计算机科学与探索 ›› 2017, Vol. 11 ›› Issue (1): 99-105.DOI: 10.3778/j.issn.1673-9418.1509067

• 网络与信息安全 • 上一篇    下一篇

有色Petri网的Android恶意代码建模方法研究

李登辉1+,焦  健1,陈  昕1,宋亚鹏1,肖  庆2   

  1. 1. 北京信息科技大学 计算机学院,北京 100101
    2. 广西师范大学 历史文化与旅游学院,广西 桂林 541001
  • 出版日期:2017-01-01 发布日期:2017-01-10

Research on Modeling Method of Android Malware Based on Colored-Petri Nets

LI Denghui1+, JIAO Jian1, CHEN Xin1, SONG Yapeng1, XIAO Qing2   

  1. 1. College of Computer Science and Technology, Beijing Information Science and Technology University, Beijing 100101, China
    2. College of Historical Culture and Turism, Guangxi Normal University, Guilin, Guangxi 541001, China
  • Online:2017-01-01 Published:2017-01-10

摘要: 针对Android平台的恶意代码分析建模一直是目前移动终端安全的研究重点,对目前常见的恶意代码进行归纳、分类和行为抽取,在对行为进行形式化描述的基础上,提出了一种基于有色Petri网(colored-Petri net,CPN)的恶意代码建模方法,使用该方法能够描述恶意代码从安装、加载到恶意执行的整个过程。最后对恶意软件BeanBot进行建模,并利用CPN Tools仿真工具分析了模型的可达性和有界性等性质。实验表明该方法可以准确地刻画恶意代码的运行过程,有助于对恶意代码的机制进行深入分析。

关键词: 安卓系统, 恶意代码, 颜色Petri网(CPN), 行为建模

Abstract: Analysis and modeling of Android malware is the research emphasis of mobile terminal security. This paper summarizes and classifies the Android malwares, and extracts the behavior. On the basis of formal description of the behavior, this paper proposes a new modeling method of malwares based on colored-Petri net (CPN). The proposed method can help describe the whole process of malwares from installation, loading to malicious execution. Finally, this paper makes modeling for malware BeanBot, and analyzes the reachability and boundedness of the model via CPN Tools. The experimental data show that the proposed method can accurately describe the running process of malwares, and it will help analyze the mechanism of malwares in depth.

Key words: Android, malware, colored-Petri net (CPN), behavior modeling