移动蜜罐MHP 的设计和实现

taptap下载安装安卓学报

移动蜜罐MHP 的设计和实现

谢丽霞，王冲

（taptap下载安装安卓计算机科学与技术学院，天津300300）

收稿日期:2015-06-01 修回日期:2015-07-07 出版日期:2016-10-19 发布日期:2016-12-06
作者简介:谢丽霞（1974—），女，重庆人，副教授，硕士，研究方向为网络与信息安全.
基金资助:
国家科技重大专项（2012ZX03002002）；国家自然科学基金项目（60776807，61179045）；天津市科技计划重点项目（09JCZDJC16800）

Mobile honey pot design and implementation

XIE Lixia, WANG Chong

(College of Computer Science and Technology, CAUC, Tianjin 300300, China)

Received:2015-06-01 Revised:2015-07-07 Online:2016-10-19 Published:2016-12-06

摘要/Abstract

摘要：

针对移动终端恶意软件泛滥的现状，提出一种诱骗、捕获、分析恶意软件的移动蜜罐（mobile honey pot，MHP）技术。MHP 包含3 个核心模块，环境欺骗模块构造出具有诱骗性的安全资源；恶意行为捕获模块通过监听通信端口、扫描系统内存、识别敏感权限来捕获恶意行为；恶意数据分析模块分析捕获数据，识别和定位安全威胁的类型和根源。结果表明：MHP可有效地捕获和识别恶意行为并适于在移动终端部署应用。

关键词: 恶意行为, 移动蜜罐, 欺骗环境, 行为捕获

Abstract:

Aiming at the increasing attacks to intelligent mobile terminals,MHP (mobile honeypot)is proposed to decoy,capture and analyze malwares. MHP contains three kernel modules: the decoy module creates fraudulent environment, the malicious behavior capture module catches malicious behaviors through monitoring communication port, scanning system memory and identifying sensitive permissions and the malicious data analyzing module indentifies the types of security threats. Results show that MHP can capture malicious behavior effectively and is suitable for deploying on mobile terminals.

Key words: malicious behavior, mobile honeypot, fraudulent environment, behaviors intercept

中图分类号:

TP393.08

谢丽霞，王冲. 移动蜜罐MHP 的设计和实现[J]. taptap下载安装安卓学报.

XIE Lixia, WANG Chong. Mobile honey pot design and implementation[J]. .

参考文献 16

[1]	SYMBIAN. Sistema Operacional Symbian[EB/OL]. [2012-03-01].http：//licensing.symbian.org.
[2]	DUNHAM K. Mobile malware attacks and defence[J]. Elsevier, 2009, 7(3): 137-146.[3] SPITZNER L. Honeypot: Tracking Hackers[M]. 北京: 清华大学出版社, 2004: 30-35.
[4]	诸葛建伟, 唐勇,韩心慧.蜜罐技术研究与应用进展[J]. 软件学报,2013, 24(4): 825-842.
[5]	MICHAEL V, JUSTIN M, JAY C, et al. Scalabilit Delity and Containment in the Potemkin Virtual Honeyfarm[C]//Proceedings of the ACMSymposiumon Operating System Principles, USA, 2005: 71-84.
[6]	PROVOS N. Honeyd: A Virtual Honeypot Daemon[R]. Addison-Wesley, 2003: 189-194.
[7]	Nepenhes Readme[EB/OL]. [2009-03-20].
[8]	ZOLFAGHARK, MOHAMMADI S. Securing Bluetooth-Based Payment System Using Honeypot[C]//International Conference on Innovations in Information Technology, San Francisco, 2009: 21-25.
[9]	GOBEL J. Automatic Capturing of Malicious Software[R]. Mannheim:University of Mannheim, 2010.
[10]	SPITZNER L. Honeypots: Catching the InsiderThreat[C]//2003 IEEE Computer Security Applications Conference, California, USA, 2003:170-179.
[11]	MULLINER C, LIEBERGELD S, LANGE M. HoneyDroid-Creating a Smartphone Honeypot[C]//IEEE Symposium on Security and Privacy,USA, 2011: 151-160.
[12]	WAHLISCH M, TRAPP S, KEIL C, et al. First Insights from a Mobile Honeypot[C]//ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication. Helsinki,Finland ACM. 2012: 305-306.
[13]	WAHLISCH M, SCHMIDT T, VORBACH A, et al. Design，Implementation and Operation of a Mobile Honeypot[R]. 2013.
[14]	OCONNOR T. Honeym:A Framework for Implementing Virtual HoneyClients for Mobile Devices [C]//Proceedings of the Third ACM Conference on Wireless Network Security. New York, USA: ACM, 2010: 129-138.
[15]	MULLINER C, LANG S, POSTER M. Honeydroid-Creating A Smartphone Honeypot[C]//IEEE Symposium on Privacy and Security, Poster.Oakland, USA, 2011: 155-158.
[16]	YANG Z. PowerTutor -A Power Monitor for Android -Based Mobile Platforms[R]. Michigan: University of Michigan, 2012.