請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/55882完整後設資料紀錄
| DC 欄位 | 值 | 語言 |
|---|---|---|
| dc.contributor.advisor | 洪士灝(Shih-Hao Hung) | |
| dc.contributor.author | Yen-Chien Pan | en |
| dc.contributor.author | 潘彥謙 | zh_TW |
| dc.date.accessioned | 2021-06-16T05:10:05Z | - |
| dc.date.available | 2016-08-25 | |
| dc.date.copyright | 2014-08-25 | |
| dc.date.issued | 2014 | |
| dc.date.submitted | 2014-08-18 | |
| dc.identifier.citation | [1] “Self-modifying code,” http://en.wikipedia.org/wiki/Self-modifying_code.
[2] “Android,” http://developer.android.com/. [3] S.-J. Chang, “Ape: A smart automatic testing environment for android malware,” Master’s thesis, National Taiwan University, 2013. [4] S. Poeplau, Y. Fratantonio, A. Bianchi, C. Kruegel, and G. Vigna, “Execute this! an- alyzing unsafe and malicious dynamic code loading in android applications,” in NDSS, vol. 14, 2014, pp. 23–26. [5] J. Maebe and K. D. Bosschere, “Instrumenting self-modifying code,” CoRR, vol. cs.SE/0309029, 2003. [6] X. Martin, “Nifty stuff that you can still do with android,” in Hackito Ergo Sum, ser. HES, 2013. [7] P. Schulz, “Code protection in android,” Insititute of Computer Science, Rheinische Friedrich-Wilhelms-Universitgt Bonn, Germany, 2012. [8] bluebox, “Android security analysis challenge tampering dalvik bytecode during run- time,” Tech. Rep., March 2013. [9] T. Strazzere, “Dex education: Practicing safe dex,” in Blackhat USA, 2012. [10] bluebox, “Android emulator detection by observing low-level caching behavior,” Tech. Rep., December 2013. | |
| dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/55882 | - |
| dc.description.abstract | 近年來,隨著Android智慧型裝置和應用程式急遽地增加,惡意程式也以
驚人的速度增長當中。雖然Android系統上存在著許多防毒軟體,但惡意程 式會試著使用各種多變的技倆來隱藏自己以迴避偵測。 Android系統上的程序自修改正是一個用來隱藏自己代碼的新技術。在這 篇論文中,我們提出一個偵測方法來協助偵測這種類型的惡意程式,並根 據偵測的結果發展了一套保護機制來避免執行到修改後代碼的風險。 我們自動測試了73,754個從Google Play上下載的應用程式和44,315個已 知的惡意程式,發現有了大約0.07%的應用程式含有程序自修改的行為,而 其中最可疑的一群應用程式被判定含有廣告。雖然到目前為止我們並未偵 測到任何利用程序自修改隱藏自己的惡意程式,但我們希望這份研究在未 來能幫助偵測新類型的程序自修改的惡意程式。 | zh_TW |
| dc.description.abstract | The numbers of Android mobile devices and applications are both increased dramatically these years, but unfortunately, so are malwares. While there are a lot of anti-virus applications on Android systems, malwares usually use various tricks to prevent themselves from being detected.
Self-modification is a novel technique on Android system which allows applications to hide its actual code. In this paper, we propose a detection method to help detect this type of malware, and based on the detection result, we further developed a mechanism to protect users from the risk of executing modified code. We evaluate 73,754 applications downloaded from Google Play and 44,315 known malwares with our detection mechanism. In the result, there are about 0.07% applications have self-modification behavior, and the most suspicious ones are measured as adwares. Although we haven’t encountered any self-modifying malware yet, hopefully, this work serves to help detect new types of self-modifying malware in the future. | en |
| dc.description.provenance | Made available in DSpace on 2021-06-16T05:10:05Z (GMT). No. of bitstreams: 1 ntu-103-R01922135-1.pdf: 2352557 bytes, checksum: 707a84b6ba25a05cc14dbad98e767f06 (MD5) Previous issue date: 2014 | en |
| dc.description.tableofcontents | Acknowledgments . . .i
中文 摘要 . . .ii Abstract . . .iii 1 Introduction . . .1 1.1 Thesis Organization . . .2 2 Background and Related Work . . .3 2.1 Dalvik Virtual Machine . . .3 2.2 Malware Analysis . . .3 2.3 APE . . .4 2.4 Java Native Interface . . .5 2.5 Dynamic Code Loading . . .6 2.5.1 Problems with loading external code . . .6 2.5.2 Techniques of dynamic code loading . . .6 2.6 Related Work . . .8 3 Mechanism . . .10 3.1 Detect Self-modifying Code . . .10 3.1.1 How Self-modification Works . . .10 3.1.2 How to Detect Self-modification . . .12 3.1.3 When to Detect Self-modification . . .12 3.1.4 Tracing the Caller . . .14 3.1.5 Revealing Modified Codes . . .14 3.2 Protect from Self-modifying Code . . .15 3.2.1 Execution of Modified Code before Return of Native Code . . .15 3.2.2 How to Prompt a Dialog . . .16 4 Evaluation . . .17 4.1 Experimental Setup . . .17 4.2 Verifying Functional Correctness . . .18 4.3 Performance Overhead . . .18 4.4 Massive Testing . . .19 4.4.1 Malware Testing . . .20 4.4.2 Trigger Points Analysis . . .20 4.4.3 Libraries Analysis . . .21 4.5 Case Study . . .22 5 Limitation and Future Work . . .23 6 Conclusion . . .24 Bibliography . . .25 | |
| dc.language.iso | en | |
| dc.subject | 安全 | zh_TW |
| dc.subject | 智慧型手機 | zh_TW |
| dc.subject | 自動化測試 | zh_TW |
| dc.subject | 自修改程序 | zh_TW |
| dc.subject | 惡意程式 | zh_TW |
| dc.subject | 安卓 | zh_TW |
| dc.subject | Malware | en |
| dc.subject | Security | en |
| dc.subject | Android | en |
| dc.subject | Smartphone | en |
| dc.subject | Automatic Testing | en |
| dc.subject | Self-modifying Code | en |
| dc.title | Android系統上程序自修改的偵測與保護 | zh_TW |
| dc.title | Self-modifying Code Detection and Protection on Android System | en |
| dc.type | Thesis | |
| dc.date.schoolyear | 102-2 | |
| dc.description.degree | 碩士 | |
| dc.contributor.oralexamcommittee | 徐慰中(Wei-Chung Hsu),廖世偉(Shih-Wei Liao) | |
| dc.subject.keyword | 安卓,安全,惡意程式,自修改程序,自動化測試,智慧型手機, | zh_TW |
| dc.subject.keyword | Android,Security,Malware,Self-modifying Code,Automatic Testing,Smartphone, | en |
| dc.relation.page | 25 | |
| dc.rights.note | 有償授權 | |
| dc.date.accepted | 2014-08-19 | |
| dc.contributor.author-college | 電機資訊學院 | zh_TW |
| dc.contributor.author-dept | 資訊工程學研究所 | zh_TW |
| 顯示於系所單位: | 資訊工程學系 | |
文件中的檔案:
| 檔案 | 大小 | 格式 | |
|---|---|---|---|
| ntu-103-1.pdf 未授權公開取用 | 2.3 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。