对抗分析技术对安卓生态系统安全性影响研究  被引量：4

作　　者：张桢宇 朱东来[1] 杨哲慜[1] 杨珉[1] ZHANG Zhen-yu;ZHU Dong-lai;YANG Zhe-min;YANG Min(Software School,Fudan University,Shanghai 201203 ,China)

机构地区：[1]复旦大学软件学院

出　　处：《小型微型计算机系统》2019年第8期1767-1774,共8页Journal of Chinese Computer Systems

基　　金：国家自然科学基金项目(61602121,61602123,U1636204,U1736208)资助;国家重点基础研究发展计划项目(2015CB358800)资助

摘　　要：对抗分析技术是指一系列能够干扰程序分析的技术手段,良性软件作者使用对抗分析技术以保护应用不被非法破解,而恶意软件作者使用对抗分析技术以规避检测.然而,目前尚未出现针对对抗分析技术对安卓生态系统安全性影响的系统性研究.为了实现此研究,本文设计并实现了自动化加固工具AATPacker. AATPacker能够对样本自动化地附加动态代码加载,反模拟器,反调试及完整性检查等四类对抗分析技术.本文首次将商业化加固服务纳入了安卓生态系统中反对抗分析能力评估的研究范围.本文利用AATPacker对31个原始样本附加不同种类组合的对抗分析技术,生成共计239个应用样本,并用其进行实验.本文发现现有反对抗研究工作尚未在实际安卓生态系统中得到足够应用,使用对抗分析技术能够极大地干扰安卓生态系统中各环节的安全性检查,使恶意软件检出率降低,而良性软件却可能遭到误报;在不同种类的对抗分析技术中,动态代码加载技术对安卓生态系统的安全性影响最为显著.Anti-analysis techniques refers to a series of mechanisms to evade program analysis. Benign application authors use anti-analysis techniques to protect their application from cracking by other developers,while malware authors use anti-analysis techniques to evade detection. However,there isn’t any systematic study on the influence of anti-analysis techniques on the security of Android ecosystem. To conduct this study,w e design and implement AATPacker,which can apply dynamic code loading,anti-emulator,anti-debug and integrity check techniques to APK files automatically. We are the first to evaluate the anti-anti-analysis ability of the commercial packing services. We conduct our experiment on 239 application samples which are hardened from 31 original samples with different combinations of anti-analysis techniques by AATPacker. We observed that current anti-anti-analysis researches are not fully used,and using anti-analysis techniques will dramatically hinder the security check in Android ecosystem. By applying anti-analysis techniques,the detection rate of malware significantly decreased;on the other side,benign application was falsely detected. Among all the anti-analysis techniques,dynamic code loading has the greatest impact on the security of Android ecosystem.

关 键 词：安卓 对抗分析技术 应用加固 反病毒引擎 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论]