結合量測重要函式與使用者互動程度的機器學習模式之Android 惡意軟體偵測系統

Abstract

隨著智慧型手機的普及以及其便利性，民眾的生活更加離不開智慧型手機。然而民眾一旦不小心安裝了惡意程式或者木馬，攻擊者就有機會竊取手機的資料，導致使用者隱私外洩。通常這類惡意行為了避免使用者察覺，都是偷偷地在背景中執行，明顯跟Android應用程式服務使用者的原則大相逕庭。所以本論文為了偵測此類非使用者授意的行為，建立一個能評估應用程式與使用者互動程度的系統，替每個應用程式評價一個信心分數。此分數反映出應用程式呼叫關鍵函式的行為是否透過使用者的動作觸發，同時使用者是否能得到關鍵函式的回饋。透過實驗本論文證實惡意程式的信心分數與於正常應用程式具有相當的差距，推論惡意程式的行為幾乎無關於使用者的意願。配合應用程式宣告的權限，本系統偵測惡意程式的準確率到達97.05%，能有效地辨別惡意應用程式。

Nowadays, the smartphones provide more powerful function to user, becoming a ubiquitous source of private and confidential data. Because users are free to install any app in Android, if user installed unauthorized malicious app from the internet carelessly, the app may leak private data such as location information, contact data, pictures, SMS message, etc. to the attacker. Smartphone apps are unique in their user-centered and interaction intensive design, but the malicious behaviors usually execute in the background without user’s knowledgement. In this paper, we proposed a system to measure interaction between the user and the application by finding data dependence from user to sensitive API or from sensitive API to the screen. And then our classification treats this feature as one of the attributes and do machine learning to recognize malwares.