以汙染傳遞為基礎之行動軟體威脅行為偵測

Detecting Mobile Application Malicious Behavior Based on Taint Propagation

隨著科技的進步，各企業組織提供客戶與員工無所不在的運算，線上服務也增加行動版，以提升競爭力與效率。為了方便使用與隨時連線，個人資料也因此儲存於行動裝置中，造成隱私資料洩漏之風險。動態分析需要隔離環境做分析，且分析時間較久，分析速度可能無法趕上惡意程式成長速度。此外，在分析過程中是否能成功觸發惡意行為，一直是動態分析的難題。本研究以靜態分析方式，以汙染傳播法追蹤程式碼資料流，利用惡意程式家族中歸納出威脅模式，再將追蹤之資料流與威脅模式進行比對，並回報符合之資料傳遞行為。實驗資料乃採用19個行動惡意程式家族進行測試。實驗結果證明本研究可以有效的偵測Android APP的惡意程式，正確率高達91.6%。

Businesses provide mobile applications for ubiquitous computing. Personal information often is stored in mobile devices for convenience, which implies a potential information leakage risk for users as well. Dynamic analysis requires a controlled environment to observe the execution behaviors and it is time-consuming and computational intensive work. Some malicious behaviors are triggered in certain conditions or input sequences, which makes the detection more challenging. In this study, static analysis based detection method is proposed and defines threat patterns based on the literature review and malware families. The proposed taint propagation algorithm tracks the sensitive data flows and the detection system verifies if the sensitive information is released by the target software. The experiment adopted 19 mobile malware families and the results indicated that the proposed detection method can detect malicious behaviors efficiently with the true positive rate of 91/6%.