簡易檢索 / 詳目顯示

回結果列表
研究生: 宋哲光
Sung, Je-Guang
論文名稱: 利用 Android 系統隱通道攻擊之惡意軟體分析與偵測
Covert Channel Based Malware Analysis and Detection for Android Systems
指導教授: 楊竹星
Yang, Chu-Sing
學位類別: 碩士
Master
系所名稱: 電機資訊學院 - 電腦與通信工程研究所
Institute of Computer & Communication Engineering
論文出版年: 2013
畢業學年度: 101
語文別: 中文
論文頁數: 45
中文關鍵詞: Android智慧型手機竊聽木馬惡意軟體
外文關鍵詞: Android, Smartphone, Eavesdropping Trojan, Malware
相關次數: 點閱:88下載:2
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • Covert Channel 的存在,為 Android 不同APP 間資料訊息傳遞,提供了隱匿不受監控的方式。惡意軟體可以利用螢幕亮度、手機音量,以及 External Storage等等媒介來達成 Covert Channel 資料傳遞的手段。若沒有機制對此種威脅做適當的處理,則 Malware 可以利用合作的方式降低單獨個體所需的資料權限,隱匿的傳送資料,對使用者的隱私及資料安全,造成巨大的危害,因此我們必須重視此類威脅。
    在本研究,我們實作一件以竊聽智慧型手機使用者隱私為主的實驗測試軟體,其結合VoIP與Covert Channel技術並做為實驗分析的對象。我們並提出了一項避免智慧型手機電子感應元件遭到惡意軟體利用後,透過 Android本身的隱通道洩密而對使用者的隱私造成傷害的解決方案Anti-malicious Eavesdropping System,Covert Channel Detection與 Eavesdropping Behavior Analysis子系統。

    The very existence of Covert Channels on Android systems provides a pathway for stealthy data transfer between different Android APPs. Malicious Android APPs can utilize system resources such as screen brightness, volume and external storage to launch a covert channel communication. If no appropriate countermeasure is deployed, malicious Android Malware will use this approach to lower Android Permissions required to block each malware’s entry, secretly transmitting/receiving private data, and jeopardizing smartphone users’ privacy and information security.
    For the purpose of experiment and analysis for our anti-eavesdropping framework design, we implemented a test APP which integrates VoIP technology and an Android covert channel. In our conclusion, we propose a malware eavesdropping countermeasure solution composed of a Covert Channel Detection Subsystem and an Eavesdropping Behavior Analysis Subsystem.

    論文証明書 I 中文摘要 II English Abstract III 誌謝 IV 圖目錄 VII 表目錄 IX 第一章 緒論 1 1.1 研究背景 1 1.2 研究動機與目的 2 1.3 論文架構 8 第二章 文獻探討 9 2.1 智慧型手機對使用者隱私的潛在傷害 10 2.2 Android Permission 機制簡介 12 2.3 隱通道介紹 16 2.4 分析系統隱通道的經典方法 20 2.4.1 Shared Resource Matrix 20 2.4.2 Information Flow Analysis 21 2.5 現行有效偵測Android隱通道的系統 22 第三章 Anti-malicious Eavesdropping System (AES) 24 3.1 系統架構 24 3.2 隱通道即時竊聽軟體 26 3.3 利用隱通道進行的竊聽行為分析與偵測 29 3.4 Anti-malicious Eavesdropping System 30 3.4.1 Covert Channel Detection Subsystem 30 3.4.2 Eavesdropping Behavior Analysis Subsystem 35 第四章 系統驗證與結果討論 39 4.1 Android 隱通道特色分析 39 4.2 利用Android隱通道軟體之攻防測試 40 第五章 結論與未來工作 41 5.1 結論 41 5.2 未來工作 42 參考文獻 43

    [1]NICHOLAS KULISH, (2011,October 14), “Germans Condemn Police Use of Spyware”, [Online], Available : http://www.nytimes.com/2011/10/15/world/europe/uproar-in-germany-on-police-use-of-surveillance-software.html?_r=0
    [2]R. Schlegel et al., "Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones" in NDSS, February 2011.
    [3]IDC,( 2012, Jun 06), “ Android Expected to Reach Its Peak This Year as Mobile Phone Shipments Slow”, [Online], Available :http://www.idc.com/getdoc.jsp?containerId=prUS23523812
    [4]Robert Lemos,(2011, Oct 28), “Smartphone Sensors Pose Security Threat”,[Online], Available :http://www.informationweek.com/security/mobile/smartphone-sensors-pose-security-threat/231901851
    [5]IDC, (2012, Aug 08),“Android and iOS Surge to New Smartphone OS Record in Second Quarter”,[Online] , Available :http://www.idc.com/getdoc.jsp?containerId=prUS23638712#.UVrM8zD8nBY
    [6]X. J. Yajin Zhou. “Dissecting android malware: Characterization and evolution,” In Proceedings of the 33rd IEEE Symposium on Security and Privacy, May 2012.
    [7]B. W. Lampson, “A note on the confinement problem,” Communications of the ACM, vol. 16, no. 10, pp. 613–615, 1973.
    [8]Ellen Messmer,(2012, Aug 21),“Want security, privacy? Turn off that smartphone, tablet GPS”, [Online], Available : http://www.networkworld.com/news/2012/082112-gps-261824.html
    [9]Y. B. Lin, and M. H. Tsai, "Eavesdropping Through Mobile Phone," IEEE T. Veh. Tech., vol 56, pp. 3596-3600, 2007.
    [10]M. Frank, B. Dong, A. P. Felt, and D. Song. “Mining permission request patterns from android and facebook applications”. ICDM, 0:870-875, 2012
    [11]A. Shabtai, Y. Fledel, and Y. Elovici, “Automated Static Code Analysis for Classifying Android Applications Using Machine Learning,” 2010 International Conference on Computational Intelligence and Security, pp. 329–333, Dec. 2010. [Online]. Available: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=5696292
    [12]W. Dong-Jie, M. Ching-Hao, W. Te-En, L. Hahn-Ming, and W. Kuo-Ping, “DroidMat: Android malware detection through manifest and API calls tracing,” in Proc. Seventh Asia Joint Conference on Information Security(Asia JCIS), 2012, pp. 62-69.
    [13]H. Okhravi, S. Bak, and S.T. King, “Design, Implementation and Evaluation of Covert Channel Attacks,” in HST, Nov. 2010.
    [14]Richard A. Kemmerer, “Shared resource matrix methodology: an approach to identifying storage and timing channels”, ACM Transactions on Computer Systems (TOCS), v.1 n.3, p.256-277, August 1983
    [15]Dorothy E. Denning, “A lattice model of secure information flow,” Communications of the ACM, v.19 n.5, p.236-243, May 1976
    [16]O. Jung, M. Petraschek, T. Hoeher, I. Gojmerac, "Using SIP identity to prevent man-in-the-middle attacks on ZRTP," Wireless Days, 2008.
    [17]S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A.-R. Sadeghi. XManDroid: A new Android evolution to mitigate privilege escalation attacks. Technical Report TR-2011-04, Technische Universitat Darmstadt, April 2011.

    下載圖示 校內:2015-08-16公開
    校外:2015-08-16公開
    QR CODE