摘要
在移动通信技术不断发展的今天,各式各样的应用出现在手机终端,其中最具代表性的业务就是移动支付应用,越来越多的用户选择移动终端进行支付,与此同时移动支付安全风险也日益凸显。文章针对移动用户面临的各类支付威胁,设计了一个基于云平台的移动支付类恶意软件检测系统。通过云端和手机端协作的方式,在云端通过Android模拟器模拟特殊的移动支付场景,在移动支付类APP运行前对其进行敏感行为自动化动态测试,输出并解析运行日志,通过自定义的判定规则判断其是否具有恶意行为,从而能够在恶意行为发生前检测出恶意软件。同时手机端设置了二次打包检测和钓鱼短信检测的功能,帮助用户避免下载山寨恶意软件或登录恶意网址后掉入黑客设置的陷阱从而泄露隐私信息,再辅之以静默安装的检测功能,防止子包在手机后台静默安装逃避系统检测,从而更全面有效地保护用户的移动支付安全。最后通过实验验证了该系统的有效性和实用性。
More and more users choose to use mobile terminals for payment. But at the same time, mobile payment security risks are becoming increasingly prominent. In this paper, based on the analysis of a variety of payment threats users faced, we propose a malware detection system for mobile payment on cloud platform. We use the method of combining cloud terminal with the mobile, and simulate the mobile payment through simulator in the cloud to test the sensitive behaviors before APP running, output and parse operation logs, and judge whether it has malicious behavior through the custom rules, which can detect the malicious software before malicious behaviors happen. We also accompany the function of silently installing testing to prevent sub-package silently installing in mobile phone background to escape system testing, which can protect users' mobile payment security more comprehensively and effectively. Finally, the experiments prove effectiveness and practicability of this system.
出处
《信息网络安全》
2016年第1期59-63,共5页
Netinfo Security
基金
国家自然科学基金[61202352]
江苏省自然科学基金[BK20141404]
中央高校基本科研业务费专项资金[30915011322]
关键词
移动支付
二次打包
恶意软件检测
云平台
mobile payments
secondary packaging
malware detection
cloud platform
