(3.238.96.184) 您好!臺灣時間:2021/05/08 21:16
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:沈穎志
研究生(外文):Ying-Chih Shen
論文名稱:強化Andriod惡意程式之自動化動態分析機制之有效性
論文名稱(外文):Improving the Effectiveness of Automatic Dynamic Android Malware Analysis
指導教授:洪士灝洪士灝引用關係
口試委員:鍾葉青徐慰中廖世偉
口試日期:2013-07-06
學位類別:碩士
校院名稱:國立臺灣大學
系所名稱:資訊工程學研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2013
畢業學年度:101
語文別:英文
論文頁數:34
中文關鍵詞:動態分析Android安全惡意程式偵測
外文關鍵詞:Dynamic AnalysisAndroid SecurityMalware Detection
相關次數:
  • 被引用被引用:1
  • 點閱點閱:282
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
Android惡意程式偵測是近來熱門的議題,而對惡意程式動態分析而言,如何自動化執行所有可能的程式路徑來觸發惡意行為是一個重大挑戰。很多惡意程式會隱匿行蹤,在無使用者點擊觸發或是等待特定條件的情況下啟動惡意行為,例如透過等待監聽系統廣播事件的方式。在本篇論文中,我們提出一個自動化動態分析惡意程式之架構,此架構可偵測機敏性資料外洩行為,運用智慧型事件觸發機制,其結合使用者介面事件觸發器來探索並啟動圖形介面活動元件,系統事件觸發器模擬系統廣播事件來自動化地揭露可能的惡意行為。
此架構建置於TaintDroid基礎上,透過監控應用程式對機敏性資訊相關應用程式介面之使用及是否有發送簡訊或撥打電話的行為,來偵測機敏性資料外洩或金錢不當得利之惡意行為。我們運用反偵測模擬器的技術來防止惡意程式透過偵測是否執行於虛擬化環境的技術來隱匿其惡意行為。此外,我們並修改系統鬧鐘管理系統服務來防止惡意程式濫用此系統服務做時間延遲攻擊。在我們取樣1034個惡意程式之研究案例中,本架構可以偵測其中706個惡意程式其有惡意行為,相較於現今既有的方法而言我們的方法有重大進步。


Android malware detection has become a very important topic in recent years. A challenge for dynamically detecting malwares is to execute all possible paths in an application to expose its malicious behavior. Stealthy attacks may wait for a user to perform a predefined action before activating themselves, for examples, listening system broadcast events to initialize its malicious activity.
In this thesis, we present an automatic dynamic malware analysis framework, which detect information leakage with a smart event trigger that combines a UI-event trigger for GUI exploration and a system event trigger for simulating system broadcast events to automatically expose possible malicious behaviors.
This TaintDroid-based framework monitors privacy-related API invocations, outgoing SMS messages sent and phone calls to trace the leakage of sensitive information and financial charges. We also employ Anti-Anti-Emulation to prevent malwares from detecting whether they are executed on an Android emulator and hide malicious behaviors from TaintDroid. In addition, we modified AlarmManager methods to prevent malwares from using alarm perform services to perform delayed execution attacks. In our case study with 1034 malwares, we show our framework can reveal the malicious behaviors in 706 malwares which is a significant improvement over existing methods.

Acknowledgments . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . i
中文摘要 . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . ii
Abstract. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
1 Introduction . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . 1
1.1 Thesis Organization . . . . . . . . .. . . . . . . . . .. . . . . . . . . . . 2
2 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3 Background . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . 5
3.1 Android Application Components . . . . . . . . . .. . . . . . . . . . 5
3.2 System Broadcast Events . . . . . . . . . . . . . . . . . . . . . . . . 7
3.3 TaintDroid. . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . 9
3.4 APE. . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . 9
4 Framework and Implementation . . . . . . . . . . . . . . . . . . . 11
4.1 Smart Event Trigger . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.2 SMS & Call Monitor. . . . . . . . . . . . . .. . . . . . . . . . . . . . 16
4.3 Privacy-Related API Monitor . . . . . . . . . . . . . . . . . .. . . 17
4.4 Anti-Anti-Emulation. . . . . . . . . . . . . . . . . . . . . . . . .. . . . 18
iv4.5 AlarmManager Services . . . . . . . . .. . . . . . . . . . . . . . 19
4.6 Make Security-Relevant Decisions. . . . . . . . . .. . . . . . . 20
5 Experimental Results. . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.1 Small-Scale Experiments . . . . . . . . . . . . .. . . . . . .. . . . . 23
5.2 Large-Scale Experiments . . . . . . . . . . . . . . . . . . . . . . . . 26
5.3 Performance Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . 27
6 Limitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
7 Future Work and Conclusion . . . . . . . . . . . . .. . . . . . . . . . . 30
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32


[1] “Juniper networks Mobile threat Center third annual Mobile threats report2013.”
[Online]. Available: http://www.juniper.net/us/en/local/pdf/additional-resources/jnpr-2012-mobile-threats-report.pdf
[2] A. P. Fuchs, A. Chaudhuri, and J. S. Foster, “Scandroid: Automated security certification of android applications.”
[3] E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, “Analyzing inter-application communication in android,” in Proceedings of the 9th international conference on Mobile systems, applications, and services, ser. MobiSys ’11. New York, NY, USA: ACM,2011, pp. 239–252. [Online]. Available: http://doi.acm.org/10.1145/1999995.2000018
[4] W. Zhou, Y. Zhou, X. Jiang, and P. Ning, “Detecting repackaged smartphone applications in third-party android marketplaces,” in Proceedings of the second ACM conference on Data and Application Security and Privacy, ser. CODASPY’12. New York, NY, USA: ACM, 2012, pp. 317–326. [Online]. Available: http://doi.acm.org/10.1145/2133601.2133640
[5] I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, “Crowdroid: behavior-based malware detection system for android,” in Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, ser. SPSM ’11. New York, NY, USA: ACM,2011, pp. 15–26. [Online]. Available: http://doi.acm.org/10.1145/2046614.204661932
[6] Z. W. X. J. Michael Grace, Yajin Zhou, “Systematic detection of capability leaks in stock android smartphones,” in Proceedings of the 19th Network and Distributed System Security Symposium (NDSS 2012), San Diego, CA, February 2012. SciTePress,2012.
[7] A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, “Android permissions demystified,” in Proceedings of the 18th ACM conference on Computer and communications security, ser. CCS ’11. New York, NY, USA: ACM, 2011, pp.627–638. [Online]. Available: http://doi.acm.org/10.1145/2046707.2046779
[8] M. Spreitzenbarth, F. Freiling, F. Echtler, T. Schreck, and J. Hoffmann, “Mobile-sandbox:having a deeper look into android applications,” in Proceedings of the 28th Annual ACM Symposium on Applied Computing, ser. SAC ’13. New York, NY, USA: ACM, 2013,pp. 1808–1815. [Online]. Available: http://doi.acm.org/10.1145/2480362.2480701
[9] R. Xu, H. Saidi, and R. Anderson, “Aurasium: practical policy enforcement for android applications,” in Proceedings of the 21st USENIX conference on Security symposium, ser. Security’12. Berkeley, CA, USA: USENIX Association, 2012, pp. 27–27. [Online].
Available: http://dl.acm.org/citation.cfm?id=2362793.2362820
[10] L. K. Yan and H. Yin, “Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis,” in Proceedings of the 21st USENIX conference on Security symposium, ser. Security’12. Berkeley, CA, USA: USENIX Association, 2012, pp. 29–29. [Online]. Available: http://dl.acm.org/citation.cfm?id=2362793.2362822
[11] “Android Application Fundamentals.” [Online]. Available: http://developer.android.com/guide/components/fundamentals.html
[12] Y. Zhou and X. Jiang, “Dissecting android malware: Characterization and evolution,” in Security and Privacy (SP), 2012 IEEE Symposium on, 2012, pp. 95–109.
[13] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth,“Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones,” in Proceedings of the 9th USENIX conference on Operating systems design and implementation, ser. OSDI’10. Berkeley, CA, USA: USENIX Association,2010, pp. 1–6. [Online]. Available: http://dl.acm.org/citation.cfm?id=1924943.1924971
[14] S.-J. Chang, “APE: A Smart Automatic Testing Environment for Android Malware.”
[15] “Android SDK Intent.” [Online]. Available: http://developer.android.com/reference/android/content/Intent.html
[16] “Android Malware Found to Send Remote Commands.” [On-line]. Available: http://blog.trendmicro.com/trendlabs-security-intelligence/android-malware-found-to-send-remote-commands/
[17] “Android SDK AlarmManager.” [Online]. Available: http://developer.android.com/reference/android/app/AlarmManager.html
[18] “Android SDK SystemClock.” [Online]. Available: http://developer.android.com/reference/android/os/SystemClock.html
[19] G. Sarwar, O. Mehani, R. Boreli, and D. Kaafar, “On the effectiveness of dynamic taintanalysis for protecting against private information leaks on android-based devices,” in SE-CRYPT 2013, 10th International Conference on Security and Cryptography, P. Samarati,Ed. Reykjvik, Iceland: SciTePress, July 2013.
[20] R. Hasan, N. Saxena, T. Haleviz, S. Zawoad, and D. Rinehart, “Sensing-enabled channels for hard-to-detect command and control of mobile devices,” in Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, ser.ASIA CCS ’13. New York, NY, USA: ACM, 2013, pp. 469–480. [Online]. Available:http://doi.acm.org/10.1145/2484313.2484373


QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
1. 謝里法,《日據時代臺灣美術運動史》,臺北:藝術家,1978。
2. 趙綺娜,〈美國政府在臺灣的教育與文化交流活動 (一九五一至一九七○)〉,《歐美研究》31:1,頁91-4。
3. 莊素娥,〈純藝術的反叛者─顏水龍〉,《臺灣美術全集6顏水龍》,臺北:藝術家,1992,頁17-43。
4. 林承緯,〈顏水龍的臺灣工藝復興運動與柳宗悅─生活工藝運動之比較研究〉,《藝術評論》18(2008),頁167-95。
5. 林承緯,〈從金關丈夫的民藝書寫看民藝運動對臺灣工藝研究萌芽的影響:以雜誌《民俗臺灣》之「民藝解說」為中心〉,《臺灣文獻》61:2,頁36-55。
6. 周婉窈,〈進步由教育 幸福公家造─林獻堂與霧峰一新會〉,《臺灣風物》56:4(2006.12),頁39-89。
7. 吳聰敏,〈臺灣農畜業之生產額:1902-1952〉,《經濟論文叢刊》29:3 (2001.9),頁25-6。
8. 劉文三,〈顏水龍牽掛臺灣本土文化〉,《藝術家》270(1997),頁282-3。
9. 陳炎鋒,〈顏水龍與花都半個世紀的戀情─陳炎鋒寄自巴黎〉,《藝術家》127(1985.12),頁170-5。
10. 莊伯和,〈鄉土藝術的推動者─顏水龍〉,《雄獅美術》97(1979.3),頁6-44。
11. 莊伯和,〈為鄉土奉獻心血的藝術家─顏水龍〉,《雄獅美術》168(1985),頁99-101。
12. 顏水龍、陳奇祿,〈臺灣民藝及臺灣原始藝術─臺灣研究研討會第三次集會記錄(座談會記錄)〉,《臺灣風物》28:3(1978),頁43-56。
13. 顏水龍,〈我對促進臺灣手工業所做之努力〉,《工業設計與包裝季刊》10(1977.3),頁6-7。
 
系統版面圖檔 系統版面圖檔