跳到主要內容

臺灣博碩士論文加值系統

(44.210.99.209) 您好!臺灣時間:2024/04/20 06:31
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:游棋鈺
研究生(外文):Chi-Yu You
論文名稱(外文):A Light-weight Method to Send and Receive SMS messages in an Emulator
指導教授:許富皓許富皓引用關係
指導教授(外文):Fu-Hau Hsu
學位類別:碩士
校院名稱:國立中央大學
系所名稱:資訊工程學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2016
畢業學年度:104
語文別:英文
論文頁數:47
中文關鍵詞:安卓模擬器沙盒簡訊
相關次數:
  • 被引用被引用:0
  • 點閱點閱:228
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
隨著電信設備系統的成熟發展,簡訊系統所造成的系統安全問題逐漸增多,諸如透過簡訊散播惡意程式、進行詐騙、散佈廣告,或甚至藉此作為殭屍網路溝通的媒介等等。在卡巴斯基 2016 年第一季的報告,指出了新型手機惡意程式的散播中,簡訊型木馬占了 20.5 %,位居第二。有鑑於此,本篇論文提出了 SMS Helper 這個架構來解決這些簡訊系統相關的問題。本論文提供了兩個模式:雲端服務模式(cloud service mode)以及實機輔助模式(real device mode)。由於現今 Android 動態分析框架中,並無法真正地進行收發簡訊,而 SMS Helper 能夠幫助這些框架來達到這個功能。本系統確保簡訊紀錄的完整性,並增強了這些框架,使他們能夠更進一步檢測出惡意程式的簡訊行為,同時,虛擬環境下的運行能夠降低研究成本。除此之外,本篇論文指出了一個透過簡訊的方式,來指出 Android 應用程式所運行的環境是否為虛擬環境,並又藉由 SMS Helper 來規避這樣的檢測方式。接著,個人資料的洩漏導致廣告與詐騙,不斷的騷擾使用者,將 SMS Helper 套用於實體設備上,可以用來保護用戶手機號碼的隱私性。
As the mature technology development in telecommunication systems, the security issues caused by SMS are growing including propagation of malware, fraud, adverting and even botnets. In Q1 2016 reports issued by Kaspersky, SMS Trojan is occupied by 20.5% as second place of the distribution of new mobile malware. Thus, this paper proposes an architecture called SMS Helper aiming to provide a solution to addresses SMS-related issues. This paper provides two modes: cloud service mode and real device mode. Since current Android dynamic analysis frameworks cannot send and receive SMS messages authentically, SMS Helper can help these frameworks to send and receive messages. This system keep the integrity of SMS logs and strengthen the frameworks to observe malware’s further behaviors. Meanwhile, the virtual environment can low the cost of researches. In addition, this paper finds a new way to figure out the operating environment through SMS and by means of SMS Helper to evade this kind of detecting method. Also, the information leaks result in advisements and frauds harassing users frequently. SMS Helper can be adopted in a real device as well to protect the privacy of users’ real numbers.
中文摘要 i
ABSTRACT ii
ACKNOWLEDGMENTS iii
TABLE OF CONTENTS iv
LIST OF TABLES vi
LIST OF FIGURES vii
CHAPTER I: INTRODUCTION 1
1.1 MOTIVATION 1
1.2 CONTRIBUTION 2
1.3 THESIS ORGANIZATION 2
CHAPTER II: BACKGROUND AND RELATED WORK 4
2.1 ANDROID EMULATORS 4
2.2 ANDROID DYNAMIC ANALYSIS 5
2.3 MOBILE BOTNETS 6
2.4 SMS BONETS 8
CHAPTER III: SYSTEM DESIGN 11
3.1 DESIGN CONSIDERATIONS 11
3.2 OVERVIEW 12
3.3 CLOUD SERVICE MODE 13
3.4 REAL DEVICE MODE 15
3.5 IMPLEMENTATION 17
CHAPTER IV: EVALUATION 19
4.1 EXPERIMENTAL SETUP 19
4.2 EFFECTIVENESS 19
4.3 PERFORMANCE EVALUATION 21
4.4 DEPLOYMENTS 27
CHAPTER V: DISCUSSION 29
5.1 SMS SECURITY ISSUES IN ANDROID 29
5.2 HIDE THE REAL PHONE NUMBER 29
CHAPTER VI: CONCLUTION 31
6.1 Conclusion 31
6.2 Future Work 31
REFERENCES 32
[1] A. Gostev, R. Unuchek, M. Garnaeva, D. Makrushin, and A. Ivanov, “IT THREAT EVOLUTION IN Q1 2016.”
[2] R. Nigam, “A Timeline of Mobile Botnets,” in Botconf, 2014.
[3] K. Darbar and T. Chaudhari, “A Review on : SMS Botnet Detection,” Int. J. Emerg. Technol. Adv. Eng., vol. 5, no. 2, 2015.
[4] A. J. Alzahrani and A. A. Ghorbani, “SMS mobile botnet detection using a multi-agent system,” Proc. 1st Int. Work. Agents CyberSecurity - ACySE ’14, pp. 1–8, 2014.
[5] 趙閩 and 倪超, “逃离安卓动态检测,” in HITCON, 2013.
[6] T. Vidas and N. Christin, “Evading android runtime analysis via sandbox detection,” ASIA CCS ’14 (9th ACM Symp. Information, Comput. Commun. Secur., pp. 447–458, 2014.
[7] P. Lantz, “Droidbox.” [Online]. Available: https://github.com/pjlantz/droidbox.
[8] L. Weichselbaum, M. Neugschwandtner, M. Lindorfer, Y. Fratantonio, V. Van Der Veen, and C. Platzer, “ANDRUBIS : Android Malware Under The Magnifying Glass,” Vienna Univ. Technol. Tech. Rep. TRISECLAB-0414-001, no. February, 2012.
[9] M. Eslahi, M. R. Rostami, H. Hashim, N. M. Tahir, and M. V. Naseri, “A data collection approach for Mobile Botnet analysis and detection,” IEEE Symp. Wirel. Technol. Appl. ISWTA, no. September, pp. 199–204, 2014.
[10] A. Flo and A. Josang, “Consequences of botnets spreading to mobile devices,” Short-Paper Proc. 14th Nord. Conf. Secur. IT Syst. (NordSec 2009), no. October, pp. 37–43, 2009.
[11] I. Vural and H. Venter, “Mobile Botnet Detection Using Network Forensics,” in Third Future Internet Symposium, 2010, vol. 6369, pp. 55–67.
[12] A. Feizollah, N. B. Anuar, R. Salleh, F. Amalina, R. R. Ma’arof, and S. Shamshirband, “A study of machine learning classifiers for anomaly-based mobile botnet detection,” Malaysian J. Comput. Sci., vol. 26, no. 4, pp. 251–265, 2013.
[13] B. Choi, S. K. Choi, and K. Cho, “Detection of mobile botnet using VPN,” Proc. - 7th Int. Conf. Innov. Mob. Internet Serv. Ubiquitous Comput. IMIS 2013, pp. 142–148, 2013.
[14] C. Mulliner and J. P. Seifert, “Rise of the iBots: Owning a telco network,” Proc. 5th IEEE Int. Conf. Malicious Unwanted Software, Malware 2010, pp. 71–80, 2010.
[15] McAfee, “Android/SmsHowU.A.” [Online]. Available: http://home.mcafee.com/virusinfo/virusprofile.aspx?key=367587. [Accessed: 10-Apr-2016].
[16] C. Mulliner and C. Miller, “Fuzzing the Phone in your Phone,” Black Hat USA 2009, pp. 1–21, 2009.
[17] Y. Zeng, K. Shin, and X. Hu, “Design of SMS commanded-and-controlled and P2P-structured mobile botnets,” … Secur. Priv. Wirel. Mob. …, no. February, pp. 137–148, 2012.
[18] J. Hua and K. Sakurai, “A SMS-based mobile botnet using flooding algorithm,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 6633 LNCS, pp. 264–279, 2011.
[19] S. Zhao, P. P. C. Lee, J. C. S. Lui, X. Guan, X. Ma, and J. Tao, “Cloud-based Push-Styled Mobile Botnets : A Case Study of Exploiting the Cloud to Device Messaging Service,” ACSAC ’12 Proc. 28th Annu. Comput. Secur. Appl. Conf., pp. 119–128, 2012.
[20] J. Grunzweig, “NickiSpy.C - Android Malware Analysis & Demo,” 2011. [Online]. Available: https://www.trustwave.com/Resources/SpiderLabs-Blog/NickiSpy-C---Android-Malware-Analysis--Demo/. [Accessed: 10-Apr-2016].
[21] A. Nguyan and L. Pan, “Detecting SMS-based Control Commands in a Botnet from Infected Android Devices,” 2012.
[22] W. Wang, I. Murynets, J. Bickford, C. Van Wart, and G. Xu, “What you see predicts what you get—lightweight agent-based malware detection,” Secur. Commun. Networks, vol. 6, no. 1, pp. 33–48, 2013.
[23] “SMS Text Messaging API for Web Applications - Twilio.” [Online]. Available: https://www.twilio.com/sms. [Accessed: 09-Nov-2015].
[24] “REST API: Sending SMS or MMS.” [Online]. Available: https://www.twilio.com/docs/api/rest/sending-messages. [Accessed: 09-Nov-2015].
[25] “REST API: Messages.” [Online]. Available: https://www.twilio.com/docs/api/rest/message. [Accessed: 09-Nov-2015].
[26] “Ranking - AnTuTu Benchmark -- Know Your Android Better.” [Online]. Available: http://www.antutu.com/en/Ranking.shtml. [Accessed: 08-Nov-2015].
[27] “A Free SMS.” [Online]. Available: http://www.afreesms.com/.
[28] “Globfone.” [Online]. Available: https://globfone.com/sms/.
[29] “Receive SMS Online.” [Online]. Available: http://www.receive-sms-online.info/.
[30] M. Zuhair, M. Saudi, and N. Basir, “A Comprehensive Review of Mobile Botnet Detection Using Genetic Algorithm : a Systematic Review,” vol. 10, no. 3, pp. 1399–1404, 2015.
[31] TextR.Us, “Anonytext.” [Online]. Available: https://play.google.com/store/apps/details?id=us.textr.Anonytext.
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top