A Solution to Protect Your Android from Sending Unknown SMS Messages

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：7

、訪客IP：18.188.20.56

姓名

廖緯玲(Wei-Ling Liao) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

(A Solution to Protect Your Android from Sending Unknown SMS Messages)

相關論文

★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm	★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制	★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines	★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統	★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks	★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails	★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators	★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye	★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 ( 永不開放)

摘要(中)

由於Android對於敏感應用程式介面 (Application Programming Interface, API)是用權限機制來做管理與限制，所以這些惡意軟體想要存取這些敏感API的話，只要在 AndroidManiflest.XML 檔案當中揭露它所需要的權限，就可以一直使用，直到它被解除安裝為止，也因此SMS malware可以利用這種機制，在使用者不知道的情況下，擅自寄送簡訊，造成使用者財務損失。
在本篇論文中，我們藉由分析SMS malware發送SMS簡訊的行為，設計出防止SMS簡訊被濫發的機制 ─ Taurus，以解決目前SMS malware的問題。Taurus以動態監控的方式，透過記錄使用者輸入的內容與即將要發送出去的SMS簡訊內容和接收方的電話號碼做比對，來確認SMS簡訊是否使用者發送。若兩者比對不成功，則Taurus會向使用者發出通知訊息，讓使用者確認是否要發送此SMS簡訊，一旦曾經被拒絕發送的應用程式和簡訊又再次重新發送，Taurus就會判定其為惡意行為並中止其執行，阻止SMS malware發送簡訊。

摘要(英)

Android uses permission mechanism to protect sensitive Application Programming Interface (API) and private data. Malicious app can access these sensitive APIs and private data as long as it declares the permissions that it needs in AndroidManifest.xml until it is removed from Android device. Therefore SMS malware can steal money from victims’ mobile accounts by sending SMS messages without victim awareness.
In this paper, we designed a mechanism named Taurus, to prevent SMS malware sending SMS messages automatically. Taurus monitors the outgoing SMS message and compares the recorded user input with the SMS message to confirm whether they are being sent by the user or not. If two comparing contents are different, Taurus will notify user for confirmation before sending the SMS message. If there is other attempts of sending the rejected message, Taurus will determine it to be malicious behavior and terminate the execution of the app.

關鍵字(中)

★ SMS木馬
★ SMS惡意軟體

關鍵字(英)

★ SMS Trojans
★ SMS malware
★ Android Security
★ mobile Security
★ SEND_SMS

論文目次

摘要 i
Abstract ii
致謝辭 iii
目錄 iv
圖目錄 vi
表目錄 vii
第一章緒論 1
1.1 背景與目的 1
1.2 方法概述 2
1.3 章節架構 3
第二章背景知識 4
2.1 Android架構簡介 4
2.2 應用程式架構層介紹 6
2.3 Android平台開發工具 7
2.4 SMS Malware的種類與特性 8
2.4.1 SMS Trojans 9
2.4.2 SMS Spam Botnet 11
2.4.3 Android.Pincer.2.origin 12
2.4.4 SMS Malware的特性 13
第三章相關研究 15
3.1 增加Android平台安全的機制 15
3.2 惡意應用程式偵測 16
3.3 耗電量評估 17
第四章 Taurus系統設計與實作 18
4.1 Taurus系統架構 18
4.1.1 增加Taurus服務和Taurus app 18
4.1.2 取得使用者輸入內容 19
4.1.3 比對簡訊內容與接收方的電話號碼 20
4.1.4 白名單與黑名單 24
4.2 Taurus資料 24
4.3 Taurus Component說明 25
4.3.1 Input Component 25
4.3.2 Write Component 26
4.3.3 Monitor Component 26
4.3.4 Service Component 26
4.3.5 Alert Component 26
4.3.6 SQLite 27
4.4 Taurus流程 27
4.5 Taurus限制 28
第五章實驗分析 30
5.1 測試樣本簡介 30
5.2 Effectiveness測試 32
5.3 記憶體用量測試 35
第六章結論 38
6.1 結論 38
6.2 未來工作 38
參考文獻 40

參考文獻

[1]Malik Saadi, "Press release: China is largest single Android market with the US in second place", http://blogs.informatandm.com/6771/press-release-china-is-largest-single-android
-market-with-the-us-in-second-place/, December 18, 2012.
[2]趙郁竹, "趨勢科技：Android惡意App數量今年將達140萬", http://www.bnext.com.tw/
article/view/cid/0/id/26045, January 8, 2013
[3]Bob Greene, "38 years ago he made the first cell phone call", http://edition.cnn.com/
2011/OPINION/04/01/greene.first.cellphone.call/index.html, April 3, 2011.
[4]陳興忠, "行動裝置病毒的威脅與對策探討", http://newsletter.certcc.org.tw/epaper/2011
10/report3_1.html, October 5, 2011.
[5]Open Handset Alliance, http://www.openhandsetalliance.com/, Accessed：July 2013.
[6]Google Play, https://play.google.com/store, Accessed：July 2013.
[7]Android SDK Tools, http://developer.android.com/tools/sdk/tools-notes.html, Accessed：July 2013.
[8]Using DDMS, http://developer.android.com/tools/debugging/ddms.html, Accessed：July 2013
[9]Tools Help, http://developer.android.com/tools/help/index.html, Accessed：July 2013.
[10]Ken Presti, "Kaspersky: SMS Trojans Account For Over Half Of Smartphone Malware", http://www.crn.com/news/security/240012810/kaspersky-sms-trojans-account-for-over-half-of-smartphone-malware.htm, February 2012.
[11]Pablo Ramos, "Don’t pay high phone bills: SMS Trojans can trick you via premium-rate numbers", http://www.welivesecurity.com/2012/11/29/android-sms-trojan-
tricks-you-into-premium-rate-calls/, November 29, 2012.
[12]Shane McGlaun, "500,000 Android users in China infected with SMSZombie", http://www.slashgear.com/500000-android-users-in-china-infected-with-smszombie-20243293/, August 20, 2012.
[13]TrustGo Security Labs, "New Virus SMSZombie.A Discovered by TrustGo Security Labs", http://blog.trustgo.com/SMSZombie/, August 15, 2012.
[14]Andrew Conway, "Android Trojan Used To Create Simple SMS Spam Botnet", http://blog.cloudmark.com/2012/12/16/android-trojan-used-to-create-simple-sms-spam-botnet/, December 16, 2012.
[15]Pikspam: An SMS Spam Botnet, http://www.symantec.com/connect/blogs/pikspam-
sms-spam-botnet, December 20, 2012.
[16]New Trojan steals short messages, http://news.drweb.com/show/?i=3549&lng=en, May 22, 2013.
[17]Yi-Fan Chung, "Android System Service/API 實作", http://android-yfchung.blogspot.tw
/2012/05/android-system-serviceapi.html, Accessed：July 2013.
[18]Android-Adding SystemService, http://processors.wiki.ti.com/index.php/Android-Adding
_SystemService, July 25, 2012.
[19]InputMethodManager, http://developer.android.com/reference/android/view/inputmethod
/InputMethodManager.html, Accessed：July 2013.
[20]InputConnection, http://developer.android.com/reference/android/view/inputmethod/
InputConnection.html, Accessed：July 2013.
[21]BaseInputConnection, http://developer.android.com/reference/android/view/inputmethod/
BaseInputConnection.html, Accessed：July 2013.
[22]InputConnectionWrapper, http://developer.android.com/reference/android/view/inputme
thod/InputConnectionWrapper.html, Accessed：July 2013.
[23]SmsManager, http://developer.android.com/reference/android/telephony/gsm/
SmsManager.html, Accessed：July 2013.
[24]Protocol data unit, http://en.wikipedia.org/wiki/Protocol_data_unit, June 14, 2013.
[25]contagio mobile, http://contagiominidump.blogspot.tw/, Accessed：July 2013.
[26]高階加密標準, https://zh.wikipedia.org/wiki/%E9%AB%98%E7%BA%A7%
E5%8A%A0%E5%AF%86%E6%A0%87%E5%87%86, May 11, 2013.
[27]Denis, "SMS Trojans: all around the world", http://www.securelist.com/en/blog/2081
93261/SMS_Trojans_all_around_the_world, November 25, 2011
[28]JC Torpey, "How SMS Trojan Infects and Hides in Android Smartphones", http://news.yahoo.com/sms-trojan-infects-hides-android-smartphones-222000386.html, November 28, 2011.
[29]Xuxian Jiang, "Security Alert: New Android Malware HippoSMS Found in Alternative Android Markets", http://www.csc.ncsu.edu/faculty/jiang/HippoSMS/, July 11, 2011.
[30]First SMS Trojan detected for smartphones running Android, http://www.kaspersky.com
/news?id=207576158, August 9, 2010.
[31]安天實驗室, Trojan/Android.Raden.a[SMS]分析報告, http://www.antiy.com/cn/
security/2011/trojan_android_raden_a.htm, May 16, 2011.
[32]Tim Strazzere, GGTrackerTechnical Tear Down, https://blog.lookout.com/wp-content
/uploads/2011/06/GGTracker-Teardown_Lookout-Mobile-Security.pdf, June 20, 2011.
[33]沈經, Android新惡意軟體：GGTracker擅自幫你訂閱昂貴服務, http://www.ithome.
com.tw/itadm/article.php?c=68312, June 23, 2011
[34]Tim Strazzere, "Security Alert: Zsone Trojan found in Android Market", https://blog.lookout.com/blog/2011/05/11/security-alert-zsone-trojan-found-in-android-market, May 11, 2011.
[35]hprof-conv, http://developer.android.com/tools/help/hprof-conv.html, Accessed：July 2013.
[36]Memory Analyzer (MAT), http://www.eclipse.org/mat/, Accessed：July 2013.
[37]Xu, Rubin, Hassen Saïdi, and Ross Anderson. "Aurasium: Practical policy enforcement for android applications." Proceedings of the 21st USENIX Security Symposium. 2012.
[38]William Enck, Peter Gilbert, Byung-Gon Chun. "TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones." Proceedings of the 9th USENIX conference on Operating systems design and implementation. 2010.
[39]Asaf Shabtai, Uri Kanonov, Uuval Elovici. "“Andromaly”: a behavioral malware detection framework for android devices." Journal of Intelligent Information Systems 38.1 2012. pp. 161-190.
[40]Jarabek, Chris, David Barrera, and John Aycock. "ThinAV: truly lightweight mobile cloud-based anti-malware." Proceedings of the 28th Annual Computer Security Applications Conference. ACM, 2012.
[41]Jerry Cheng, Startsky H.Y. Wong, Hao Yang, songwu Lu. "Smartsiren: virus detection and alert for smartphones."Proceedings of the 5th international conference on Mobile systems, applications and services. ACM, 2007.
[42]Yajin Zhou, Zhi Wang, Wu Zhou, Xuxian Jiang. "Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets." Proceedings of the 19th Annual Network and Distributed System Security Symposium. 2012.
[43]Elminaam, Diaa Salama Abd, Hatem Mohamed Abdual-Kader, and Mohiy Mohamed Hadhoud. "Evaluating The Performance of Symmetric Encryption Algorithms." IJ Network Security 10.3 2010. pp. 216-222.
[44]韓超, 梁泉, 深入淺出Android系統原理及開發要點, 博碩文化, 2010
[45]蓋索林(gasoline), google Android 3 手機應用程式設計入門, 松崗, 2011
[46]Reto Meier, 鍾政欣譯, Android 2.X應用程式開發經典, 碁峰, 2011
[47]李寧, 王者歸來Android開發權威指南, 佳魁資訊, 2011
[48]Marko Gargenta, 邵子卿洪沛然何旅良譯, Android學習手冊, O’Reilly, 2011
[49] Pansi SMS, https://play.google.com/store/apps/details?id=com.pansi.msg, Accessed：July 2013.
[50] Handcent SMS, https://play.google.com/store/apps/details?id=com.handcent.nextsms
&hl=zh_TW, Accessed：July 2013.
[51] chomp SMS, https://play.google.com/store/apps/details?id=com.p1.chompsms&hl=zh_
TW, Accessed：July 2013.
[52] Lango Messaging, https://play.google.com/store/apps/details?id=com.zlango.zms&hl=
zh_TW, Accessed：July 2013.
[53] GO SMS Pro, https://play.google.com/store/apps/details?id=com.jb.gosms, Accessed：July 2013.

指導教授

許富皓(Fu-Hau Hsu)

審核日期

2013-7-24

推文