摘要：

目前针对移动应用的安全评估方法多数关于漏洞收集和恶意样本行为的关联挖掘,难以应对移动应用快速增多的现状。为此,将安全漏洞和攻击威胁作为节点,基于攻击图的方式构建移动应用安全威胁评估模型。使移动应用的安全漏洞和攻击威胁基于关联性相互连接,在评估移动应用的安全威胁时量化漏洞风险值并考虑其关联性对评估结果的影响。实验结果表明,该模型能够提高移动应用安全威胁评估的准确性,并且适用于大规模移动应用模型的构建,具有良好的可扩展性。

关键词: 移动应用;评估模型;安全漏洞;攻击威胁;风险值 移动应用, 评估模型, 安全漏洞, 攻击威胁, 风险值

Abstract:

At present,the evaluation methods of mobile application mostly focus on the association mining of the vulnerability collection and malicious sample behaviors,which is difficult to cope with the rapid increase in mobile applications.Aiming at this problem,based on the attack graph,this paper takes security loopholes and attack threats as node and establishes a mobile application security threat assessment model.It makes the mobile application vulnerabilities and attack threats interconnected based on the relevance.At the same time,it considers the quantification of the vulnerability risk value and the impact of the relevancy on the assessment results when evaluating the security threats of mobile application.Experimental results show that this model can improve the accuracy of mobile application security threat assessment,and can be used for large-scale mobile application model building with good scalability.

Key words: mobile application, evaluation model, security vulnerability, attack threat, risk value

中图分类号: 

• TP309