Android上的隱私資料洩漏偵測

Abstract

近年來智慧型手機、平板電腦科技蓬勃發展，擁有強大的功能，也讓這些移動裝置成為新的攻擊目標。其中最常見的攻擊是資料竊取與外流。本文提出LeakDet，一個可安裝在Android行動裝置上，可偵測隱私資料洩漏的系統。LeakDet能夠偵測封包內是否含有隱私資料，並且阻擋該封包流向的IP。我們將最新版的入侵偵測系統(IDS)軟體Snort移植到Android手機上，並搭配Snortsam以及Linux Kernel內建的防火牆Iptables來達到入侵防禦系統(IPS)的功能。我們設計了一個Android應用程式名為PrivacyGuardian。PrivacyGuardian提供了操作介面，讓使用者能操作IPS以及自定義個人隱私資料。實驗部分，我們模擬實際的殭屍網路攻擊情境來竊取資料，證明了LeakDet能成功偵測攻擊封包並且阻擋該攻擊IP。同時也對LeakDet在手機上的資源消耗量做了測試。

In recent years, mobile devices such as smartphone and tablet have become the target of attacks because of their powerful functions. To defense the data stealing attack, we propose LeakDet. LeakDet is a system that installed on a mobile device for detecting the leakage of private data. LeakDet can check if the packet contains private data and block the destination IP of that packet. We port the newest version of Snort, an Intrusion Detect System(IDS), on Android. We integrate Snort, Snortsam and the build-in firewall in Linux kernel, Iptables, to implement an intrusion prevention system (IPS). We also design an Android application called PrivacyGuardian for user to control the IPS and define his own private data. Last, we take an experiment to test the functionality of PrivacyGuardian by simulating the botnet attack environment. The experimental result shows that LeakDet can detect the packet which leaks private data and prevent the following attack by blocking the attacker’s IP