| With the development of technology and the passage of time, the mobile Internet has been developed rapidly and promisingly. As the mobile Internet becomes more and more indispensable for people, its security issues are more and more concerned by people too. However, current study of the security is still focused on some professional technology, lacking of holistic perspective. At the same time, models for specific security aims are not satisfied. Therefore, this thesis dedicates to studying attack modeling for mobile Internet and their applications. As a result, comprehensive analysis for mobile Internet is realized, and effective guidance for the offensive and defensive work is provided.The main accomplishments of this thesis are as follows:1. Analyzes the development situation and security needs of the mobile Internet, summarizes current research achievements in this area, and focusing mainly on the research of penetration testing models.2. Studies key technologies of mobile Internet security, including:security access mechanisms of the mobile communication network, threats in nodes and Web applications in traditional Internet, new threats in the mobile Internet. The principles and risk of pseudo base-station, denial-of-service attack, injection attack, and the cross-site scripting attack. The concept and classification of penetration testing.3. Analyzes threats in mobile Internet with the STRIDE threat analysis method, classifying the results into three categories as information, network, and terminal with application. Propose the mobile Internet threats distribution diagram, which analysis the security of mobile Internet holistically.4. Propose a modeling method for specific security purposes, and the method of choosing the optimal attack path, which is based on the risk quantification and evaluation system. These methods can improve the efficiency to accomplish a security purpose, and provide scientific guidance for the process.5. Study the technology for injecting malicious code into mobile terminal. Find out the optimal attack path with related models. Accomplish the purpose through a vulnerability of remote code execution, and prove the effectiveness of the methods.6. Study the technology for information interception, including malware interception, SQL injection, password cracking, and Wi-Fi man-in-the-middle attack. Experiments have been carried out for analyzing the result, combining with the model, and making security suggestions. Superiority of the modeling methods is confirmed in practical application. |
PDF Full Text Request