English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 41635506      線上人數 : 1405
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/77649


    題名: Android平台下整合控制流與操作碼之惡意程式分析;Integrating Control Flow and Opcode in Android Malware Analysis
    作者: 王奕鈞;Wang, Yi-Chun
    貢獻者: 資訊管理學系
    關鍵詞: Android;靜態分析;控制流;操作碼;相似度計算;惡意程式分類;Android;Static analysis;Control flow;Opcode;Application similarity;Malware classification
    日期: 2018-07-31
    上傳時間: 2018-08-31 14:51:43 (UTC+8)
    出版者: 國立中央大學
    摘要: 現今的行動惡意程式數量增長的越來越快,分析大量的應用程式為現今學者專注的項目,本研究依照惡意程式家族對應用程式進行分類,以增進整個分析的過程的效率。檢測惡意程式分為靜態分析與動態分析兩種方法,靜態分析不需要執行程式,直接反編譯程式即可取得所有資源,分析上較有效率且程式覆蓋率高;動態分析需執行取得分析特徵,分析上較為耗時,且無法保證會觸發所有惡意行為,程式覆蓋率較低且耗時,因此本研究針對靜態分析進行探討。現代程式的功能非常多元,許多良性應用程式的行為與惡意應用程式的行為越來越接近,使用早期靜態特徵提取容易造成誤判,因此基於圖型、流向和操作碼的特徵興起,但依然有所限制,容易提取到無意義的特徵,因此本研究結合調整過的操作碼與控制流作為主要靜態分析特徵作為研究。本研究提出一個應用程式檢測系統,結合操作碼與控制流作為主要特徵來分類應用程式,使其對應到所屬的家族,並使用相似度計算,檢測該應用程式除了分類出來的家族特性之外,是否含有其他家族的特性。本研究使用Drebin資料集訓練出的模型F-measure達98%且偵測未知應用程式的準確率達94.86%。;Nowadays, the number of mobile malware is growing faster and faster, analyzing enor-mous malware is one of the goal for the specialist. This study classifies applications accord-ing to malware family in order to improve the efficiency of the entire analysis process.
    The detection of malware is divided into two methods: dynamic analysis and static analysis. Dynamic analysis needs to execute the application to get analysis feature, which is time-consuming and cannot guarantee that all malicious behavior will be triggered. Besides, the program coverage is low in dynamic analysis. Without executing program, static analysis can obtain all resources by decompiling the application directly. Static analysis is more effi-cient and the program coverage is higher than dynamic analysis. In summary, this study fo-cuses on static analysis for further discussion.
    The functions of modern application are very diverse; the behavior of benign applica-tions is closer to the behavior of malware. Thus, the use of early static feature is easy to cause misjudgment. In recent year, using the graph-based feature, flow-based feature and opcode as analysis feature is becoming more and more popular, but still have some re-strictions such as extracting meaningless features easily.
    This study proposes a system that combines the adjusted opcode and control flow as the main features to classify the application to correspond to the family it belongs to, and uses the similarity calculation to detect the application whether it contains other family charac-teristics. In this study, the model F-measure trained using the Drebin data set was 98% and the accuracy of detecting unknown applications was 94.86%.
    顯示於類別:[資訊管理研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML308檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明