Responsive image
博碩士論文 etd-0707113-101154 詳細資訊
Title page for etd-0707113-101154
論文名稱
Title
基於資訊外洩的行動惡意軟體行為分析
Behavior Analysis of Mobile Malware Based on Information Leakage
系所名稱
Department
畢業學年期
Year, semester
語文別
Language
學位類別
Degree
頁數
Number of pages
46
研究生
Author
指導教授
Advisor
召集委員
Convenor
口試委員
Advisory Committee
口試日期
Date of Exam
2013-07-24
繳交日期
Date of Submission
2013-08-14
關鍵字
Keywords
惡意軟體、敏感性資料、安卓、行動裝置、行為分析
Android, Behavior Analysis, Mobile Device, Sensitive Information, Malware
統計
Statistics
本論文已被瀏覽 5806 次,被下載 0
The thesis/dissertation has been browsed 5806 times, has been downloaded 0 times.
中文摘要
行動裝置出現已經有一段時間,但其安全問題一直未受到大家注意,直到近來科技快速的進步下、行動裝置開始擁有不下於個人電腦的計算能力,越來越多人使用行動裝置進行各項活動,其中儲存的大量使用者資料,吸引了駭客們注意並對其開發並製作惡意軟體,這些惡意軟體以行動裝置上使用者資料為目標,造成使用者的資料外洩,被用來謀取利益,對使用者造成極大的損失。
  本研究提出用敏感性資料洩露為特徵來偵測惡意程式的方法,利用封閉環境的模擬裝置來隔離並執行應用程式,透過行為分析的方式,監控並記錄應用程式執行過程中的行為,並對其相關行為進行深入分析,從檔案與網路連線等方面,來分析並追縱敏感性資料是否被送出行動裝置外面,同時也針對應用程式發送短訊息的行為是否異常等方式,來偵測惡意軟體。透過實際的惡意樣本進行實驗,結果證明在分辨惡意軟體的正確率上以及誤判率上各取得不錯的成果,比起現有的方式,像是以權限為基礎來進行分析或是透過系統呼叫繁率等方式,能夠擁有較好的惡意軟體偵測率,並擁有較低的誤判率。
Abstract
With the advance of science and technology, mobile devices have been more powerful and no less from personal computer. There are more people using mobile device working, surfing the internet or other forms of entertainment. The user information on the mobile device draw cracker’s attention, and malware made by cracker targets on it. When using malware, many users would suffer losses.
  By using behavior analysis and tracking mobile application on emulator can understand what behavior is there with sensitive information within execution period. We observe the behavior in three parts, file, network and SMS. We would check if file and network’s behavior delivers the sensitive data. Also, we check the unusual SMS. Experimental results show that the approach has higher true positive on detection rate and lower false positive rate as compared to those permission based methods.
目次 Table of Contents
論文審定書 i
誌 謝 ii
摘 要 iii
Abstract iv
目 錄 v
圖 次 vi
表 次 vii
第一章 緒論 1
第二章 文獻探討 7
 第一節 靜態分析 7
 第二節 動態分析 8
 第三節 以權限為基礎的分析 10
 第四節 敏感性資料外洩 11
 第五節 Android裝置 11
  Android 11
  Google Play™ 12
  第三方市場 12
  Android SDK 12
  Android Emulator 13
  Android Monkey 14
  Android Logcat 14
第三章 系統設計 15
 第一節 系統架構 15
 第二節 Execution Section 16
 第三節 Analysis Section 19
第四章 系統評估 25
 第一節 系統建置 25
 第二節 樣本 26
 第三節 評估 29
第五章 結論      35
參考文獻 36
參考文獻 References
[1] A. P. Felt, K. Greenwood, and D. Wagner,“The effectiveness of allication permissions”, In: WebApps'11 Proceedings of the 2nd USENIX conference on Web Application development,2011.
[2] A. Shabtai, Y. Elovici, “Applying Behavioral Detection on Android-Based Devices”, In: MOBILWARE 2010, 2010.
[3] T. Bläsing, L. Batyuk, and A. Schmidt, S. A. Camtepe, and S. Albayrak, “ An Android Application Sandbox system for suspiciopus software detection” In: Malware 2010 5th IEEE International Conference on Malicious and Unwanted Software. Nancy, Lorraine, 2010.
[4] D. Barrera, H. G. Kayacık, P.C. van Oorschot, and A. Somayaji, “A methodology for empirical analysis of permission-based security models and its Application to android”, In: CCS '10 Proceedings of the 17th ACM conference on Computer and communications security, 2010.
[5] F. D. Cerbo, A. Girardello, F. Michahelles, and S. Voronkova, “Detection of malicious Applications on Android OS”, In: IWCF'10 Proceedings of the 4th international conference on Computational forensics, 2011.
[6] IDC, “Android and iOS Combine for 91.1% of the Worldwide Smartphone OS Market in 4Q12 and 87.6% for the Year , According to IDC ", available at: http://www.idc.com/getdoc.jsp?containerId=prUS23946013, 2012.
[7] I. Burguera, U. Zurutuza, and N. T. Simin, ” Crowdroid: behavior-based malware detection system for Android”, In: SPSM '11 Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, 2011.
[8] McAfee, “McAfee Threats Report:First Quarter 2012”, 2012.
[9] M. Egele, C. Kruegel, E. Kirda, and G. Vigna , ”PiOS: Detecting Privacy Leaks in iOS Applications”, In: 18th Annual Network and Distributed System Security Symposium, (NDSS 2011), 2011.
[10] W. Enck, M. Ongtang, and P. McDaniel, ”On lightweight mobile phone Application certification, “ In: CCS '09 Proceedings of the 16th ACM conference on Computer and communications security, 2009.
[11] F-Security, “MobileThreatReport Q1 2013”, 2013.
[12] A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, ”A Survey of Mobile Malware in the Wild”, In:SPSM '11 Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, 2011.
[13] M. Chandramohan and H. B. K. Tan, “Detection of Mobile Malware in the Wild”, In: IEEE Computer 45(9), 2012.
[14] Wuntee, “androidAuditTools : Dynamic Android analysis tools”, available at: http://intrepidusgroup.com/insight/2011/05/androidaudittools/, 2011.
[15] Google, “UI/Application Exerciser Monkey”, available at: http://developer.android.com/tools/help/monkey.html, 2013.
[16] Google, “Managing Virtual Devices | Android Developers”, available at: http://developer.android.com/tools/devices/index.html, 2013.
[17] Google, “Logcat”, available at: http://developer.android.com/tools/help/Logcat.html, 2013.
[18] Y. Zhou, X. Jiang, “Dissecting Android Malware: Characterization and Evolution”, In: Proceedings of the 33rd IEEE Symposium on Security and Privacy (Oakland 2012), San Francisco, CA, May 2012.
[19] Mila, “contagion mobile”, available at: http://contagiominidump.blogspot.in/, 2013
[20] Wikipedia, “Android”, available at: http://zh.wikipedia.org/wiki/Android, 2013.
[21] Statista, “Number of available applications in the Google Play Store”, available at: http://www.statista.com/, 2012.
[22] S. Mansfield-Devine ,”Android malware and mitigations”, available at: Network Security 2012, 2012.
[23] H.Lockheimer, “Android and Security”, available at: http://googlemobile.blogspot.tw/2012/02/android-and-security.html, 2012.
[24] M. Spreitzenbarth , “Current Android Malware”, available at: http://forensics.spreitzenbarth.de/android-malware/, 2013.
[25] AppSec Labs, “AppUse - Android Pentest Platform Unified Standalone Environment”, available at: https://appsec-labs.com/AppUse, 2013.
[26] W. Enck, P. Gilbert, B. G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones”, In: OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation, 2010.
[27] C. Gibler, J. Crussell , J. Erickson , and H. Chen, ”AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale”, In: TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing, 2012.
[28] OWASP, “Information Leakage” , available at: https://www.owasp.org/index.php/Information_Leakage, 2013.
電子全文 Fulltext
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
論文使用權限 Thesis access permission:自定論文開放時間 user define
開放時間 Available:
校內 Campus:永不公開 not available
校外 Off-campus:永不公開 not available

您的 IP(校外) 位址是 3.88.16.192
論文開放下載的時間是 校外不公開

Your IP address is 3.88.16.192
This thesis will be available to you on Indicate off-campus access is not available.

紙本論文 Printed copies
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。
開放時間 available 永不公開 not available

QR Code