基于IPv6无线网络智能终端的恶意代码研究

With the wide application of intelligent terminals and the exhaustion of IPv4 addresses, intelligent terminals are destined to support for IPv6. In the future people's daily lives will be increasingly dependent on intelligent terminal platform in IPv6 wireless networks. Therefore, the information security issues on this platform are extremely crucial. It has a long-term practical value for us to study malicious codes on intelligent terminals in IPv6 wireless networks. This project mainly investigates various malicious codes on intelligent terminals in IPv6 wireless networks. At first, we assess their harmfulness, and clarify their transmission mechanism. Then partial differential equations on the connected topological space are used to build a model for their transmission. Afterwards we bring forth a series of novel methods to detect them. These methods involve the method based on the orbit decomposition theorem in Algebra, the method based on static signatures, the method based on dynamic behaviors together with the judgment function, the Rootkit detection technology, the detection technique based on the baseline process, the sandbox-based detection technology and the hybrid detection method. Finally, we develop an intrusion detection system for the platform of intelligent terminals in IPv6 wireless networks. This project provides experimental and theoretical fundamentals for the study of malicious codes on the new platform. Topology, Partial Differential Equation and Abstract Algebra are reasonably applied in the malicious code research area, thus shedding light on the study of information security.

随着智能终端的广泛使用和IPv4地址的枯竭，智能终端对IPv6的支持已是必然的趋势。人们的日常生活会越来越依赖于IPv6无线网络环境下的智能终端平台，从而该平台下的信息安全问题至关重要。因此研究基于IPv6无线网络智能终端的恶意代码具有长远的实用价值。本项目主要研究IPv6无线网络中智能终端上存在的各种恶意代码，评估它们的危害，阐明其传播机制，建立基于连通拓扑空间的偏微分方程的传播模型，提出一系列有效的新检测方法- - 基于代数学轨道分解定理的检测方法、基于静态特征码的检测方法、基于判决函数的动态行为检测方法、Rootkit检测技术、基于基线的进程检测技术、基于沙箱的检测技术、混合检测方法，并实现基于IPv6无线网络智能终端的入侵检测系统。本课题为新平台下恶意代码的研究提供实验和理论依据。把拓扑学、偏微分方程、抽象代数的相关理论合理的引入恶意代码的研究中，为信息安全的研究提供了新思路。

实验表明恶意代码在移动IPv6网络和移动IPv4网络中的危害和行为一样。我们主要研究了无线网络中智能终端Android系统上存在的各种恶意代码，系统分析了Android软件的权限、控制流程图和系统调用在恶意软件检测中的应用，提出了利用这些特征基于机器学习算法的综合检测方法和只利用系统调用的动态检测方法，其中包括采用Markov转移概率矩阵和共生矩阵来提取特征的不同方法。同时我们阐明了移动智能终端上恶意软件的传播机制，建立了基于偏微分方程和随机过程的传播模型，并进行了平稳性分析。此外，我们还扩展研究了智能移动终端的钓鱼网站检测技术和混合移动应用的安全问题，包括代码注入攻击、地理位置泄露、触摸劫持攻击、重打包攻击和本地存储攻击。新的解决方案适用于IPv6网络和IPv4网络。已发表论文9篇(含已录用)，申请专利6项, 培养硕士生6名，参加学术会议5次。