近年來，使用智慧型手機的使用者快速增加，而手持裝置所使用的作業系統之中，Android一直以來都是最受歡迎的。然而，諸多原因造就了Android成為了最容易受到攻擊的作業系統。勒索軟體是其中最具破壞性的惡意軟體之一，他們在2013年的時候第一次被發掘。這類的惡意軟體會將手機使用者的螢幕鎖住，或是加密用戶資料，直到受害人付款為止。他們會明確地告知受害人付款的方式，而通常是藉由購買指定的商品，或是利用比特幣來付贖金，以躲避追緝。為了要解決上述問題，在本篇論文中，我們提出了一個偵測加密勒索軟體的方法。方法為利用六個特徵去偵測加密勒索軟體的存在，而由於這些特徵基於監控使用者檔案的變化，與加密勒索軟體的行為深深契合，因此我們的方法可以用於已知與未知、新變種的加密勒索軟體的偵測上。經測試，我們的方法在偵測10個市面上流傳的加密勒索軟體的真陽率為100%，在Google Play上下載數前50的應用軟體之中，偵測的假陽率為2%。另外，我們開發了一款可以給一般人使用作為防禦加密勒索軟體的Android 應用程式。應用程式可應用於Android 5.0以上版本的Android 裝置上。而有別於現存的防毒軟體，我們的方法是用動態檢測的方式，因此可以彌補靜態檢測的限制。我們的應用程式平常於背景中執行，在偵測到手機遭到加密勒索軟體的攻擊時，告知使用者攻擊的發生，指引使用者將其重要檔案還原。

The number of smartphone users increases rapidly in these years, and among several operating systems used in the mobile devices, Android remains to be the most popular operating system. However, several reasons have made Android the most targeting mobile operating system. Ransomware, one of the most devastating malware
on Android platform, was first discovered in 2013. This kind of malware often locks the screen or encrypts the data on mobile phones and asks for a ransom payment. The phone will not be unlocked or decrypted until the payment is paid. The payment can be completed by buying specific products or using Bitcoin, which make the criminals untraceable. To solve this problem, we proposed an Android crypto-ransomware detecting method based on the changes of user files of Android platform. There are 6 features in our proposed method and as the method is based on monitoring the changes of user data, and is tightly associated with the nature of crypto-ransomware, it can be applied to the new variants of crypto-ransomware. The true positive rate (or recall) of the method is 100% by testing over 10 real-world crypto-ransomwares. On the other hand, the false positive rate of the application is 2% and is obtained by testing the 50 applications on Google Play with the most download numbers. Moreover, we developed a tool can be used by any user even with no computer science background. We have implemented an application as user interface and can be installed on the emulators or Android devices of Android version 5 and above. Differing from the existing anti-virus products, our tool is based on dynamic analysis and can compensate the unsufficiency of static analysis. When the activities done by a crypto-ransomware are detected, our application will show the warning message to the user and instruct the user to recover the user files.

pdf檔頁碼 / 內文頁碼
封面 (p1-p2) / x
摘要 (p3-p4) / x
致謝 (p5) / x
目錄 (p6-p10) / x
第一章 (p11-p14) / (p1-p4)
第二章 (p15-p18) / (p5-p8)
第三章 (p19-p21) / (p9-p11)
第四章 (p22-p42) / (p12-p32)
第五章 (p43-p58) / (p33-p48)
第六章 (p59-p60) / (p49-p50)
參考文獻 (p61-p63) / (p51-p53)

[1] Number of smartphone users worldwide from 2014 to 2020 (in billions). https://www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/, 2017.
[2] Mobile operating system market share worldwide from november 2016 to november 2017. http://gs.statcounter.com/os-market-share/mobile/worldwide/, 2017.
[3] Another reason 99% of mobile malware targets androids.
https://safeandsavvy.f-secure.com/2017/02/15/another-reason-99-percent-of-mobile-malware-targets-androids/, 2017.
[4] Android platform versions (data collected during a 7-day period ending on december 11, 2017.). https://developer.android.com/about/dashboards/index.html#Screens, 2017.
[5] Hon Lau Kevin Savage, Peter Coogan. The evolution of ransomware. Symantec, 1st edition, 2015.
[6] Ransomware victims have paid out more than $25 million.
https://www.theverge.com/2017/7/25/16023920/ransomware-statistics-locky-cerber-google-research, 2017.
[7] Apktool. https://ibotpeaches.github.io/Apktool/install, 2017.
[8] dex2jar - tools to work with android .dex and java .class files. https://sourceforge.net/projects/dex2jar, 2016.
[9] Java decompiler - yet another fast java decompiler. http://jd.benow.ca, 2017.
[10] Proguard - the open source optimizer for java bytecode. https://www.guardsquare.com/en/proguard, 2017.
[11] Francesco Mercaldo Davide Maiorca and Giorgio Giacinto. R-packdroid: Api package-based characterization and detection of mobile ransomware. In SAC, pages 1718–1723, 2017.
[12] Antonella Santone Francesco Mercaldo, Vittoria Nardone and Corrado Aaron Visaggio. Ransomware steals your phone. formal methods rescue it. In Formal Techniques for Distributed Objects, Components, and Systems, volume 9688, pages 212–221. Springer, 2016.
[13] Stefano Zanero Nicolo Andronio and Federico Maggi. Heldroid: Dissecting and detecting mobile ransomware. In Research in Attacks, Intrusions, and Defenses, pages 382–404. RAID, 2015.
[14] Kai Qian Tianda Yang, Yu Yang and Dan Cia-Tien Lo. Automated detection and analysis for android ransomware. In IEEE 7th International Symposium on CSS, pages 1338–1343. IEEE, 2015.
[15] Amirhossein Gharib and Ali Ghorbani. Dna-droid: A real-time android ransomware detection framework. In Network and System Security, volume 10394, pages 184–198. Springer, 2017.
[16] Bongjoon Kim Sanggeun Song and Sangjun Lee. The effective ransomware prevention technique using process monitoring on android platform. In Mobile Information Systems, pages 3–11. Hindawi, 2016.
[17] Patrick Traynor Nolen Scaife, Henry Carter and Kevin R.B. Butler. Cryptolock and drop it: Stopping ransomware attacks on user data. In IEEE 36th International Conference on ICDCS, pages 303–312. IEEE, 2016.
[18] Android developers - fileobserver. https://developer.android.com/reference/android/os/FileObserver.html, 2017.
[19] Wikipedia - inotify. https://en.wikipedia.org/wiki/Inotify, 2017.
[20] Mobile ransomware: Pocket-sized badness. http://
blog.trendmicro.com/trendlabs-security-intelligence/
mobile-ransomware-pocket-sized-badness/, 2016.
[21] Contagio - malware dump. http://contagiodump.blogspot.tw/, 2017.
[22] Virusshare.com - because sharing is caring. https://virusshare.com/, 2017.
[23] List of most downloaded android applications. https://en.wikipedia.org/wiki/List_of_most_downloaded_Android_applications, 2017.
[24] Measure app performance with android profiler. https://developer.
android.com/studio/profile/android-profiler.html, 2017.
[25] Google play - antutu. https://play.google.com/store/apps/details?id=
com.antutu.ABenchMark&hl=zh_TW, 2017.