中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/74814
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 42415356      線上人數 : 1661
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/74814


    題名: 基於靜態特徵與機器學習之Android惡意程式分類研究;Android Malware Classifier based on Static Feature and Machine Learning
    作者: 游子慧;YOU, ZIH-HUEI
    貢獻者: 資訊管理學系
    關鍵詞: Android;靜態分析;機器學習;opcode sequence;惡意程式分類;相似度計算;Android;static analysis;machine learning;opcode sequence;similarity calculation
    日期: 2017-08-08
    上傳時間: 2017-10-27 14:40:41 (UTC+8)
    出版者: 國立中央大學
    摘要: 針對每一特定類型的惡意程式進行分類是很重要的,以便得知每一種類的惡意程式特性,如此才能作相對應的防護措施。現今的惡意程式數量不僅逐漸上升,還不斷的變種,使得單一一個惡意程式的特性不只一個可能性,還可能包含了其他惡意程式類別的特性,故本研究除了將檢測惡意程式進行分類,還會檢測其是否包含其他類別的風險值。本研究採用省時且覆蓋率高的靜態分析深入研究,在特徵提取的部分,以往文獻幾乎都採用permissions, API calls, components等等來檢測惡意程式,但這些特徵都需仰賴專家分析來過濾這些特徵,才可進行使用,而opcode不需仰賴專家分析,可直接使用原始資料來進行分析,且和應用程式的程式碼密切相關。本研究提出一個應用程式檢測平台,採用opcode sequence與機器學習來分類其檢測應用程式,我們採用靜態分析文獻常用的J48、RandomForest(RF)、NaiveBayes、LibSVM與Partial Decision Tree(PART)五種分類演算法來進行訓練與10折交叉驗證,其RandomForest 搭配4gram opcode sequence的F-Measure最高擁有97.5%。分類後再進行風險值計算,計算其檢測應用程式是否包含其他種類的惡意程式特性,給予其百分比做為判斷依據。;It is important to classify each particular type of malware in order to know the malware features of each class, so that the corresponding protective measures can be made. The number of malware is not only gradually rising and constantly variants. Making a malware features more than one possibility class, but also may contain other malware class characteristics. In this study have to detection of malware for classification and in addition to check whether it contains other classes of risk values, the use of time-saving and high coverage of the static analysis. The static analysis past literature extraction feature almost all use permissions, API calls, components and so on to detect malicious programs, but these features need to rely on expert analysis to filter these features before they can be used, and opcode do not need to rely on expert analysis, Directly using raw data for analysis, and is closely related to the application code, this study uses opcode as a static analysis feature as a study. In this study, we propose an application detection platform, which uses opcode sequence and machine learning to classify. We use J48, RandomForest (RF), NaiveBayes, LibSVM and Partial Decision Tree (PART), which are commonly used in static analysis literature. We use 10-fold cross validation to training and testing. The result is the RandomForest with 4gram opcode sequence of F-Measure has of 97.5%. After classification we can calculate risk value of application that whether contains other class of malware features and given the percentage as a basis for judging.
    顯示於類別:[資訊管理研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML249檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明