基于意图推断的移动应用威胁感知与抑制研究

Various of mobile applications have been widely used in people’s daily life. While providing convenience for users, the ability to access security sensitive resources of apps pose threats to users' privacy and property security. Due to the complexity of program behavior and the low level of user cognition, existing approaches cannot accurately perceive and suppress the security threat of apps. In this proposal, we first construct programmatic portraits, behavioral portraits, and context portraits based on the combination of dynamic and static analysis technologies. These portraits can depict the sensitive behaviors and their context accurately. Then we try to discover behavior characteristics that can be used to distinguish between normal and malicious intentions, and behavior characteristics that can be used to detect specific intentions such as advertising and navigation. Thus, the intentions of security sensitive behaviors can be inferred based on these characteristics. Finally, the user's intentions are inferred according to the user's behavior and the distances between user's intentions and program's intentions are measured to generate individuality security policies automatically. The security policies are followed based on the introduction of virtual resources and elastic mobile cloud computing. The results produced by this project can fill the semantic gap between program behavior and human intentions, block the behavior of apps that violate the users’ expectations, and provide theoretical and technique support for building a benign and health mobile application ecological environment.

各式各样的移动应用已经融入了人们的生活。移动应用使用敏感资源的能力在为用户提供便利的同时，也对用户的隐私和财产安全造成严重威胁。由于移动应用行为的复杂性和用户认知的局限性，现有方法无法帮助用户准确地感知和抑制来自移动应用的安全威胁。本项目首先通过动静结合的程序分析方法构建程序画像、行为画像和场景画像，实现敏感行为及其相关信息的准确刻画，揭示当前应用“是什么、能干什么”；然后发掘能够区分正常意图和恶意意图的特征，实现敏感行为的意图倾向和具体意图的自动推断，推断当前应用“想干什么”，并通过引入拒识机制来确保推断的准确性；最后，根据用户动作推断用户意图，度量用户意图和程序意图的距离，在此基础上实现个性化、细粒度的移动应用威胁感知与抑制。该项目成果可期自动阻挡移动应用违背用户意愿的行为，为构建良性、健康的移动应用生态环境提供理论和技术支持。

由于移动应用行为的复杂性和用户认知的局限性，现有方法无法帮助用户准确地感知和抑制来自移动应用的安全威胁。为了实现移动应用潜在攻击意图的推断与感知，本项目首先对基于深度学习的主题模型进行了分析总结，在此基础上，提出一种基于词共现信息的主题抽取模型和一种隐含主题信息的生成式文本摘要模型用于意图推断。主题抽取模型使用词嵌入来计算词汇之间的语义相似度，并将该相似度融入到一种噪声双词主题模型中，实验表明本方法能够有效抽取短文本中的主题信息；文本摘要模型能够刻画潜在主题特征并用于指导摘要文本生成方法，使得生成的摘要准确性高于基准模型。针对现有Android恶意代码检测方法容易被绕过的问题，本项目提出一种强对抗性的Android恶意代码检测方法：首先设计实现了一种动静态分析相结合的移动应用行为分析方法，该方法能够破除多种反分析技术的干扰，稳定可靠地提取移动应用的权限信息、防护信息和行为信息；在此基础上，提取出能够抵御模拟攻击的能力特征和行为特征，并利用一个基于长短时记忆网络的模型实现恶意代码检测，实验结果证明该方法能够抵御多种反分析机制的干扰，准确地检测Android恶意代码。在项目执行期间，共发表论文7篇，其中SCI收录1篇，EI收录3篇。获批软件著作权1项，培养硕士研究生3名。