移动应用的恶意和风险性判定准则及流程研究

Criteria and Process for Maliciousness Malevolence and Risk of Mobile Application

针对移动互联网中存在的恶意应用及风险应用,本文从用户使用、国家监管、网络保障以及运营需求四大角度,设计并详细阐述了对于移动应用的风险判定模型,该模型从网络通信、资源调用、资费扣取、内容使用四个方面对各种应用的使用行为进行归类,并将其行为分为恶意、风险和安全三大类别。之后,基于该模型提出的四个方面,提出移动应用安全判定的通用流程。最后,分析了在一些典型应用中如何使用该流程。

Aiming at the malicious and risk software in the mobile intemet, and from four aspects of consumer use, state supervision, network security and operation requirements is designed and described in detail.This modelclassifies usage behavior of various applications from fields of network communication, resources transfer, tariff deduction and content use, and divides these into three categories, including maliciousness, risk and security behavior. Consequently, based on the four metrics mentioned above, a general process for mobile application security judgment is proposed. Finally, some typical examples on how to apply this process are given.