Research On Client Malicious Program Detection And Human-Computer Interaction Security Protection In The Mobile Internet Environment

The rapid development of Internet technology and mobile communication technology,as well as the continuous upgrading of mobile devices,makes mobile Internet popular in our daily life.In mobile Internet environment,people can either obtain information and services from the Internet through smart terminals,or identify and verify the personal information more conveniently.While bringing convenience to us,user’s information security is also exposed to the risk of disclosure in the mobile Internet environment.Personal smartphones,tablets and other mobile smart terminal devices store a lot of user sensitive information,such as account passwords,communication records,and voice messages.Once private information is obtained by malicious adversaries,user’s daily life will be troubled and even suffer property losses.Due to the new computer-human interaction modes,attack approaches are more varied that are differing from the traditional ways by using malicious programs.This paper conducts research on the protection of user information security in the mobile Internet environment.Specifically,the main contributions of this paper are as follows:1.We proposed a prototype framework for detecting malicious Java Script code using deep learning.Considering the large number,variety,rapid generation and low density of malicious codes in the mobile Internet environment,traditional manual design of detection rules or feature extraction methods are difficult to satisfy the needs of the current mobile Internet environment,we use deep learning methods to learn code features and then use the learned features for malicious code detection.After experimenting with more than 27,000 samples,the experimental results show that the detection accuracy is over 95%,and the false positive rate is less than 4.2%,which means that the method can not only eliminate the traditional timeconsuming and labor-intensive feature extraction process,but also can effectively detect and identify malicious Java Script code.2.We proposed a static and dynamic based approach to detect malicious browser extensions.As the interface between the Internet and users,its importance is self-evident,ensuring the security of the browser is essential to protect user’s privacy.The method analyzes the static files of the extension,including Java Script code,HTML pages,and CSS files;then dynamically runs the extension in a sandbox and observes its API calls,DOM operations,and network requests.We then use the information entropy based random forest algorithm to extract the features with high correlation.Finally,we adopt machine learning algorithms to identify the malicious extensions.The experiment results show that the accuracy,recall rate and F1 value are more than 96%.Compared with the previous work and the traditional rule-based filtering detection method,ours is more accurate,and has obvious advantages in terms of true positive rate and false positive rate.3.We proposed a liveness detection for protecting the privacy of user’s voices.Voice control has become the most prevalent human-computer interaction after touch manipulation.People can use voice control to send emails,make calls,and transact with banks.To ensure the user’s smart device does not suffer from replay attacks or speech synthesis attacks,we propose a liveness detection method based on the oral airflow.The method utilizes the phenomenon that the mouth generates airflow during speech,and the external airflow sensor captures the change of the oral airflow signal in the process of issuing the voice command in real time,and continuously compares the consistency between the voice signal and the airflow signal.Thereby,continuous liveness detection of user’s voice is realized.After experimenting with 18 participants,the results show that the accuracy exceeds 97%,and the detection rate of replay attacks reaches over 98%.In addition,the accuracy of the method is also in an acceptable range under different scenarios,such as the impact of user motion,the impact of external ambient wind,the impact of voice volume,and the impact of ambient noise.4.We proposed a side-channel attack for inferring user’s keystroke on touchscreen.At present,smartphones have become an important part of people’s daily lives,and people rely on them for communication,Internet access,payment and even bank transactions.In this paper,we find that when people enter password on touchscreen,they are accompanied by visual movements.We use the eye movements video taken by the front camera of smartphone to analyze user’s password input.We first propose a sensitive image extraction algorithm for extracting eye images of the keystrokes from the video,then use a certain image processing and machine learning algorithms to infer the keystrokes.The experimental results show that the accuracy of the method for single keystroke estimation is 77.43%,and the accuracy for the overall six-digit password estimation is 83.33%.As the development of anti-virus software,the traditional methods of privacy theft(such as Trojans)are not effective as before.The method proposed in this paper illustrates that the sensor-based side-channel attack can obtain user privacy information more covertly and effectively,and it deserves our attention.To thwart against such attacks,wo propose some strategies to protect the password privacy.