| Summary: | 碩士 === 國立中山大學 === 資訊管理學系研究所 === 101 === When detecting malicious applications on mobile devices, the current main approach is to apply dynamic analysis detection, since dynamic analysis can be directly used for determining the behavior of the mobile application is malicious or not. However, while using this approach, there is an issue that whether dynamic analysis can trigger malicious behaviors successfully or not. On the other hand, in the study of static analysis in mobile applications, static analysis approach mainly uses fragmented characteristics to identify malicious behaviors, which is not a macro and complete identification method for analyzing source code of mobile applications.
In mobile devices, Android platform is being attacked by malicious applications most. Due to the fact that Android has the feature of keeping the whole intact message after conducting reverse engineering compared to other platforms, in this paper, we present an analyzing method which based on the data flow of the reversed source code of the application. Our method not only overcomes the issue of triggering the malicious behaviors during the analysis but also identifies the behaviors of applications by the source code successfully. Our method improves previous researches of detecting Android malicious application by tracking the data flow of the source code of the applications. We use taint propagation to track the data flow. In this work, we conclude the malicious behavior patterns from the found malware families. After tracking the data flow, we match the data flow with the malicious behavior patterns and report.
In evaluation, we analyzed 252 malicious APPs from 19 families and 50 free APPs from Google Play. The results proved that our method can successfully detecting malicious behaviors of Android APPs with the TPR 91%.
|
|---|
