摘要
针对移动应用隐私信息的安全性问题,提出一种基于UI(user interface)内容的移动应用安全性分析方法.该方法首先通过挖掘产品UI上的信息了解移动应用具有的功能,并通过分析代码确定应用实际使用的敏感权限,然后使用Mean shift算法将具有类似功能的应用聚类到一起,最后基于具有类似功能的产品应该使用类似敏感权限的原理,使用异常检测算法iForest判断产品是否存在使用风险.实验结果表明,该方法可有效分析移动应用的安全性.
Aiming at the problem of privacy information security in mobile applications,the author proposed a security analysis method for mobile application based on user interface(UI)content.Firstly,this method got the functions of mobile applications by mining the information of UI products,and determined sensitive permissions that the application actually used by analyzing the code.Secondly,the applications with similar functions were clustered together by using Mean shift algorithm.Finally,based on principle that products with similar functions should use similar sensitive permissions,the anomaly detection algorithm iForest was used to determine whether the product was at risk of use.Experimental results show that this method can effectively analyze the security of mobile applications.
作者
何锴琦
HE Kaiqi(Center of Big Data and Network Management,Jilin University,Changchun 130012,China)
出处
《吉林大学学报(理学版)》
CAS
北大核心
2023年第6期1395-1400,共6页
Journal of Jilin University:Science Edition
基金
吉林省自然科学基金(批准号:20230101070JC)。
关键词
移动应用
安全
敏感权限
UI挖掘
异常检测
mobile application
safety
sensitive permission
user interface mining
anomaly detection
