本研究利用字串分析之方式對行動應用程式之執行檔進行靜態分析,進以偵測行動應用程式之行為。 本研究計算行動應用程式所呼叫特定系統函式之序列,進一步比對特定可疑行為模式並判定行動應用程式是否包含其可疑行為,由於進行此研究需要考慮行動應用程式執行檔中每一個系統函式的呼叫,因此增加了大量的計算複雜度,故需要大量的運算資源來進行,為了提高運算的效率,本研究採用了Hadoop 作為分散式運算的平台來達成可延展的分析系統,進以達成分析大量行動應用程式的目的,透過建立特定的行為模式庫,本研究已分析了上千個現實使用的行動應用程式,並提供其含有潛在可疑行為的分析報告。 / This work presents a syntax analysis on the executable files of iOS apps to characterize and detect suspicious behaviors performed by the apps. The main idea is counting the appearances of call sequences in the apps which are resolved via reassembling the executable binaries. Since counting the call sequences of the app needs to consider different combinations of every function calls in the app, which significantly increases the complexity of the computing, it takes abundant computing power to bring out our analysis on massive apps on the market, to improve the performance and the effectiveness of our analysis, this work adopted a distributed computing algorithm via Hadoop framework achieving a scalable static syntax analysis which is able to process huge amount of modern apps. We learn the malicious behaviors pattern through comparing the pairs of normal and abnormal app which are identical except on certain behaviors we inserted. By matching the patterns with the call sequences we collected from the public apps, we characterized the behaviors of apps and report the suspicious behaviors carried potential security threats in the apps.
| Identifer | oai:union.ndltd.org:CHENGCHI/G0100356023 |
| Creators | 戴睿宸, Tai, Ruei Chen |
| Publisher | 國立政治大學 |
| Source Sets | National Chengchi University Libraries |
| Language | 英文 |
| Detected Language | English |
| Type | text |
| Rights | Copyright © nccu library on behalf of the copyright holders |
Page generated in 0.0022 seconds