請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/21001
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 孫雅麗(Ya-li Sun) | |
dc.contributor.author | Shau-Hsuan Lin | en |
dc.contributor.author | 林劭軒 | zh_TW |
dc.date.accessioned | 2021-06-08T03:14:54Z | - |
dc.date.copyright | 2017-02-16 | |
dc.date.issued | 2017 | |
dc.date.submitted | 2017-02-09 | |
dc.identifier.citation | 1. Zhou, Y., Jiang, X.: Dissecting Android Malware: Characterization and Evolution. In: IEEE Symposium on Security and Privacy, pp. 95–109. San Francisco, CA (2012)
2. William Enck, Peter Gilbert., et al.: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In: 9th USENIX Symposium on Operating Systems Design and Implementation (2010) 3. Kimberly Tam, Salahuddin J. Khan., et al.: CopperDroid: Automatic Reconstruction of Android Malware Behaviors. In: The 2015 Network and Distributed System Security Symposium (NDSS 2015) 4. Victor van der Veen: Dynamic Analysis for Android Malware, VU University Amsterdam Faculty of Sciences Department of Computer Sciences (2013) 5. AU, K.W.Y., et al.: Pscout: Analyzing the Android Permission Specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 217–228. ACM (2012) 6. Yan, L.-K., Yin, H.: DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis. In: USENIX Security Symposium, pp. 569–584. USENIX (2012) 7. Mu Zhang, Yue Duan, et al.: Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1105-1116. ACM (2014) 8. ANDERSON LUIZ SARTOR: AndroProf: A Profiling tool for the Android platform. In: IEEE Computing Systems Engineering (SBESC), pp. 23-28. IEEE (2013) 9. Cong Zheng, Shixiong Zhu, et al.: SmartDroid: An Automatic System for Revealing UI-based Trigger Conditions in Android Applications. In: Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices, pp. 93–104. ACM (2012) 10. Wei, X., et al.: ProfileDroid: Multi-layer Profiling of Android Applications. In: Proceedings of the 18th Annual International Conference on Mobile Computing and Networking, pp. 137–148. ACM (2012) 11. Yousra Aafer, Wenliang Du, et al.: DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android. In: 9th International Conference on Security and Privacy in Communication Networks, (2013) 12. 姜立垣: Malware family motif API sequence analysis on Windows platform (2016) 13. Oscar Somarriba, Urko Zurutuza, et al.: Detection and Visualization of Android Malware Behavior. In: Journal of Electrical and Computer Engineering. (2016) 14. Parvez Faruki, Vijay Laxmi, et al.: AndroSimilar: Robust signature for detecting variants of Android malware. In: journal of information security and applications. (2014) 15. Wei Yang, Xusheng Xiao et al.: AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context. In: Proc. of 37th International Conference on Software Engineering. (2015) 16. Wenjun Hu, Jing Tao et. al.: MIGDroid: Detecting APP-Repackaging Android Malware via Method Invocation Graph. In: IEEE (2014) 17. Lukas Weichselbaum, Matthias Neugschwandtner et al.: ANDRUBIS: Android Malware Under The Magnifying Glass. In: iseclab (2015) 18. Seung-Hyun Seo, Aditi Gupta et al.: Detecting mobile malware threats to homeland security through static analysis. In: Journal of Network and Computer Applications. (2014) 19. Vaibhav Rastogi, Yan Chen., et al.: Appsplayground: Automatic Security Analysis of Smartphone Applications. In: Proceedings of the third ACM Conference on Data and Application Security and Privacy, pp. 209–220. ACM (2013) 20. Wu, D.-J., Mao, C.-H., et al.: Droidmat: Android Malware Detection Through Manifest and API Calls Tracing. In: 2012 IEEE Seventh Asia Joint Conference on Information Security (Asia JCIS), pp. 62–69. IEEE (2012) 21. Android-x86 - Porting Android to x86, http://www.android-x86.org 22. QEMU Machine Protocol, http://wiki.qemu.org/QMP 23. Android Debug Bridge, http://developer.android.com/tools/help/adb.html 24. Android Developer Website, https://developer.android.com/index.html | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/21001 | - |
dc.description.abstract | 有鑒於智慧型裝置的普及,運行於裝置上的App琳琅滿目,而一般使用者卻難以得知一個App是否在他們不知道的情況下執行惡意行為。因此在這篇論文中,我們希望能夠在虛擬的環境下運行App,並紀錄其行為進行分析。
我們下載Android 4.4版本的原始碼,並修改預設的動態分析工具,使該工具除了可以紀錄API之外,也能夠抓取API的參數和回傳值。在進行動態分析實驗時,透過分析App的AndroidManifest.xml,我們可以得知App的觸發方式,傳送假廣播以觸發App的行為。 透過動態實驗所得到的execution trace中API數量龐大,在研究中我們定義Sensitive API set。其中包括需要permission的API和與App Sensitive Action相關的API,以此過濾execution trace,留下的API序列我們稱其為profile。 對於這些profile,我們希望能夠透過序列分析的方式萃取出相同的序列作為惡意程式的特徵,在做序列分析前我們先將所有profile丟進Dendrogram以建立profile之間的相似關係樹,將統計上較接近的profile分在同一組。之後各組會分別丟入序列分析以產生相同和不同的序列。在論文中以Gone60和ADRD兩個惡意程式家族為例,顯示使用我們的分析方式能夠找到單一惡意程式家族的基本特徵(即每隻樣本都有的行為),或是只屬於部分樣本的特徵。 透過抓取惡意程式家族的特徵,我們能夠更了解這些惡意程式在執行期間的行為。在未來希望透過對更多的惡意程式家族進行分析,以得到更多不同種類的特徵。分析出越多的特徵,我們就能越瞭解惡意程式家族執行的方式,對於後續的偵測能有更大的幫助。 | zh_TW |
dc.description.abstract | There are many apps for mobile devices nowadays, but it's hard for a user to know whether an app executes malicious behaviors. This thesis runs apps and record their behaviors. After that, we will extract their features.
We download Android 4.4 OS source code, and modify default profiling tool to get API’s runtime parameter and return value. When profiling malware’s behaviors, we parse AndroidManifest.xml of app to know how it can be triggered, and we can trigger it through sending fake broadcasts. Since enormous APIs in execution trace is quite annoying for analysis, we defined Sensitive API set, including APIs which need permissions or are related to sensitive actions. After filtering execution traces, the remaining API sequence is regard as profile。 For those profiles, we extract features through sequence alignment. First, we input all profiles to Dendrogram in order to separate those profiles to groups. Each group will be thrown into sequence alignment algorithm and common and different sequence in one malware family can be extracted. We use Gone60 and ADRD to show how our method can find common and different features in one malware family. Through getting features from malwares, we can understand how they work. We will analyze more malware families in the future to get more kinds of features. With those features, we can classify one malware or detect whether one app have malicious behaviors. | en |
dc.description.provenance | Made available in DSpace on 2021-06-08T03:14:54Z (GMT). No. of bitstreams: 1 ntu-106-R03725039-1.pdf: 6135563 bytes, checksum: 02908b8ac66c07a0fdeb2d35655a92f5 (MD5) Previous issue date: 2017 | en |
dc.description.tableofcontents | 致謝 1
中文摘要 2 ABSTRACT 3 目錄 4 圖目錄 6 表目錄 9 1. Introduction 10 2. Related work 11 3. Background 15 3.1、 Android System Architecture 15 3.1.1、 Android Application 16 3.1.2、 Android Framework 29 3.1.3、 Android Runtime 30 3.1.4、 Android Native Layer 33 3.1.5、 Android Linux Kernel 33 3.2、 IPC mechanism 34 3.2.1、 Binder 34 3.2.2、 AIDL 36 3.2.3、 Intent 36 3.3、 Android Security Model 37 3.3.1、 Authentication 37 3.3.2、 Authorization 45 4. Profiling System Design 50 4.1、 Experiment – Dynamic Analysis 50 4.1.1、 Record APIs, it’s parameters and return value 51 4.1.2、 Assure full coverage of malware behavior 58 4.2、 Preprocessing 65 4.2.1、 Permission API (Ap) 66 4.2.2、 APIs that are related to sensitive actions (AS) 69 5. Malware Behavior Analysis on Feature Profiles 72 5.1、 Profile generation 72 5.2、 Dendrogram 74 5.3、 Alignment 75 6. Case Study 77 6.1、 Gone60 77 6.2、 ADRD 82 7. Limitation and Future work 87 8. Conclusion 88 9. Reference 89 | |
dc.language.iso | zh-TW | |
dc.title | 在Android裝置上的動態API側錄與執行序列分析 | zh_TW |
dc.title | Dynamic API-based Profiling and Execution Sequence Analysis for Android Devices | en |
dc.type | Thesis | |
dc.date.schoolyear | 105-1 | |
dc.description.degree | 碩士 | |
dc.contributor.oralexamcommittee | 李漢銘(Hon-Ming Li),李育杰(Yuh-Jye Lee),陳孟彰(Meng-Chang Chen),謝錫?(Hsi-Kun Hsieh) | |
dc.subject.keyword | Android架構,Android安全,Android動態分析,演化樹,序列分析, | zh_TW |
dc.subject.keyword | Android Architecture,Android Security,Android Dynamic Analysis,Dendrogram,Sequence Alignment, | en |
dc.relation.page | 91 | |
dc.identifier.doi | 10.6342/NTU201700435 | |
dc.rights.note | 未授權 | |
dc.date.accepted | 2017-02-09 | |
dc.contributor.author-college | 管理學院 | zh_TW |
dc.contributor.author-dept | 資訊管理學研究所 | zh_TW |
顯示於系所單位: | 資訊管理學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-106-1.pdf 目前未授權公開取用 | 5.99 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。