题名

以汙染傳遞為基礎之行動軟體威脅行為偵測

并列篇名

Detecting Mobile Application Malicious Behavior Based on Taint Propagation

DOI

10.6188/JEB.2015.17(3).04

作者

陳嘉玫(Chia-Mei Chen);林哲銘(Je-Ming Lin);歐雅惠(Ya-Hui Ou);賴谷鑫(Gu-Hsin Lai)

关键词

靜態分析 ; 逆向工程 ; 汙染傳播法 ; 惡意軟體偵測 ; Static analysis ; reverse engineering,taint propagation ; malware detection

期刊名称

電子商務學報

卷期/出版年月

17卷3期(2015 / 09 / 01)

页次

375 - 392

内容语文

繁體中文
中文摘要

隨著科技的進步,各企業組織提供客戶與員工無所不在的運算,線上服務也增加行動版,以提升競爭力與效率。為了方便使用與隨時連線,個人資料也因此儲存於行動裝置中,造成隱私資料洩漏之風險。動態分析需要隔離環境做分析,且分析時間較久,分析速度可能無法趕上惡意程式成長速度。此外,在分析過程中是否能成功觸發惡意行為,一直是動態分析的難題。本研究以靜態分析方式,以汙染傳播法追蹤程式碼資料流,利用惡意程式家族中歸納出威脅模式,再將追蹤之資料流與威脅模式進行比對,並回報符合之資料傳遞行為。實驗資料乃採用19個行動惡意程式家族進行測試。實驗結果證明本研究可以有效的偵測Android APP的惡意程式,正確率高達91.6%。
主题分类 人文學 > 人文學綜合
基礎與應用科學 > 資訊科學
基礎與應用科學 > 統計
社會科學 > 社會科學綜合
参考文献
  1. 陳嘉玫、江玟璟、歐雅惠(2014)。開放資料應用於行動惡意程式分析研究。電子商務研究,12(3),319-335。
    連結:
  2. Spreitzenbarth, M. (2012).Forensic blog: Mobile phone forensics and mobile malware.Retrieved October 15, 2013,fromhttp://forensics.spreitzenbarth.de/2012/02/12/detailed-analysis-of-android-b master/
  3. AndroLib. (2014). Number of new applications in Android market by month.Retrieved May 15, 2014, from http://www.androlib.com/appstats.aspx
  4. Symantec.(2012).Security response. Retrieved October 15, 2013, from http://www.symantec.com/security_response/
  5. Arsene, L. (2012). Android mobile malware report - 2012. Retrieved October 15,2013, from http://www.hotforsecurity.com/blog/android-mobile-malware-report-august-2012-3459.html
  6. Apvrille, A.,Strazzere, T.(2012).Reducing the window of opportunity for Android malware Gotta catch'em all.Journal in Computer Virology,8(1-2),61-71.
  7. Chess, B.,West, J.(2007).Secure programming with static analysis.MA:Addison-Wesley Professional.
  8. Dai, S.(2010).Behavior-based malware detection on mobile phone.Proceedings of the 6th International Conference on Wireless Communications Networking and Mobile Computing (WiCOM),Chengdu, China:
  9. F-Secure(2012).,未出版
  10. Grace, M.,Zhou, Y.,Zhang, Q.,Zou, S.,Jiang, X.(2012).RiskRanker: Scalable and accurate zero-day android malware detection.Proceedings of the 10th international conference on Mobile systems, applications, and services,Ambleside, UK.:
  11. Kang, Y.,Park, C.,Wu, C.(2007).Reverse-engineering 1-n associations from Java bytecode using alias analysis.Journal of Information and Software Technology,49(2),81-98.
  12. Kim, H.,Smith, J.,Shin, K. G.(2008).Detecting energy-greedy anomalies and mobile malware variants.Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services,Colorado, USA:
  13. McAfee(2013).,未出版
  14. Nauman, M.,Khan, S.,Zhang, X.(2010).Apex: Extending Android permission model and enforcement with user-defined runtime constraints.Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security,Beijing, China:
  15. Schmidt, A. D.,Schmidt, H. G.,Batyuk, L.,Clausen, J. H.,Camtepe, S. A.,Albayrak, S.,Yildizli, C.(2009).Smartphone malware evolution revisited Android next target?.Proceedings of the 4th International Conference on Malicious and Unwanted Software (MALWARE 2009),Montreal, Canada:
  16. Shabtai, A.,Kanonov, U.,Elovici, Y.(2010).Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method.Journal of Systems and Software,83(8),1524-1537.
  17. Shabtai, A.,Kanonov, U.,Elovici, Y.,Glezer, C.,Weiss, Y.(2012)."Andromaly": A behavioral malware detection framework for android devices.Journal of Intelligent Information Systems,38(1),161-190.
  18. Wu, D. J.,Mao, C. H.,Wei, T. E.,Lee, H. M.,Wu, K. P.(2012).DroidMat: Android malware detection through manifest and API calls tracing.Proceedings of the7th Asia Joint Conference on Information Security,Tokyo, Japan:
  19. Zhou, Y.,Jiang, X.(2012).Dissecting Android malware: Characterization and evolution.Proceedings of the 33rd IEEE Symposium on Security and Privacy,California, USA.:
  20. 劉清雲、施汎勳(2014)。行動應用程式檢測與鑑識。台灣駭客年會(HITCON 2014),台灣,台北市:
被引用次数
  1. 趙文傑、林文暉、王平(2015)。雲端應用程式資訊流之動態污點傳播分析。資訊安全通訊,21(2),1-20。
print cancel