利用權限過濾器及靜態分析之Android惡意軟體偵測

Abstract

Android系統以開放的開發環境在近幾年來快速的發展。越來越多人使用Android系統的手持產品。現在智慧型手機的功能越來越全面，例如:網路銀行、NFC、GPS等，都使得攻擊者有更多攻擊的模式。因為在Google Market上傳應用程式沒有限制所以惡意軟體的數量也隨之增加。 由於手機的效能還比不上電腦，若使用靜態分析的話對手機來講是一個負擔。所以這篇論文提出使用Android應用程式的權限先判斷應用程式，以減少使用靜態分析的頻率，若判斷結果是可疑的應用程式，再以靜態分析來偵測。

Android operation system has advanced rapidly through open develop environment in recently years. More and more people use Android operation system’s mobile devices. The functionality of smartphone has became more comprehensive, ex: cyberbank, NFC, GPS, so that attacker has more different ways to attack the end user. Due to the unrestricted access of uploading application to Google Market, there is a noticeable increase in the number of Malware. A cell phone has limited capacity comparing to a computer; as a result, the usage of a static analysis may overload a cell phone device. This thesis suggests an approach to efficient detection of malwares: the first part of detection involves catching malicious applications by inspecting the applicants’ permissions, which reduces the need for a static analysis; a further static analysis is only needed if any application is identified as being suspicious.