- 學位論文
藉系統層的資訊流動追蹤以偵測Android平台上竊取敏感資料的行為
DroidTracking : Detecting Sensitive Data Stealing on Android with System-Wide Information Flow Tracking
摘要
Lookout Mobile Security(手機防毒公司)指出,Google Android Market上已超過50個以上的應用程式被發現遭注入DroidDream惡意程式,DroidDream送出大量敏感資料到遠端伺服器上,而它是第一個被發現到具有攻擊並利用Android作業系統漏洞能力的惡意程式。為了要準確分析malware,我們藉修改虛擬的ARM CPU,提出具有系統層、精確性的資訊流動追蹤能力的DroidTracking分析工具,以虛擬機器為基礎的DroidTracking可分析整個Android作業系統以了解關於竊取敏感資料的行為,不同於以往的分析工具, DroidTracking藉分析系統層的資訊可避免欲分析的資訊已遭受惡意程式所影響,再對系統物件做byte-level的分析可達到更精確的資訊流動追蹤。我們的實作包含追蹤GPS, IMEI, IMSI和ICC-ID,未來也將追蹤更多手機上的敏感資料,而實驗中,我們蒐集大量已被DroidDream感染的已知應用程式,並用DroidTracking做分析,可成功的偵測並證實被感染的應用程式正在竊取敏感資料的事實。
並列摘要
A large number of Android applications injected with DroidDream malware have been found on the Google Android Market by Lookout Mobile Security. According to Lookout, DroidDream sends a variety of sensitive data to a remote server. It is the first malware that exploits vulnerabilities of the Android operating system (Android OS). To cope with the problem, we propose DroidTracking, a system-wide and fine-grained information flow tracking system with emulated ARM CPU. DroidTracking analyzes the entire Android OS to detect sensitive data stealing behaviors. Unlike the conventional operating system call tracking schemes, our VM-based, system-wide analysis can avoid malware interference, and its fine-grained information flow tracking supports accurate byte-level system objects analysis. DroidTracking has been implemented to track sensitive information leakage, such as GPS, IMEI, IMSI and ICC-ID. To evaluate the DroidTracking, we collected a number of popular Android applications infected with DroidDream. Our experiment showed that the infected applications’s behaviors of stealing sensitive data can be accurately identified and detected.
參考文獻
延伸閱讀
- Chang, C. H. (2013). 分析Android儲存裝置存取之資料流動追蹤技術 [master's thesis, National Chiao Tung University]. Airiti Library. https://doi.org/10.6842/NCTU.2013.00506
- Wu, W. C. (2014). 運用機器學習及巨量資料分析實現Android惡意程式動態偵測 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2014.03127
- 王智弘、陳嘉宜(2018)。以即時動態訊息監控結合靜態特徵進行Android惡意程式分析。載於國立東華大學(主編),NCS 2017 全國計算機會議(頁877-881)。國立東華大學。https://doi.org/10.29428/9789860544169.201801.0164
- 蘇宏麒(2013)。針對手機特有資訊為輸入點的Android應用程式測試平台〔碩士論文,國立臺灣大學〕。華藝線上圖書館。https://doi.org/10.6342/NTU.2013.00024
- Su, M. Y., Chang, J. Y., & Fung, K. T. (2019). Android Malware Detection Approaches in Combination with Static and Dynamic Features. International Journal of Network Security, 21(6), 1031-1041. https://doi.org/10.6633/IJNS.201911_21(6).17