行動應用程式的函式行為分析

學術產出-Theses

Article View/Open

pdf(213)

Publication Export

Google Scholar^TM

政大圖書館

學術資源探索系統

Citation Infomation

No doi shows Citation Infomation

Simple Record
Full Record

題名	行動應用程式的函式行為分析 Distributed Call Sequence Counting on iOS Executable
作者	戴睿宸 Tai, Ruei Chen
貢獻者	郁方 Yu, Fang 戴睿宸 Tai, Ruei Chen
關鍵詞	呼叫序列行動應用程式安全字串分析分散式運算 call sequence mobile app security syntax analysis distributed computing
日期	2013
上傳時間	25-Aug-2014 15:15:42 (UTC+8)
摘要	本研究利用字串分析之方式對行動應用程式之執行檔進行靜態分析，進以偵測行動應用程式之行為。本研究計算行動應用程式所呼叫特定系統函式之序列，進一步比對特定可疑行為模式並判定行動應用程式是否包含其可疑行為，由於進行此研究需要考慮行動應用程式執行檔中每一個系統函式的呼叫，因此增加了大量的計算複雜度，故需要大量的運算資源來進行，為了提高運算的效率，本研究採用了Hadoop 作為分散式運算的平台來達成可延展的分析系統，進以達成分析大量行動應用程式的目的，透過建立特定的行為模式庫，本研究已分析了上千個現實使用的行動應用程式，並提供其含有潛在可疑行為的分析報告。 This work presents a syntax analysis on the executable files of iOS apps to characterize and detect suspicious behaviors performed by the apps. The main idea is counting the appearances of call sequences in the apps which are resolved via reassembling the executable binaries. Since counting the call sequences of the app needs to consider different combinations of every function calls in the app, which significantly increases the complexity of the computing, it takes abundant computing power to bring out our analysis on massive apps on the market, to improve the performance and the effectiveness of our analysis, this work adopted a distributed computing algorithm via Hadoop framework achieving a scalable static syntax analysis which is able to process huge amount of modern apps. We learn the malicious behaviors pattern through comparing the pairs of normal and abnormal app which are identical except on certain behaviors we inserted. By matching the patterns with the call sequences we collected from the public apps, we characterized the behaviors of apps and report the suspicious behaviors carried potential security threats in the apps.
參考文獻	[1] 55% of Social Networking Consumption Occurs on A Mobile Device. (2013, February 27). MarketingCharts. Retrieved March 6, 2014, from http://www.marketingcharts.com/wp/interactive/55-of-social-networking-consumption-occurs-on-a-mobile-device-27327/. [2] Android Market Terms of Service. (2012, February 16). Android Market Terms of Service. Retrieved March 6, 2014, from http://www.google.com/mobile/android/market-tos.html. [3] Apache Hadoop. (n.d.). Apache Hadoop. Retrieved March 6, 2014, from http://hadoop.apache.org/ [4] Apple - Apple Customer Privacy Policy. (2013, August 1). Apple - Apple Customer Privacy Policy. Retrieved March 6, 2014, from http://www.apple.com/privacy/ [5] Apple App Store. (2013, October 22). Wikipedia. Retrieved March 6, 2014, from http://en.wikipedia.org/wiki/App_Store_(iOS)#cite_note-ios7-1. [6] Apple Approves, Pulls Flashlight App with Hidden Tethering Mode. (2010, July 21). Wired. Retrieved March 7, 2014, from http://www.wired.com/gadgetlab/2010/07/apple-approves-pulls-flashlight%2dapp-with-hidden-tethering-mode/. [7] Apple Developer. (n.d.). Xcode. Retrieved March 6, 2014, from http://developer.apple.com/xcode. [8] Apple Store. (2010, March 1). Apple Store. Retrieved March 6, 2014, from http://store.apple.com/Catalog/US/Images/ADC_terms.html [9] Babić, D., Reynaud, D., & Song, D. (2011, January). Malware analysis with tree automata inference. In Computer Aided Verification (pp. 116-131). Springer Berlin Heidelberg. [10] Cydia. (n.d.). Cydia. Retrieved March 6, 2014, from http://cydia.saurik.com/. [11] Dean, J., & Ghemawat, S. (2008). MapReduce: simplified data processing on large clusters. Communications of the ACM, 51(1), 107-113. [12] Egele, M., Kruegel, C., Kirda, E., & Vigna, G. (2011, February). PiOS: Detecting Privacy Leaks in iOS Applications. In NDSS. [13] Enck, W. H. (2011). Analysis techniques for mobile operating system security (Doctoral dissertation, The Pennsylvania State University). [14] Enck, W. (2011). Defending users against smartphone apps: Techniques and future directions. In Information Systems Security (pp. 49-70). Springer Berlin Heidelberg. [15] Enck, W., Gilbert, P., Chun, B. G., Cox, L. P., Jung, J., McDaniel, P., & Sheth, A. (2010, October). TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In OSDI (Vol. 10, pp. 1-6). [16] Enck, W., Octeau, D., McDaniel, P., & Chaudhuri, S. (2011, August). A Study of Android Application Security. In USENIX Security Symposium. [17] Felt, A. P., Finifter, M., Chin, E., Hanna, S., & Wagner, D. (2011, October). A survey of mobile malware in the wild. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (pp. 3-14). ACM. [18] Gilbert, P., Chun, B. G., Cox, L. P., & Jung, J. (2011, June). Vision: automated security validation of mobile apps at app markets. In Proceedings of the second international workshop on Mobile cloud computing and services (pp. 21-26). ACM. [19] IDA. (n.d.). IDA. Retrieved March 6, 2014, from https://www.hex-rays.com/products/ida/support/tutorials/index.shtml. [20] Jones, C. (2013, December 11). Apple`s App Store About To Hit 1 Million Apps. Forbes. Retrieved March 6, 2014, from http://www.forbes.com/sites/chuckjones/2013/12/11/apples-app-store-about-to-hit-1-million-apps/. [21] List of countries by number of mobile phones in use. (2014, May 3). Wikipedia. Retrieved March 6, 2014, from http://en.wikipedia.org/wiki/List_of_countries_by_number_of_mobile_phones_in_use [22] Mac Developer Library. (2013, April 25). Mac Developer Library. Retrieved March 6, 2014, from http://developer.apple.com/library/mac/#documentation/Cocoa/Conceptual/ProgrammingWithObjectiveC/Introduction/Introduction.html. [23] Mann, C., & Starostin, A. (2012, March). A framework for static detection of privacy leaks in android applications. In Proceedings of the 27th Annual ACM Symposium on Applied Computing (pp. 1457-1462). ACM. [24] Media Consumption Estimates: Mobile > PC; Digital > TV. (2013, August 5). MarketingCharts. Retrieved March 6, 2014, from http://www.marketingcharts.com/wp/television/media-consumption-estimates-mobile-pc-digital-tv-35626/ [25] More Smartphones Were Shipped in Q1 2013 Than Feature Phones, An Industry First According to IDC - prUS24085413. (2013, April 25). More Smartphones Were Shipped in Q1 2013 Than Feature Phones, An Industry First According to IDC - prUS24085413. Retrieved March 6, 2014, from http://www.idc.com/getdoc.jsp?containerId=prUS24085413. [26] NEWSBYTES.PH \| Philippine smartphone adoption rate at 15%. (2013, September 18). Infotek News InterAksyoncom. Retrieved March 6, 2014, from http://www.interaksyon.com/infotech/newsbytes-ph-philippine-smartphone-adoption-rate-at-15. [27] Newsroom. (2013, August 14). Gartner Says Smartphone Sales Grew 46.5 Percent in Second Quarter of 2013 and Exceeded Feature Phone Sales for First Time. Retrieved March 6, 2014, from http://www.gartner.com/newsroom/id/2573415. [28] Newswire . (2013, December 16). Consumer Electronics Ownership Blasts Off in 201. Retrieved March 6, 2014, from http://www.nielsen.com/us/en/newswire/2013/consumer-electronics-ownership-blasts-off-in-2013.html. [29] Newswire . (2013, June 6). Mobile Majority: U.S. Smartphone Ownership Tops 60%. Retrieved March 6, 2014, from http://www.nielsen.com/us/en/newswire/2013/mobile-majority--u-s--smartphone-ownership-tops-60-.html. [30] Objective-C. (2014, May 3). Wikipedia. Retrieved March 6, 2014, from https://en.wikipedia.org/wiki/Objective-C. [31] PC Users Increasingly Turning to Smart Devices for Web Browsing, Facebook Access. (2013, February 11). MarketingCharts. Retrieved March 6, 2014, from http://www.marketingcharts.com/wp/interactive/pc-users-increasingly-turning-to-smart-devices-for-web-browsing-facebook-access-26881/. [32] Realtime Privacy Monitoring on Smartphones. (n.d.). TaintDroid:. Retrieved March 6, 2014, from http://appanalysis.org/ [33] Szydlowski, M., Egele, M., Kruegel, C., & Vigna, G. (2012). Challenges for dynamic analysis of iOS applications. In Open Problems in Network Security (pp. 65-77). Springer Berlin Heidelberg. [34] Tablet Shipments Forecast to Top Total PC Shipments in the Fourth Quarter of 2013 and Annually by 2015, According to IDC - prUS24314413. (2013, September 11). Tablet Shipments Forecast to Top Total PC Shipments in the Fourth Quarter of 2013 and Annually by 2015, According to IDC - prUS24314413. Retrieved March 6, 2014, from http://www.idc.com/getdoc.jsp?containerId=prUS24314413. [35] TERMS AND CONDITIONS. (2011, October 12). iTUNES STORE -. Retrieved March 6, 2014, from http://www.apple.com/legal/itunes/us/terms.html#APPS. [36] The Four-Year Anniversary of the Apple App Store. (2013, April 17). DISTIMO. Retrieved March 7, 2014, from http://www.distimo.com/publications/archive/Distimo%20Publication%20-%20July%202012.pdf. [37] The NPD Group. (2013, February 7). 37 Percent of PC Users Migrate Activities to Mobile Devices. Retrieved March 6, 2014, from https://www.npd.com/wps/portal/npd/us/news/press-releases/37-percent-of-pc-users-migrate-activities-to-mobile-devices-according-to-the-npd-group/. [38] Wetherall, D., Choffnes, D., Greenstein, B., Han, S., Hornyack, P., Jung, J., ... & Wang, X. (2011, May). Privacy revelations for web and mobile apps. In Proceedings of the 13th USENIX conference on Hot topics in operating systems (pp. 21-21). USENIX Association. [39] Zhou, Y., Wang, Z., Zhou, W., & Jiang, X. (2012, February). Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In Proceedings of the 19th Annual Network and Distributed System Security Symposium (pp. 5-8).
描述	碩士國立政治大學資訊管理研究所 100356023 102
資料來源	http://thesis.lib.nccu.edu.tw/record/#G0100356023
資料類型	thesis

dc.contributor.advisor	郁方	zh_TW
dc.contributor.advisor	Yu, Fang	en_US
dc.contributor.author (Authors)	戴睿宸	zh_TW
dc.contributor.author (Authors)	Tai, Ruei Chen	en_US
dc.creator (作者)	戴睿宸	zh_TW
dc.creator (作者)	Tai, Ruei Chen	en_US
dc.date (日期)	2013	en_US
dc.date.accessioned	25-Aug-2014 15:15:42 (UTC+8)	-
dc.date.available	25-Aug-2014 15:15:42 (UTC+8)	-
dc.date.issued (上傳時間)	25-Aug-2014 15:15:42 (UTC+8)	-
dc.identifier (Other Identifiers)	G0100356023	en_US
dc.identifier.uri (URI)	http://nccur.lib.nccu.edu.tw/handle/140.119/69192	-
dc.description (描述)	碩士	zh_TW
dc.description (描述)	國立政治大學	zh_TW
dc.description (描述)	資訊管理研究所	zh_TW
dc.description (描述)	100356023	zh_TW
dc.description (描述)	102	zh_TW
dc.description.abstract (摘要)	本研究利用字串分析之方式對行動應用程式之執行檔進行靜態分析，進以偵測行動應用程式之行為。本研究計算行動應用程式所呼叫特定系統函式之序列，進一步比對特定可疑行為模式並判定行動應用程式是否包含其可疑行為，由於進行此研究需要考慮行動應用程式執行檔中每一個系統函式的呼叫，因此增加了大量的計算複雜度，故需要大量的運算資源來進行，為了提高運算的效率，本研究採用了Hadoop 作為分散式運算的平台來達成可延展的分析系統，進以達成分析大量行動應用程式的目的，透過建立特定的行為模式庫，本研究已分析了上千個現實使用的行動應用程式，並提供其含有潛在可疑行為的分析報告。	zh_TW
dc.description.abstract (摘要)	This work presents a syntax analysis on the executable files of iOS apps to characterize and detect suspicious behaviors performed by the apps. The main idea is counting the appearances of call sequences in the apps which are resolved via reassembling the executable binaries. Since counting the call sequences of the app needs to consider different combinations of every function calls in the app, which significantly increases the complexity of the computing, it takes abundant computing power to bring out our analysis on massive apps on the market, to improve the performance and the effectiveness of our analysis, this work adopted a distributed computing algorithm via Hadoop framework achieving a scalable static syntax analysis which is able to process huge amount of modern apps. We learn the malicious behaviors pattern through comparing the pairs of normal and abnormal app which are identical except on certain behaviors we inserted. By matching the patterns with the call sequences we collected from the public apps, we characterized the behaviors of apps and report the suspicious behaviors carried potential security threats in the apps.	en_US
dc.description.tableofcontents	Abstract i Contents iv List of figures v List of tables vi 1. Introduction 1 2. Literature review 6 2.1. Malicious behaviors of mobile apps 6 2.2. Detecting malicious behaviors within apps 7 2.3. Distributed computing 9 3. Static binary analysis 11 3.1. Extract and decrypt binary 12 3.2. Dump assemble file of binary 15 3.3. Distributed computation on call sequences 17 4. Malicious behavior detection 22 4.1. Malicious behaviors 22 4.2. Characterize Malicious Behaviors on Counting Call Sequences 25 4.3. Pattern inclusion 27 5. Implementation 29 6. Evaluation 33 7. Conclusion 38 References 40	zh_TW
dc.format.extent	2854964 bytes	-
dc.format.mimetype	application/pdf	-
dc.language.iso	en_US	-
dc.source.uri (資料來源)	http://thesis.lib.nccu.edu.tw/record/#G0100356023	en_US
dc.subject (關鍵詞)	呼叫序列	zh_TW
dc.subject (關鍵詞)	行動應用程式安全	zh_TW
dc.subject (關鍵詞)	字串分析	zh_TW
dc.subject (關鍵詞)	分散式運算	zh_TW
dc.subject (關鍵詞)	call sequence	en_US
dc.subject (關鍵詞)	mobile app security	en_US
dc.subject (關鍵詞)	syntax analysis	en_US
dc.subject (關鍵詞)	distributed computing	en_US
dc.title (題名)	行動應用程式的函式行為分析	zh_TW
dc.title (題名)	Distributed Call Sequence Counting on iOS Executable	en_US
dc.type (資料類型)	thesis	en
dc.relation.reference (參考文獻)	[1] 55% of Social Networking Consumption Occurs on A Mobile Device. (2013, February 27). MarketingCharts. Retrieved March 6, 2014, from http://www.marketingcharts.com/wp/interactive/55-of-social-networking-consumption-occurs-on-a-mobile-device-27327/. [2] Android Market Terms of Service. (2012, February 16). Android Market Terms of Service. Retrieved March 6, 2014, from http://www.google.com/mobile/android/market-tos.html. [3] Apache Hadoop. (n.d.). Apache Hadoop. Retrieved March 6, 2014, from http://hadoop.apache.org/ [4] Apple - Apple Customer Privacy Policy. (2013, August 1). Apple - Apple Customer Privacy Policy. Retrieved March 6, 2014, from http://www.apple.com/privacy/ [5] Apple App Store. (2013, October 22). Wikipedia. Retrieved March 6, 2014, from http://en.wikipedia.org/wiki/App_Store_(iOS)#cite_note-ios7-1. [6] Apple Approves, Pulls Flashlight App with Hidden Tethering Mode. (2010, July 21). Wired. Retrieved March 7, 2014, from http://www.wired.com/gadgetlab/2010/07/apple-approves-pulls-flashlight%2dapp-with-hidden-tethering-mode/. [7] Apple Developer. (n.d.). Xcode. Retrieved March 6, 2014, from http://developer.apple.com/xcode. [8] Apple Store. (2010, March 1). Apple Store. Retrieved March 6, 2014, from http://store.apple.com/Catalog/US/Images/ADC_terms.html [9] Babić, D., Reynaud, D., & Song, D. (2011, January). Malware analysis with tree automata inference. In Computer Aided Verification (pp. 116-131). Springer Berlin Heidelberg. [10] Cydia. (n.d.). Cydia. Retrieved March 6, 2014, from http://cydia.saurik.com/. [11] Dean, J., & Ghemawat, S. (2008). MapReduce: simplified data processing on large clusters. Communications of the ACM, 51(1), 107-113. [12] Egele, M., Kruegel, C., Kirda, E., & Vigna, G. (2011, February). PiOS: Detecting Privacy Leaks in iOS Applications. In NDSS. [13] Enck, W. H. (2011). Analysis techniques for mobile operating system security (Doctoral dissertation, The Pennsylvania State University). [14] Enck, W. (2011). Defending users against smartphone apps: Techniques and future directions. In Information Systems Security (pp. 49-70). Springer Berlin Heidelberg. [15] Enck, W., Gilbert, P., Chun, B. G., Cox, L. P., Jung, J., McDaniel, P., & Sheth, A. (2010, October). TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In OSDI (Vol. 10, pp. 1-6). [16] Enck, W., Octeau, D., McDaniel, P., & Chaudhuri, S. (2011, August). A Study of Android Application Security. In USENIX Security Symposium. [17] Felt, A. P., Finifter, M., Chin, E., Hanna, S., & Wagner, D. (2011, October). A survey of mobile malware in the wild. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (pp. 3-14). ACM. [18] Gilbert, P., Chun, B. G., Cox, L. P., & Jung, J. (2011, June). Vision: automated security validation of mobile apps at app markets. In Proceedings of the second international workshop on Mobile cloud computing and services (pp. 21-26). ACM. [19] IDA. (n.d.). IDA. Retrieved March 6, 2014, from https://www.hex-rays.com/products/ida/support/tutorials/index.shtml. [20] Jones, C. (2013, December 11). Apple`s App Store About To Hit 1 Million Apps. Forbes. Retrieved March 6, 2014, from http://www.forbes.com/sites/chuckjones/2013/12/11/apples-app-store-about-to-hit-1-million-apps/. [21] List of countries by number of mobile phones in use. (2014, May 3). Wikipedia. Retrieved March 6, 2014, from http://en.wikipedia.org/wiki/List_of_countries_by_number_of_mobile_phones_in_use [22] Mac Developer Library. (2013, April 25). Mac Developer Library. Retrieved March 6, 2014, from http://developer.apple.com/library/mac/#documentation/Cocoa/Conceptual/ProgrammingWithObjectiveC/Introduction/Introduction.html. [23] Mann, C., & Starostin, A. (2012, March). A framework for static detection of privacy leaks in android applications. In Proceedings of the 27th Annual ACM Symposium on Applied Computing (pp. 1457-1462). ACM. [24] Media Consumption Estimates: Mobile > PC; Digital > TV. (2013, August 5). MarketingCharts. Retrieved March 6, 2014, from http://www.marketingcharts.com/wp/television/media-consumption-estimates-mobile-pc-digital-tv-35626/ [25] More Smartphones Were Shipped in Q1 2013 Than Feature Phones, An Industry First According to IDC - prUS24085413. (2013, April 25). More Smartphones Were Shipped in Q1 2013 Than Feature Phones, An Industry First According to IDC - prUS24085413. Retrieved March 6, 2014, from http://www.idc.com/getdoc.jsp?containerId=prUS24085413. [26] NEWSBYTES.PH \| Philippine smartphone adoption rate at 15%. (2013, September 18). Infotek News InterAksyoncom. Retrieved March 6, 2014, from http://www.interaksyon.com/infotech/newsbytes-ph-philippine-smartphone-adoption-rate-at-15. [27] Newsroom. (2013, August 14). Gartner Says Smartphone Sales Grew 46.5 Percent in Second Quarter of 2013 and Exceeded Feature Phone Sales for First Time. Retrieved March 6, 2014, from http://www.gartner.com/newsroom/id/2573415. [28] Newswire . (2013, December 16). Consumer Electronics Ownership Blasts Off in 201. Retrieved March 6, 2014, from http://www.nielsen.com/us/en/newswire/2013/consumer-electronics-ownership-blasts-off-in-2013.html. [29] Newswire . (2013, June 6). Mobile Majority: U.S. Smartphone Ownership Tops 60%. Retrieved March 6, 2014, from http://www.nielsen.com/us/en/newswire/2013/mobile-majority--u-s--smartphone-ownership-tops-60-.html. [30] Objective-C. (2014, May 3). Wikipedia. Retrieved March 6, 2014, from https://en.wikipedia.org/wiki/Objective-C. [31] PC Users Increasingly Turning to Smart Devices for Web Browsing, Facebook Access. (2013, February 11). MarketingCharts. Retrieved March 6, 2014, from http://www.marketingcharts.com/wp/interactive/pc-users-increasingly-turning-to-smart-devices-for-web-browsing-facebook-access-26881/. [32] Realtime Privacy Monitoring on Smartphones. (n.d.). TaintDroid:. Retrieved March 6, 2014, from http://appanalysis.org/ [33] Szydlowski, M., Egele, M., Kruegel, C., & Vigna, G. (2012). Challenges for dynamic analysis of iOS applications. In Open Problems in Network Security (pp. 65-77). Springer Berlin Heidelberg. [34] Tablet Shipments Forecast to Top Total PC Shipments in the Fourth Quarter of 2013 and Annually by 2015, According to IDC - prUS24314413. (2013, September 11). Tablet Shipments Forecast to Top Total PC Shipments in the Fourth Quarter of 2013 and Annually by 2015, According to IDC - prUS24314413. Retrieved March 6, 2014, from http://www.idc.com/getdoc.jsp?containerId=prUS24314413. [35] TERMS AND CONDITIONS. (2011, October 12). iTUNES STORE -. Retrieved March 6, 2014, from http://www.apple.com/legal/itunes/us/terms.html#APPS. [36] The Four-Year Anniversary of the Apple App Store. (2013, April 17). DISTIMO. Retrieved March 7, 2014, from http://www.distimo.com/publications/archive/Distimo%20Publication%20-%20July%202012.pdf. [37] The NPD Group. (2013, February 7). 37 Percent of PC Users Migrate Activities to Mobile Devices. Retrieved March 6, 2014, from https://www.npd.com/wps/portal/npd/us/news/press-releases/37-percent-of-pc-users-migrate-activities-to-mobile-devices-according-to-the-npd-group/. [38] Wetherall, D., Choffnes, D., Greenstein, B., Han, S., Hornyack, P., Jung, J., ... & Wang, X. (2011, May). Privacy revelations for web and mobile apps. In Proceedings of the 13th USENIX conference on Hot topics in operating systems (pp. 21-21). USENIX Association. [39] Zhou, Y., Wang, Z., Zhou, W., & Jiang, X. (2012, February). Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In Proceedings of the 19th Annual Network and Distributed System Security Symposium (pp. 5-8).	zh_TW

學術產出-Theses

Article View/Open

Publication Export

Google ScholarTM

政大圖書館

Citation Infomation

Google Scholar^TM