中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/74814
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 42409723      Online Users : 1061
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/74814


    Title: 基於靜態特徵與機器學習之Android惡意程式分類研究;Android Malware Classifier based on Static Feature and Machine Learning
    Authors: 游子慧;YOU, ZIH-HUEI
    Contributors: 資訊管理學系
    Keywords: Android;靜態分析;機器學習;opcode sequence;惡意程式分類;相似度計算;Android;static analysis;machine learning;opcode sequence;similarity calculation
    Date: 2017-08-08
    Issue Date: 2017-10-27 14:40:41 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 針對每一特定類型的惡意程式進行分類是很重要的,以便得知每一種類的惡意程式特性,如此才能作相對應的防護措施。現今的惡意程式數量不僅逐漸上升,還不斷的變種,使得單一一個惡意程式的特性不只一個可能性,還可能包含了其他惡意程式類別的特性,故本研究除了將檢測惡意程式進行分類,還會檢測其是否包含其他類別的風險值。本研究採用省時且覆蓋率高的靜態分析深入研究,在特徵提取的部分,以往文獻幾乎都採用permissions, API calls, components等等來檢測惡意程式,但這些特徵都需仰賴專家分析來過濾這些特徵,才可進行使用,而opcode不需仰賴專家分析,可直接使用原始資料來進行分析,且和應用程式的程式碼密切相關。本研究提出一個應用程式檢測平台,採用opcode sequence與機器學習來分類其檢測應用程式,我們採用靜態分析文獻常用的J48、RandomForest(RF)、NaiveBayes、LibSVM與Partial Decision Tree(PART)五種分類演算法來進行訓練與10折交叉驗證,其RandomForest 搭配4gram opcode sequence的F-Measure最高擁有97.5%。分類後再進行風險值計算,計算其檢測應用程式是否包含其他種類的惡意程式特性,給予其百分比做為判斷依據。;It is important to classify each particular type of malware in order to know the malware features of each class, so that the corresponding protective measures can be made. The number of malware is not only gradually rising and constantly variants. Making a malware features more than one possibility class, but also may contain other malware class characteristics. In this study have to detection of malware for classification and in addition to check whether it contains other classes of risk values, the use of time-saving and high coverage of the static analysis. The static analysis past literature extraction feature almost all use permissions, API calls, components and so on to detect malicious programs, but these features need to rely on expert analysis to filter these features before they can be used, and opcode do not need to rely on expert analysis, Directly using raw data for analysis, and is closely related to the application code, this study uses opcode as a static analysis feature as a study. In this study, we propose an application detection platform, which uses opcode sequence and machine learning to classify. We use J48, RandomForest (RF), NaiveBayes, LibSVM and Partial Decision Tree (PART), which are commonly used in static analysis literature. We use 10-fold cross validation to training and testing. The result is the RandomForest with 4gram opcode sequence of F-Measure has of 97.5%. After classification we can calculate risk value of application that whether contains other class of malware features and given the percentage as a basis for judging.
    Appears in Collections:[Graduate Institute of Information Management] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML249View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明