以動態使用者意圖分析偵測Android惡意程式

Abstract

資料洩漏在Android上愈來愈嚴重，隨著Android平台上惡意程式的滋長，保護使用者的資料變得愈來愈難。一個惡意程式再Android上很容易取得使用者的資料，所以對於想要偷資料的開發者而言，只要寫個Android上的程式就可以透過Android框架獲得使用者隱私資訊。對於使用者而言，他很難知道Android上的程式是否依照他的意願使用他的隱私資料。這篇論文提供另外一個自動偵測惡意程式的方法。我們透過動態分析觀察使用者和程式的互動情形來判斷受測程式是否為惡意程式。最後，我們分析使用我們的方法，在一般程式和惡意程式的集合裡面，分別可以有多少的準確度，以及這個方法本身的限制。

Data leakage problem of Android apps is becoming more and more severe. Due to the enlarging Android ecology and the emerging of booming of various bytes of Android malwares, it is hard to keep user’s important data safe. For a malware, to steal important data from user is easy. The attacker can write an app and retrieve the user or device information from Android framework. Users with these apps installed is hard to know whether the application is using his or her data in an authorized way. In this paper, we provide a methodology to analyze out-going data with the observation of user-application interactions. With observation, we can get some information about the behavior of the app. Then we identify whether the app is benign or malicious by judging if an app is treating user’s data in a proper way. In brief, we want to tell if an app is treating user’s data in a right way by judging how the user interacts with the app. In the end, we show how this method performs by testing a numbers of applications, which are classified into two sets, normal set and malicious set respectively. With the evaluation of our method, we illustrate the performance of our system and its limitation.