Android應用程式靜態API分析以及安裝建議系統

Chih-An Chang; 張至安

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/58375

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	王勝德
dc.contributor.author	Chih-An Chang	en
dc.contributor.author	張至安	zh_TW
dc.date.accessioned	2021-06-16T08:13:00Z	-
dc.date.available	2015-03-09
dc.date.copyright	2014-03-09
dc.date.issued	2014
dc.date.submitted	2014-02-14
dc.identifier.citation	[1] A. Thampi, 'Path uploads your entire iPhone address book to its servers,' http://mclov.in/2012/02/08/path-uploads-your-entire-address-book-to-their-servers.html, 2012. [2] 'Facebook spies on phone users' text messages, report says.,' http://www.news.com.au/breaking-news/facebook-spies-on-phone-users-text-messages-report-says/story-e6frfku0-1226282017490#ixzz2eThCBDwkws.com.au/breaking-news/facebook-spies-on-phone-users-text-messages-report-says/story-e6frfku0-1226282017490, 2012. [3] S. Rosen, Z. Qian, and Z. M. Mao, 'AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users,' presented at the Proceedings of the third ACM conference on Data and application security and privacy, San Antonio, Texas, USA, 2013. [4] B. P. Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru, and I. Molloy, 'Android permissions: a perspective combining risks and benefits,' presented at the Proceedings of the 17th ACM symposium on Access Control Models and Technologies, Newark, New Jersey, USA, 2012. [5] W. Enck, M. Ongtang, and P. McDaniel, 'On lightweight mobile phone application certification,' presented at the Proceedings of the 16th ACM conference on Computer and communications security, Chicago, Illinois, USA, 2009. [6] T. Isohara, K. Takemori, and A. Kubota, 'Kernel-based Behavior Analysis for Android Malware Detection,' in Computational Intelligence and Security (CIS), 2011 Seventh International Conference on, 2011, pp. 1011-1015. [7] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, et al., 'TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones,' presented at the Proceedings of the 9th USENIX conference on Operating systems design and implementation, Vancouver, BC, Canada, 2010. [8] K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, 'PScout: analyzing the Android permission specification,' presented at the Proceedings of the 2012 ACM conference on Computer and communications security, Raleigh, North Carolina, USA, 2012. [9] A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, 'Android permissions demystified,' presented at the Proceedings of the 18th ACM conference on Computer and communications security, Chicago, Illinois, USA, 2011. [10] Milaparkour, 'Contaigo, Malware Dump,' http://contagiodump.blogspot.tw/, 2013. [11] J. Hoffmann, M. Ussath, T. Holz, and M. Spreitzenbarth, 'Slicing droids: program slicing for smali code,' presented at the Proceedings of the 28th Annual ACM Symposium on Applied Computing, Coimbra, Portugal, 2013. [12] Y. Aafer, W. Du, and H. Yin, 'DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android,' 2013. [13] W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, 'A study of android application security,' presented at the Proceedings of the 20th USENIX conference on Security, San Francisco, CA, 2011. [14] A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, and Y. Weiss, ''Andromaly': a behavioral malware detection framework for android devices,' J. Intell. Inf. Syst., vol. 38, pp. 161-190, 2012. [15] I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, 'Crowdroid: behavior-based malware detection system for Android,' presented at the Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, Chicago, Illinois, USA, 2011. [16] 'Androguard,' https://code.google.com/p/androguard/people/list, 2013. [17] B. alll and c. tumbleson, 'Android-Apktool,' https://code.google.com/p/android-apktool/, 2013. [18] C. Pacheco and M. D. Ernst, 'Randoop: feedback-directed random testing for Java,' presented at the Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion, Montreal, Quebec, Canada, 2007. [19] R. Vall, #233, e-Rai, P. Co, E. Gagnon, L. Hendren, et al., 'Soot: a Java bytecode optimization framework,' presented at the CASCON First Decade High Impact Papers, Toronto, Ontario, Canada, 2010. [20] R3V3R53R, 'LID: Lost in Droid,' http://machiry.wordpress.com/2012/10/01/downloading-apks-from-google-play-to-your-desktop/, 2013. [21] '42matters,' https://42matters.com/, 2013. [22] 'VirusTotal,' https://www.virustotal.com/.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/58375	-
dc.description.abstract	Android系統已經成為現在主流的智慧型裝置作業系統。目前Android對可疑軟體的防護主要是依靠使用者自身的判斷，Android系統本身只提供給使用者簡略的資訊。在這篇論文中，我們主要想要改進這點，給使用者更詳細的資訊來判斷一個應用程式是否為可疑軟體。一旦使用者上傳了一個apk檔案，系統會開始提取裡面的資訊包含了API calls、permissions還有自訂的features。我們主要用的是靜態分析的方法來分析，並且把分析的結果存回資料庫，最後再把結果轉換成容易理解的敘述上傳到網頁上，為了那些對智慧型裝置不熟悉的使用者，我們為他們評估了應用程式的風險程度，以分數的方式呈現，並設定了一個門檻來判斷其是否為可疑軟體。門檻的決定是透過分析一部分的樣本，找尋可疑軟體的常見特徵，並給定各個特徵一個加權分數並透過不斷的測試與調整以得到最好的準確率，我們的樣本包含了936個應用程式，裡面有200個可疑軟體以及736個無害的應用程式，最終測出來的結果是85.15%的準確率。	zh_TW
dc.description.abstract	Android has been one of the most popular operating systems for the mobile devices. And the Android’s permission system can inform users the privacy information used by the applications to be installed, but it only tells the very basic information. In this paper, the goal is to make sure users can understand the risks of installing an application. When users upload an .apk file, the proposed system extracts information about this application, including using API calls, permissions, and selected features. To analyze individual privacy breach or possibility of attack, with selected features and heuristic rules, we used static analysis and focused on analyzing the disassembled code. The analytic results are kept in the database, and then the results are translated into understandable sentences and displayed on a webpage for users to access. For the non-technical users, we make an assessment for them. We calculate the risk score for each individual application, and set a threshold to determine if it is a malware or not. The risk score is heuristic-based. We applied the analytic tools on part of the benign and malware datasets, and examined the results to find the pattern of determining the malicious applications, and then gave them a weighted function, which is adjusted by knowledge and the test results, to achieve the highest accuracy. Our dataset contains 936 applications, including 200 malwares and 736 benign applications. The result is 85.15% accuracy with 81.5% true positive rate and 13.86% false positive rate.	en
dc.description.provenance	Made available in DSpace on 2021-06-16T08:13:00Z (GMT). No. of bitstreams: 1 ntu-103-R00921078-1.pdf: 2653628 bytes, checksum: 543aad086720caf771c765952cef66c8 (MD5) Previous issue date: 2014	en
dc.description.tableofcontents	口試委員審定書 i 摘要 ii Abstract iii Chapter 1 Introduction 1 1.1 Existing Android Permission System 3 1.2 Contribution 5 1.3 Thesis Organization 6 Chapter 2 Related Work 7 2.1 Other Malware Detecting Techniques 7 2.1.1 Static Analysis 8 2.1.2 Dynamic Analysis 10 2.2 Introduction to Analysis Tools 11 2.2.1 Androguard 11 2.2.2 Apktool 12 2.2.3 Stowaway 13 2.2.4 PSCOUT 13 Chapter 3 Proposed Technique 15 3.1 Operating Process 16 3.2 Feature Extraction 17 3.2.1 How to Extract Features 18 3.2.1.1 Parsing AndroidManifest.xml 19 3.2.1.2 Parsing Disassembled DVM Codes 20 3.3 Extract Privacy Breach API Calls 24 3.4 Extract Dangerous API Calls 24 3.5 Translation and Estimating Risk Scores 25 3.5.1 Translation the Features 25 3.5.2 Estimating Risk Scores 25 Chapter 4 Experiment Setup & Results 27 4.1 Evaluation metrics 27 4.2 Datasets 28 4.2.1 Contaigo: Malware dataset 28 4.2.2 Benign App Dataset 30 4.3 Environment 31 4.4 Experiment Results 32 4.4.1 Malware App Detection Rate 32 4.4.2 Advisory System 34 4.4.3 System Overhead 37 Chapter 5 Conclusion 38 Reference 39
dc.language.iso	en
dc.title	Android應用程式靜態API分析以及安裝建議系統	zh_TW
dc.title	A Static API Analysis and Installation Advisory System for Android Applications	en
dc.type	Thesis
dc.date.schoolyear	102-1
dc.description.degree	碩士
dc.contributor.oralexamcommittee	雷欽隆,顏嗣鈞,洪士灝
dc.subject.keyword	Android,靜態分析,應用程式介面,安全,隱私,	zh_TW
dc.subject.keyword	Android,Static analysis,API,Security,Privacy,	en
dc.relation.page	41
dc.rights.note	有償授權
dc.date.accepted	2014-02-14
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電機工程學研究所	zh_TW
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-103-1.pdf 目前未授權公開取用	2.59 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。