英文摘要 |
Businesses provide mobile applications for ubiquitous computing. Personal information often is stored in mobile devices for convenience, which implies a potential information leakage risk for users as well. Dynamic analysis requires a controlled environment to observe the execution behaviors and it is time-consuming and computational intensive work. Some malicious behaviors are triggered in certain conditions or input sequences, which makes the detection more challenging. In this study, static analysis based detection method is proposed and defines threat patterns based on the literature review and malware families. The proposed taint propagation algorithm tracks the sensitive data flows and the detection system verifies if the sensitive information is released by the target software. The experiment adopted 19 mobile malware families and the results indicated that the proposed detection method can detect malicious behaviors efficiently with the true positive rate of 91/6%. |