function calls relationship chart building methods of Java[J].Computer Systems&Applications,2012,21(5):209-212.(in Chinese)
[17]王健康.Android应用程序的隐式控制流分析[D].合肥:中国科学技术大学,2016.WANG Jiankang.The implicit control flow analysis of Android applications[D].Hefei:University of Science and Technology of China,2016.(in Chinese)
[18]李鹤.基于多特征的Android恶意代码静态检测方法的研究[D].哈尔滨:哈尔滨工业大学,2015.LI He.Research on Android malware static detection method based on multiple features[D].Harbin:Harbin Institute of Technology,2015.(in Chinese)
[19]HIDO S,KASHIMA H.A linear-time graph kernel[C]//Ninth IEEE International Conference on Data Mining,2009:179-188.
[20]GASCON H,YAMAGUCHI F,ARP D,et al.Structural detection of android malware using embedded call graphs[C]//Proceedings of the ACM Workshop on Artificial Intelligence and Security,2013:45-54.
[2]陈德林,黎政,王颖,等.NGB TVOS的软件架构及其主要技术特点[J].广播电视信息,2013(10):21-25.CHEN Delin,LI Zheng,WANG Ying,et al.NGBTVOS software architecture and its main technical characteristics[J].Radio&Television Information,2013(10):21-25.(in Chinese)
[3]张定京,王颖,黎政,等.NGB TVOS Java应用框架层API的封装模型分析[J].电视技术,2015,39(13):114-117.ZHANG Dingjing,WANG Ying,LI Zheng,et al.Analysis of package model for NGB TVOS Java application framework layer API[J].Video Engineering,2015,39(13):114-117.(in Chinese)
[4]张定京,王颖,付光涛,等.NGB TVOS组件层组件封装模型分析[J].广播电视信息,2015(8):37-40.ZHANG Dingjing,WANG Ying,FU Guangtao,et al.Analysis of component packaging model of NGB TVOScomponent Layer[J].Radio&Television Information,2015(8):37-40.(in Chinese)
[5]WANG X,CHEN D,SUN Y,et al.The security model of broadcast intelligent terminal application and technology realization on TVOS[C]//2nd International Conference on Teaching and Computational Science,2014.
[6]白伟,杨勍,王强,等.NGB TVOS应用签名机制解析[J].广播与电视技术,2015,42(7):96-99.BAI Wei,YANG Qing,WANG Qiang,et al.Analysis on NGB TVOS Apps signature mechanism[J].Radio&TV Broadcast Engineering,2015,42(7):96-99.(in Chinese)
[7]朱允斌,王明敏.基于智能电视操作系统TVOS 2.0的终端软件管理与应用开发探索[J].广播与电视技术,2016(3):40-43.ZHU Yunbin,WANG Mingmin.Terminal software management and application development based on TVOS 2.0[J].Radio&TV Broadcast Engineering,2016(3):40-43.(in Chinese)
[8]张定京,赵良福,付光涛,等.基于NGB电视操作系统业务应用探讨[J].广播电视信息,2013(10):26-29.ZHANG Dingjing,ZHAO Liangfu,FU Guangtao,et al.Discussion of business application based on NGB television operating system[J].Radio&Television Information,2013(10):26-29.(in Chinese)
[9]WANG X,WANG W,HE Y,et al.Characterizing Android apps’behavior for effective detection of malapps at large scale[J].Future Generation Computer Systems,2017,75:30-45.
[10]SUAREZ-TANGIL G,DASH S K,AHMADI M,et al.DroidSieve:fast and accurate classification of obfuscated Android malware[C]//Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy,2017:309-320.
[11]WANG W,GAO Z,ZHAO M,et al.DroidEnsemble:detecting Android malicious applications with ensemble of string and structural static features[J].IEEEAccess,2018,6:31798-31807.
[12]WANG W,WANG X,FENG D,et al.Exploring permission-induced risk in Android applications for malicious application detection[J].IEEE Transactions on Information Forensics and Security,2014,9(11):1869-1882.
[13]WANG W,LI Y,WANG X,et al.Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers[J].Future Generation Computer Systems,2018,78:987-994.
[14]LI Z,SUN J,YAN Q,et al.GranDroid:graph-based detection of malicious network behaviors in Android applications[C]//International Conrference on Secunity and Privaey in Commcnicaion Systems,2018:264-280.
[15]KIM J,KIM T G,IM E G.Structural information based malicious app similarity calculation and clustering[C]//Proceedings of the Conference on Research in Adaptive and Convergent Systems,2015:314-318.
[16]古辉,李荣荣.一种静态的Java程序函数调用关系图的构建方法[J].计算机系统应用,2012,21(5):209-212.GU Hui,LI Rongrong.A static function calls relationship chart building methods of Java[J].Computer Systems&Applications,2012,21(5):209-212.(in Chinese)
[17]王健康.Android应用程序的隐式控制流分析[D].合肥:中国科学技术大学,2016.WANG Jiankang.The implicit control flow analysis of Android applications[D].Hefei:University of Science and Technology of China,2016.(in Chinese)
[18]李鹤.基于多特征的Android恶意代码静态检测方法的研究[D].哈尔滨:哈尔滨工业大学,2015.LI He.Research on Android malware static detection method based on multiple features[D].Harbin:Harbin Institute of Technology,2015.(in Chinese)
[19]HIDO S,KASHIMA H.A linear-time graph kernel[C]//Ninth IEEE International Conference on Data Mining,2009:179-188.
[20]GASCON H,YAMAGUCHI F,ARP D,et al.Structural detection of android malware using embedded call graphs[C]//Proceedings of the ACM Workshop on Artificial Intelligence and Security,2013:45-54.