English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 42119186      線上人數 : 1294
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/74812


    題名: 去可識別個人資訊後之 Android惡意程式動態分析研究;Dynamic Android Malware Analysis with de-identification of personal identifiable information
    作者: 胡哲君;HU, CHE-CHUN
    貢獻者: 資訊管理學系
    關鍵詞: 動態分析;Android;惡意程式分類;網路封包;去識別化;Dynamic analysis;malware classification;network packets;system call;de-identification
    日期: 2017-08-08
    上傳時間: 2017-10-27 14:40:31 (UTC+8)
    出版者: 國立中央大學
    摘要: 近年來,智慧型手機因為普及和承載更多個人資訊而成為駭客的目標。安全防護工具會蒐集手機內大量資訊,當資訊上傳雲端平台進行惡意程式分析時,可能造成使用者隱私洩漏。本研究針對Android平台的間諜軟體、殭屍網路、勒索軟體三類惡意程式,提出ShadowDroid系統,採用動態分析技術。在手機端蒐集分析所需資料時,在手機上建立VPN截取所有網路流量,並透過字串比對方法從中找出隱私資訊,接著將其去識別化,確保上傳的分析資料不包含任何隱私資料。
    目前許多惡意程式分類相關研究是將惡意程式分類到家族,但惡意家族是惡意程式作者為了規避檢測或加強功能而不斷使惡意程式演化變種,惡意家族並不代表某一行為特徵。本研究將惡意程式依其行為分類為木馬、勒索軟體等。以方便使用者針對該特徵尋找合適對策,同前分類是根據某一種行為特徵所定義,而某些惡意程式可能混合多種惡意種類行為,例如Xbot包含網路釣魚、加密勒索等惡意行為,因此本研究將手機端上傳的資料和各類別的標準特徵集合進行相似度計算,其中分析所用的特徵不需要任何隱私資料,我們的分析結果可顯示其與各惡意類別的相似度,由此判斷該惡意程式可能包含哪些惡意行為。經實驗證實,本研究在沒有隱私洩漏的情況下,以相似度最高為分類結果,良性程式及三種類惡意程式的分類結果有90%準確度,只略低於惡意家族分類的92%準確度。;In recent years, smart phones become the target of hackers, because of the popularity and the store of more personal information. Information security tools will collect a lot of information from user′s smart phone and may cause privacy information leakage when it uploads to cloud server for malware analysis. In order to protect user′s privacy information, information security tools need to remove the privacy information from uploading data. Our study aims for spyware, botware, ransomware these three kinds of malware on the Android platform. And proposed a dynamic malware classification system, named ShadowDroid. ShadowDroid will establish a VPN to intercept all network packets to the phone. ShadowDroid collecting all network packets that be detected app and use string matching method to find the privacy information, then de-Identify it to make sure that the uploaded classify data doesn′t contain any personal identifiable information.
    At present, malware classification research is classified malware in the malicious family. But the malicious family is malware continue to make the evolution, in order to circumvent the detection or enhance the function. This research will be classified malware, according to their behavioral feature, like ransomware, botware, spyware. To facilitate the user to find suitable measures for the behavior feature. Our classification is based on a certain behavioral feature of the definition. And some malware may be mixed with a malicious behavior of variety malicious types. For example, Xbot contains malicious behavior, such as phishing, and encrypt file to extortion. Therefore, this research will calculate the similarity between the data uploaded from the user′s mobile and the standard feature set of each category. And the classification features do not need any privacy information. Our classification results can be shown similarities between its with each malicious category, thus judging the malicious program may contain malicious behavior. The results show that the classification of the benign app and the three categories of malware is 90% accurate, which is only slightly lower than the 92% accuracy of the malicious family classification.
    顯示於類別:[資訊管理研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML441檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明