學術產出-Theses

Article View/Open

Publication Export

Google ScholarTM

政大圖書館

Citation Infomation

  • No doi shows Citation Infomation
題名 行動應用程式的函式行為分析
Distributed Call Sequence Counting on iOS Executable
作者 戴睿宸
Tai, Ruei Chen
貢獻者 郁方
Yu, Fang
戴睿宸
Tai, Ruei Chen
關鍵詞 呼叫序列
行動應用程式安全
字串分析
分散式運算
call sequence
mobile app security
syntax analysis
distributed computing
日期 2013
上傳時間 25-Aug-2014 15:15:42 (UTC+8)
摘要 本研究利用字串分析之方式對行動應用程式之執行檔進行靜態分析,進以偵測行動應用程式之行為。 本研究計算行動應用程式所呼叫特定系統函式之序列,進一步比對特定可疑行為模式並判定行動應用程式是否包含其可疑行為,由於進行此研究需要考慮行動應用程式執行檔中每一個系統函式的呼叫,因此增加了大量的計算複雜度,故需要大量的運算資源來進行,為了提高運算的效率,本研究採用了Hadoop 作為分散式運算的平台來達成可延展的分析系統,進以達成分析大量行動應用程式的目的,透過建立特定的行為模式庫,本研究已分析了上千個現實使用的行動應用程式,並提供其含有潛在可疑行為的分析報告。
This work presents a syntax analysis on the executable files of iOS apps to characterize and detect suspicious behaviors performed by the apps. The main idea is counting the appearances of call sequences in the apps which are resolved via reassembling the executable binaries. Since counting the call sequences of the app needs to consider different combinations of every function calls in the app, which significantly increases the complexity of the computing, it takes abundant computing power to bring out our analysis on massive apps on the market, to improve the performance and the effectiveness of our analysis, this work adopted a distributed computing algorithm via Hadoop framework achieving a scalable static syntax analysis which is able to process huge amount of modern apps. We learn the malicious behaviors pattern through comparing the pairs of normal and abnormal app which are identical except on certain behaviors we inserted. By matching the patterns with the call sequences we collected from the public apps, we characterized the behaviors of apps and report the suspicious behaviors carried potential security threats in the apps.
參考文獻 [1] 55% of Social Networking Consumption Occurs on A Mobile Device. (2013, February 27). MarketingCharts. Retrieved March 6, 2014, from http://www.marketingcharts.com/wp/interactive/55-of-social-networking-consumption-occurs-on-a-mobile-device-27327/.
[2] Android Market Terms of Service. (2012, February 16). Android Market Terms of Service. Retrieved March 6, 2014, from http://www.google.com/mobile/android/market-tos.html.
[3] Apache Hadoop. (n.d.). Apache Hadoop. Retrieved March 6, 2014, from http://hadoop.apache.org/
[4] Apple - Apple Customer Privacy Policy. (2013, August 1). Apple - Apple Customer Privacy Policy. Retrieved March 6, 2014, from http://www.apple.com/privacy/
[5] Apple App Store. (2013, October 22). Wikipedia. Retrieved March 6, 2014, from http://en.wikipedia.org/wiki/App_Store_(iOS)#cite_note-ios7-1.
[6] Apple Approves, Pulls Flashlight App with Hidden Tethering Mode. (2010, July 21). Wired. Retrieved March 7, 2014, from http://www.wired.com/gadgetlab/2010/07/apple-approves-pulls-flashlight%2dapp-with-hidden-tethering-mode/.
[7] Apple Developer. (n.d.). Xcode. Retrieved March 6, 2014, from http://developer.apple.com/xcode.
[8] Apple Store. (2010, March 1). Apple Store. Retrieved March 6, 2014, from http://store.apple.com/Catalog/US/Images/ADC_terms.html
[9] Babić, D., Reynaud, D., & Song, D. (2011, January). Malware analysis with tree automata inference. In Computer Aided Verification (pp. 116-131). Springer Berlin Heidelberg.
[10] Cydia. (n.d.). Cydia. Retrieved March 6, 2014, from http://cydia.saurik.com/.
[11] Dean, J., & Ghemawat, S. (2008). MapReduce: simplified data processing on large clusters. Communications of the ACM, 51(1), 107-113.
[12] Egele, M., Kruegel, C., Kirda, E., & Vigna, G. (2011, February). PiOS: Detecting Privacy Leaks in iOS Applications. In NDSS.
[13] Enck, W. H. (2011). Analysis techniques for mobile operating system security (Doctoral dissertation, The Pennsylvania State University).
[14] Enck, W. (2011). Defending users against smartphone apps: Techniques and future directions. In Information Systems Security (pp. 49-70). Springer Berlin Heidelberg.
[15] Enck, W., Gilbert, P., Chun, B. G., Cox, L. P., Jung, J., McDaniel, P., & Sheth, A. (2010, October). TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In OSDI (Vol. 10, pp. 1-6).
[16] Enck, W., Octeau, D., McDaniel, P., & Chaudhuri, S. (2011, August). A Study of Android Application Security. In USENIX Security Symposium.
[17] Felt, A. P., Finifter, M., Chin, E., Hanna, S., & Wagner, D. (2011, October). A survey of mobile malware in the wild. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (pp. 3-14). ACM.
[18] Gilbert, P., Chun, B. G., Cox, L. P., & Jung, J. (2011, June). Vision: automated security validation of mobile apps at app markets. In Proceedings of the second international workshop on Mobile cloud computing and services (pp. 21-26). ACM.
[19] IDA. (n.d.). IDA. Retrieved March 6, 2014, from https://www.hex-rays.com/products/ida/support/tutorials/index.shtml.
[20] Jones, C. (2013, December 11). Apple`s App Store About To Hit 1 Million Apps. Forbes. Retrieved March 6, 2014, from http://www.forbes.com/sites/chuckjones/2013/12/11/apples-app-store-about-to-hit-1-million-apps/.
[21] List of countries by number of mobile phones in use. (2014, May 3). Wikipedia. Retrieved March 6, 2014, from http://en.wikipedia.org/wiki/List_of_countries_by_number_of_mobile_phones_in_use
[22] Mac Developer Library. (2013, April 25). Mac Developer Library. Retrieved March 6, 2014, from http://developer.apple.com/library/mac/#documentation/Cocoa/Conceptual/ProgrammingWithObjectiveC/Introduction/Introduction.html.
[23] Mann, C., & Starostin, A. (2012, March). A framework for static detection of privacy leaks in android applications. In Proceedings of the 27th Annual ACM Symposium on Applied Computing (pp. 1457-1462). ACM.
[24] Media Consumption Estimates: Mobile > PC; Digital > TV. (2013, August 5). MarketingCharts. Retrieved March 6, 2014, from http://www.marketingcharts.com/wp/television/media-consumption-estimates-mobile-pc-digital-tv-35626/
[25] More Smartphones Were Shipped in Q1 2013 Than Feature Phones, An Industry First According to IDC - prUS24085413. (2013, April 25). More Smartphones Were Shipped in Q1 2013 Than Feature Phones, An Industry First According to IDC - prUS24085413. Retrieved March 6, 2014, from http://www.idc.com/getdoc.jsp?containerId=prUS24085413.
[26] NEWSBYTES.PH | Philippine smartphone adoption rate at 15%. (2013, September 18). Infotek News InterAksyoncom. Retrieved March 6, 2014, from http://www.interaksyon.com/infotech/newsbytes-ph-philippine-smartphone-adoption-rate-at-15.
[27] Newsroom. (2013, August 14). Gartner Says Smartphone Sales Grew 46.5 Percent in Second Quarter of 2013 and Exceeded Feature Phone Sales for First Time. Retrieved March 6, 2014, from http://www.gartner.com/newsroom/id/2573415.
[28] Newswire . (2013, December 16). Consumer Electronics Ownership Blasts Off in 201. Retrieved March 6, 2014, from http://www.nielsen.com/us/en/newswire/2013/consumer-electronics-ownership-blasts-off-in-2013.html.
[29] Newswire . (2013, June 6). Mobile Majority: U.S. Smartphone Ownership Tops 60%. Retrieved March 6, 2014, from http://www.nielsen.com/us/en/newswire/2013/mobile-majority--u-s--smartphone-ownership-tops-60-.html.
[30] Objective-C. (2014, May 3). Wikipedia. Retrieved March 6, 2014, from https://en.wikipedia.org/wiki/Objective-C.
[31] PC Users Increasingly Turning to Smart Devices for Web Browsing, Facebook Access. (2013, February 11). MarketingCharts. Retrieved March 6, 2014, from http://www.marketingcharts.com/wp/interactive/pc-users-increasingly-turning-to-smart-devices-for-web-browsing-facebook-access-26881/.
[32] Realtime Privacy Monitoring on Smartphones. (n.d.). TaintDroid:. Retrieved March 6, 2014, from http://appanalysis.org/
[33] Szydlowski, M., Egele, M., Kruegel, C., & Vigna, G. (2012). Challenges for dynamic analysis of iOS applications. In Open Problems in Network Security (pp. 65-77). Springer Berlin Heidelberg.
[34] Tablet Shipments Forecast to Top Total PC Shipments in the Fourth Quarter of 2013 and Annually by 2015, According to IDC - prUS24314413. (2013, September 11). Tablet Shipments Forecast to Top Total PC Shipments in the Fourth Quarter of 2013 and Annually by 2015, According to IDC - prUS24314413. Retrieved March 6, 2014, from http://www.idc.com/getdoc.jsp?containerId=prUS24314413.
[35] TERMS AND CONDITIONS. (2011, October 12). iTUNES STORE -. Retrieved March 6, 2014, from http://www.apple.com/legal/itunes/us/terms.html#APPS.
[36] The Four-Year Anniversary of the Apple App Store. (2013, April 17). DISTIMO. Retrieved March 7, 2014, from http://www.distimo.com/publications/archive/Distimo%20Publication%20-%20July%202012.pdf.
[37] The NPD Group. (2013, February 7). 37 Percent of PC Users Migrate Activities to Mobile Devices. Retrieved March 6, 2014, from https://www.npd.com/wps/portal/npd/us/news/press-releases/37-percent-of-pc-users-migrate-activities-to-mobile-devices-according-to-the-npd-group/.
[38] Wetherall, D., Choffnes, D., Greenstein, B., Han, S., Hornyack, P., Jung, J., ... & Wang, X. (2011, May). Privacy revelations for web and mobile apps. In Proceedings of the 13th USENIX conference on Hot topics in operating systems (pp. 21-21). USENIX Association.
[39] Zhou, Y., Wang, Z., Zhou, W., & Jiang, X. (2012, February). Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In Proceedings of the 19th Annual Network and Distributed System Security Symposium (pp. 5-8).
描述 碩士
國立政治大學
資訊管理研究所
100356023
102
資料來源 http://thesis.lib.nccu.edu.tw/record/#G0100356023
資料類型 thesis
dc.contributor.advisor 郁方zh_TW
dc.contributor.advisor Yu, Fangen_US
dc.contributor.author (Authors) 戴睿宸zh_TW
dc.contributor.author (Authors) Tai, Ruei Chenen_US
dc.creator (作者) 戴睿宸zh_TW
dc.creator (作者) Tai, Ruei Chenen_US
dc.date (日期) 2013en_US
dc.date.accessioned 25-Aug-2014 15:15:42 (UTC+8)-
dc.date.available 25-Aug-2014 15:15:42 (UTC+8)-
dc.date.issued (上傳時間) 25-Aug-2014 15:15:42 (UTC+8)-
dc.identifier (Other Identifiers) G0100356023en_US
dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/69192-
dc.description (描述) 碩士zh_TW
dc.description (描述) 國立政治大學zh_TW
dc.description (描述) 資訊管理研究所zh_TW
dc.description (描述) 100356023zh_TW
dc.description (描述) 102zh_TW
dc.description.abstract (摘要) 本研究利用字串分析之方式對行動應用程式之執行檔進行靜態分析,進以偵測行動應用程式之行為。 本研究計算行動應用程式所呼叫特定系統函式之序列,進一步比對特定可疑行為模式並判定行動應用程式是否包含其可疑行為,由於進行此研究需要考慮行動應用程式執行檔中每一個系統函式的呼叫,因此增加了大量的計算複雜度,故需要大量的運算資源來進行,為了提高運算的效率,本研究採用了Hadoop 作為分散式運算的平台來達成可延展的分析系統,進以達成分析大量行動應用程式的目的,透過建立特定的行為模式庫,本研究已分析了上千個現實使用的行動應用程式,並提供其含有潛在可疑行為的分析報告。zh_TW
dc.description.abstract (摘要) This work presents a syntax analysis on the executable files of iOS apps to characterize and detect suspicious behaviors performed by the apps. The main idea is counting the appearances of call sequences in the apps which are resolved via reassembling the executable binaries. Since counting the call sequences of the app needs to consider different combinations of every function calls in the app, which significantly increases the complexity of the computing, it takes abundant computing power to bring out our analysis on massive apps on the market, to improve the performance and the effectiveness of our analysis, this work adopted a distributed computing algorithm via Hadoop framework achieving a scalable static syntax analysis which is able to process huge amount of modern apps. We learn the malicious behaviors pattern through comparing the pairs of normal and abnormal app which are identical except on certain behaviors we inserted. By matching the patterns with the call sequences we collected from the public apps, we characterized the behaviors of apps and report the suspicious behaviors carried potential security threats in the apps.en_US
dc.description.tableofcontents Abstract i
Contents iv
List of figures v
List of tables vi
1. Introduction 1
2. Literature review 6
2.1. Malicious behaviors of mobile apps 6
2.2. Detecting malicious behaviors within apps 7
2.3. Distributed computing 9
3. Static binary analysis 11
3.1. Extract and decrypt binary 12
3.2. Dump assemble file of binary 15
3.3. Distributed computation on call sequences 17
4. Malicious behavior detection 22
4.1. Malicious behaviors 22
4.2. Characterize Malicious Behaviors on Counting Call Sequences 25
4.3. Pattern inclusion 27
5. Implementation 29
6. Evaluation 33
7. Conclusion 38
References 40
zh_TW
dc.format.extent 2854964 bytes-
dc.format.mimetype application/pdf-
dc.language.iso en_US-
dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0100356023en_US
dc.subject (關鍵詞) 呼叫序列zh_TW
dc.subject (關鍵詞) 行動應用程式安全zh_TW
dc.subject (關鍵詞) 字串分析zh_TW
dc.subject (關鍵詞) 分散式運算zh_TW
dc.subject (關鍵詞) call sequenceen_US
dc.subject (關鍵詞) mobile app securityen_US
dc.subject (關鍵詞) syntax analysisen_US
dc.subject (關鍵詞) distributed computingen_US
dc.title (題名) 行動應用程式的函式行為分析zh_TW
dc.title (題名) Distributed Call Sequence Counting on iOS Executableen_US
dc.type (資料類型) thesisen
dc.relation.reference (參考文獻) [1] 55% of Social Networking Consumption Occurs on A Mobile Device. (2013, February 27). MarketingCharts. Retrieved March 6, 2014, from http://www.marketingcharts.com/wp/interactive/55-of-social-networking-consumption-occurs-on-a-mobile-device-27327/.
[2] Android Market Terms of Service. (2012, February 16). Android Market Terms of Service. Retrieved March 6, 2014, from http://www.google.com/mobile/android/market-tos.html.
[3] Apache Hadoop. (n.d.). Apache Hadoop. Retrieved March 6, 2014, from http://hadoop.apache.org/
[4] Apple - Apple Customer Privacy Policy. (2013, August 1). Apple - Apple Customer Privacy Policy. Retrieved March 6, 2014, from http://www.apple.com/privacy/
[5] Apple App Store. (2013, October 22). Wikipedia. Retrieved March 6, 2014, from http://en.wikipedia.org/wiki/App_Store_(iOS)#cite_note-ios7-1.
[6] Apple Approves, Pulls Flashlight App with Hidden Tethering Mode. (2010, July 21). Wired. Retrieved March 7, 2014, from http://www.wired.com/gadgetlab/2010/07/apple-approves-pulls-flashlight%2dapp-with-hidden-tethering-mode/.
[7] Apple Developer. (n.d.). Xcode. Retrieved March 6, 2014, from http://developer.apple.com/xcode.
[8] Apple Store. (2010, March 1). Apple Store. Retrieved March 6, 2014, from http://store.apple.com/Catalog/US/Images/ADC_terms.html
[9] Babić, D., Reynaud, D., & Song, D. (2011, January). Malware analysis with tree automata inference. In Computer Aided Verification (pp. 116-131). Springer Berlin Heidelberg.
[10] Cydia. (n.d.). Cydia. Retrieved March 6, 2014, from http://cydia.saurik.com/.
[11] Dean, J., & Ghemawat, S. (2008). MapReduce: simplified data processing on large clusters. Communications of the ACM, 51(1), 107-113.
[12] Egele, M., Kruegel, C., Kirda, E., & Vigna, G. (2011, February). PiOS: Detecting Privacy Leaks in iOS Applications. In NDSS.
[13] Enck, W. H. (2011). Analysis techniques for mobile operating system security (Doctoral dissertation, The Pennsylvania State University).
[14] Enck, W. (2011). Defending users against smartphone apps: Techniques and future directions. In Information Systems Security (pp. 49-70). Springer Berlin Heidelberg.
[15] Enck, W., Gilbert, P., Chun, B. G., Cox, L. P., Jung, J., McDaniel, P., & Sheth, A. (2010, October). TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In OSDI (Vol. 10, pp. 1-6).
[16] Enck, W., Octeau, D., McDaniel, P., & Chaudhuri, S. (2011, August). A Study of Android Application Security. In USENIX Security Symposium.
[17] Felt, A. P., Finifter, M., Chin, E., Hanna, S., & Wagner, D. (2011, October). A survey of mobile malware in the wild. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (pp. 3-14). ACM.
[18] Gilbert, P., Chun, B. G., Cox, L. P., & Jung, J. (2011, June). Vision: automated security validation of mobile apps at app markets. In Proceedings of the second international workshop on Mobile cloud computing and services (pp. 21-26). ACM.
[19] IDA. (n.d.). IDA. Retrieved March 6, 2014, from https://www.hex-rays.com/products/ida/support/tutorials/index.shtml.
[20] Jones, C. (2013, December 11). Apple`s App Store About To Hit 1 Million Apps. Forbes. Retrieved March 6, 2014, from http://www.forbes.com/sites/chuckjones/2013/12/11/apples-app-store-about-to-hit-1-million-apps/.
[21] List of countries by number of mobile phones in use. (2014, May 3). Wikipedia. Retrieved March 6, 2014, from http://en.wikipedia.org/wiki/List_of_countries_by_number_of_mobile_phones_in_use
[22] Mac Developer Library. (2013, April 25). Mac Developer Library. Retrieved March 6, 2014, from http://developer.apple.com/library/mac/#documentation/Cocoa/Conceptual/ProgrammingWithObjectiveC/Introduction/Introduction.html.
[23] Mann, C., & Starostin, A. (2012, March). A framework for static detection of privacy leaks in android applications. In Proceedings of the 27th Annual ACM Symposium on Applied Computing (pp. 1457-1462). ACM.
[24] Media Consumption Estimates: Mobile > PC; Digital > TV. (2013, August 5). MarketingCharts. Retrieved March 6, 2014, from http://www.marketingcharts.com/wp/television/media-consumption-estimates-mobile-pc-digital-tv-35626/
[25] More Smartphones Were Shipped in Q1 2013 Than Feature Phones, An Industry First According to IDC - prUS24085413. (2013, April 25). More Smartphones Were Shipped in Q1 2013 Than Feature Phones, An Industry First According to IDC - prUS24085413. Retrieved March 6, 2014, from http://www.idc.com/getdoc.jsp?containerId=prUS24085413.
[26] NEWSBYTES.PH | Philippine smartphone adoption rate at 15%. (2013, September 18). Infotek News InterAksyoncom. Retrieved March 6, 2014, from http://www.interaksyon.com/infotech/newsbytes-ph-philippine-smartphone-adoption-rate-at-15.
[27] Newsroom. (2013, August 14). Gartner Says Smartphone Sales Grew 46.5 Percent in Second Quarter of 2013 and Exceeded Feature Phone Sales for First Time. Retrieved March 6, 2014, from http://www.gartner.com/newsroom/id/2573415.
[28] Newswire . (2013, December 16). Consumer Electronics Ownership Blasts Off in 201. Retrieved March 6, 2014, from http://www.nielsen.com/us/en/newswire/2013/consumer-electronics-ownership-blasts-off-in-2013.html.
[29] Newswire . (2013, June 6). Mobile Majority: U.S. Smartphone Ownership Tops 60%. Retrieved March 6, 2014, from http://www.nielsen.com/us/en/newswire/2013/mobile-majority--u-s--smartphone-ownership-tops-60-.html.
[30] Objective-C. (2014, May 3). Wikipedia. Retrieved March 6, 2014, from https://en.wikipedia.org/wiki/Objective-C.
[31] PC Users Increasingly Turning to Smart Devices for Web Browsing, Facebook Access. (2013, February 11). MarketingCharts. Retrieved March 6, 2014, from http://www.marketingcharts.com/wp/interactive/pc-users-increasingly-turning-to-smart-devices-for-web-browsing-facebook-access-26881/.
[32] Realtime Privacy Monitoring on Smartphones. (n.d.). TaintDroid:. Retrieved March 6, 2014, from http://appanalysis.org/
[33] Szydlowski, M., Egele, M., Kruegel, C., & Vigna, G. (2012). Challenges for dynamic analysis of iOS applications. In Open Problems in Network Security (pp. 65-77). Springer Berlin Heidelberg.
[34] Tablet Shipments Forecast to Top Total PC Shipments in the Fourth Quarter of 2013 and Annually by 2015, According to IDC - prUS24314413. (2013, September 11). Tablet Shipments Forecast to Top Total PC Shipments in the Fourth Quarter of 2013 and Annually by 2015, According to IDC - prUS24314413. Retrieved March 6, 2014, from http://www.idc.com/getdoc.jsp?containerId=prUS24314413.
[35] TERMS AND CONDITIONS. (2011, October 12). iTUNES STORE -. Retrieved March 6, 2014, from http://www.apple.com/legal/itunes/us/terms.html#APPS.
[36] The Four-Year Anniversary of the Apple App Store. (2013, April 17). DISTIMO. Retrieved March 7, 2014, from http://www.distimo.com/publications/archive/Distimo%20Publication%20-%20July%202012.pdf.
[37] The NPD Group. (2013, February 7). 37 Percent of PC Users Migrate Activities to Mobile Devices. Retrieved March 6, 2014, from https://www.npd.com/wps/portal/npd/us/news/press-releases/37-percent-of-pc-users-migrate-activities-to-mobile-devices-according-to-the-npd-group/.
[38] Wetherall, D., Choffnes, D., Greenstein, B., Han, S., Hornyack, P., Jung, J., ... & Wang, X. (2011, May). Privacy revelations for web and mobile apps. In Proceedings of the 13th USENIX conference on Hot topics in operating systems (pp. 21-21). USENIX Association.
[39] Zhou, Y., Wang, Z., Zhou, W., & Jiang, X. (2012, February). Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In Proceedings of the 19th Annual Network and Distributed System Security Symposium (pp. 5-8).
zh_TW