摘要(中) |
手機隨著科技的發展,功能越來越多,運算處理能力也越強,讓手機躍身一變為智慧型的行動裝置。而今日加上行動網路的盛行,使得智慧型手機在生活中扮演舉足輕重的角色,裝置內存有使用者的語音通聯、簡訊、電子商務、個人隱私等資訊,在在顯示其重要性。
正因為如此 有心人士透過惡意程式或應用程式漏洞來竊取智慧型手機內機,敏資訊或個人隱私,也與日俱增,所以對於智慧型手機安全的議題,一直為大眾關注焦點,亦是本論文探討重點,尤以目前市面上佔有率最高的 Andorid 系統為主要研究目標,設計一個自動化 Android 惡意程式檢測帄台,並在手機上開發安全分析模組,及結合 SDN 提供簡易的安全防護機制,避免因 Android 惡意程式,造成手機內相關重要機敏資訊外洩或遭有心人士竊取。 |
參考文獻 |
參考文獻
[1]IDC。2015年10月3日取自http://www.idc.com/prodserv/smartphone-market-share.jsp
[2]Arxan:State of Mobile App Security. https://www.arxan.com/wp-content/uploads/assets1/pdf/State_of_Mobile_App_Security_2014_final.pdf
[3]“OWASP Mobile Security Project,” https://www.owasp.org/index.php/OWASP_Mobile_Security_Project
[4]“Top Ten Smartphone Risks — ENISA,” https://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-applications/smartphone-security-1/top-ten-risks
[5]“Smartphones: Information security risks, opportunities and recommendations for users,” ENISA, Heraklion, Greece, Dec. 2010.
[6]“NetSafe Smartphone Security Report 2014,” http://smartphones.netsafe.org.nz/Smartphone-Security-Report-2014.pdf
[7]許博學,探討Android系統安全機制,正修學報,卷 26,頁 75-84,Oct.2013。
[8]Android Security Team, “Android Security Overview, ” Dec. 2011.
[9]Lockheimer, H., “Android and Security, ” Feb. 2012, http://googlemobile.blogspot.com/2012/02/android-and-security.html
[10]W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification[C]. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), Chicago, Illinois, USA, November 9-13, 2009, 235-245.
[11]Wei Tang, Guang Jin, Jiaming He, Xianliang Jiang, “Extending Android Security Enforcement with A Security Distance Model,” in IEEE International Conference on iTAP, Aug. 2011.
[12]Cesare, Silvio, Yang Xiang, “Malware Varant Detection Using Similarity Search over Sets of Control Flow Graphs,” in IEEE International Conference on TrustCom, Nov. 2011.
[13]Iker Burguera, Urko Zurutuza, Simin Nadjm-Tehrani, “Crowdroid: behavior-based malware detection system for Android”, SPSM, p 15-26, New York, USA, 2011.
[14]A. Schmidt, H. Schmidt, J. Clausen, K. Ali, O. Kiraz, A. Camtepe and S. Albayrak. Enhancing security of Linux-based Android devices[C]. In Proceedings of the 15th International Linux System Technology Conference, Hamburg, Germany, October 7-10, 2008, 174-189.
[15]A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, Y. Weiss. “Andromaly”: a behavioral malware detection framework for Android devices[J]. Journal of Intelligent Information Systems. 2012, 38(1): 161-190.
[16]W. Enck, and P. Gilbert. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones[C]. In Proceedings of USENIX Symposium on Operating Systems Design and Implementation (OSDI), Berkeley, California, USA, 2010, 24-38.
[17]A. Bose and K. Shin. Proactive security for mobile messaging networks[C]. In Proceedings of the 5th ACM workshop on Wireless security (WiSe), Los Angeles, California, USA, September 29, 2006, 95-104.
[18]蔡立倫,“整合靜態分析及動態分析結果作為機器學習標準的Android惡意程式偵測系統”,國立交通大學,碩士論文,民國103年9月。
[19]Android Developers https://developer.android.com/reference/android/Manifest.permission.html
[20]謝維揚,“MalCatcher:以存取以及網路洩漏隱私資料行為為基礎的Android上惡意程式行為偵測”,國立交通大學,碩士論文,民國102年6月。
[21]ARFF格式解釋,http://www.cs.waikato.ac.nz/ml/weka/arff.htm
[22]K. Greene, "Software-defined networking," Technology review – the 10 emerging technologies of 2009, March 2009.
[23]Software-Defined Networking (SDN) Definition.https://www.opennetworking.org/sdn-resources/sdn-definition
[24]OpenFlow:OpenFlow Switch Specification Version 1.3.1September 6, 2012.
[25]Snort。http://www.snort.org/ |