標題: MalCatcher:以存取以及網路洩漏隱私資料行為為基礎的Android惡意程式行為偵測
MalCatcher: Private and Network Data Leakage Behavior-Based Malware Detection on Android
作者: 謝維揚
Hsieh, Wei-Yung
曾文貴
Tzeng, Wen-Guey
網路工程研究所
關鍵字: 智慧型手機;動態分析;惡意程式;Android;Dynamic analysis;Malware
公開日期: 2012
摘要: 由於智慧型手機的多功能性以及方便性,使得越來越多人都擁有智慧型手機,人們漸漸地將他們自身的隱私資料存入手機中,因此智慧型手機的系統安全防護就顯得非常重要,其中由於Android系統是屬於開放式原始碼,任何人皆可研究其系統詳細的架構以及運作流程,使得在其系統上開發惡意程式的門檻降低。在最近幾年,Android上的惡意程式數量長大速度非常地快速,在現今防毒軟體所使用的signature-based static analysis方法已經無法跟上惡意程式的演化速度,因此我們希望能透過dynamic analysis方法來偵測惡意程式,並且盡可能地降低誤判的機率,提升偵測惡意程式的效果。因此,我們提出了一個新的有效動態分析(dynamic analysis)Android惡意程式行為的方法,希望能有效地偵測出惡意程式行為,我們也實作出了一個名為MalCatcher的系統套用了上述的方法,實作的方法主要是修改了Android系統原始碼並重新編譯,然後運行在模擬器上建立一獨立且受控制的環境供APP導入執行,並且我們也將一網路封包監控軟體snort重新交叉編譯為Android系統可執行之版本運行在模擬器上來監控網路封包是否有洩漏使用者隱私資料。我們也取得了大量的實際惡意程式以及正常APP進行實驗來驗測試並驗證我們的方法的效果,實驗結果也顯示了我們的方法能夠非常有效地偵測出惡意程式。
More and more people use smartphones in the world. People put more and more their own personal private information into smartphones, so it is important to secure the mobile system, especially Android. Due to the fact that Android is an open-source system, it is easier to develop malwares on Android. In recent years, the number of malwares is dramatically increasing and evolving on Android. We need a effective approach to keep up the speed of malwares’ changes. In this paper, we propose a new dynamic analysis scheme for malware detection on Android, we monitor the app’s behaviors during its execution time and use these behavior information to judge the app whether a malware or not. We also develop a system called MalCatcher to implement our scheme. We add logging function into the Android system source code and compile the modified source code to a system image to build an isolated and monitored environment for Android apps’ execution. Moreover, we have gained a large number of truly malware and normal app to do our experiment and testify our scheme’s effectiveness. Our result show that our scheme can detect malware efficiently.
URI: http://140.113.39.130/cdrfb3/record/nctu/#GT070056511
http://hdl.handle.net/11536/71563
Appears in Collections:Thesis


Files in This Item:

  1. 651101.pdf