摘要
针对传统的信息泄漏检测技术无法有效检测Android应用中存在的隐式信息泄露的问题,提出了一种将控制结构本体模型与语义网规则语言(SWRL)推理规则相结合的Android隐式信息流(IIF)推理方法。首先,对控制结构中能够产生隐式信息流的关键要素进行分析和建模,建立控制结构本体模型;其次,通过分析隐式信息泄露的主要原因,给出基于严格控制依赖(SCD)隐式信息流的判定规则并将其转换为SWRL推理规则;最后,将添加的控制结构本体实例与推理规则共同导入到推理引擎Jess中进行推理。实验结果表明:所提方法能够推理出多种不同性质的SCD隐式流,公开样本集的测试准确率达到83.3%,且推理耗时在分支数有限时处于合理区间。所提模型方法可有效辅助传统信息泄露检测提升其准确率。
Concerning the problem that the traditional information leakage detection technology can not effectively detect implicit information leakage in Android applications, a reasoning method of Android Implicit Information Flow (IIF) combining control structure ontology model and Semantic Web Rule Language (SWRL) inference rule was proposed. Firstly, the key elements that generate implicit information flow in control structure were analyzed and modeled to establish the control structure ontology model. Secondly, based on the analysis of the main reasons of implicit information leakage, criterion rules of implicit information flow based on Strict Control Dependence (SCD) were given and converted into SWRL inference rules. Finally, control structure ontology instances and SWRL inference rules were imported into the inference engine Jess for reasoning. The experimental results show that the proposed method can deduce a variety of implicit information flow based on SCD with different nature and the testing accuracy of sample set is 83.3%, and the reasoning time is in the reasonable interval when the branch number is limited. The proposed model can effectively assist traditional information leakage detection to improve its accuracy.
出处
《计算机应用》
CSCD
北大核心
2018年第1期61-66,共6页
journal of Computer Applications
基金
国家自然科学基金资助项目(61370065
61502040)
"十二五"国家科技支撑计划项目子课题项目(2015BAK12B03-03)
网络文化与传播重点实验室开放课题项目(ICDDXN001)~~
关键词
Android隐式信息流
控制结构
严格控制依赖
本体
语义网规则语言
Android implicit information flow
control structure
Strict Control Dependence (SCD)
ontology
SemanticWeb Rule Language (SWRL)
