中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/77649
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 66984/66984 (100%)
Visitors : 23034287      Online Users : 434
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/77649


    Title: Android平台下整合控制流與操作碼之惡意程式分析;Integrating Control Flow and Opcode in Android Malware Analysis
    Authors: 王奕鈞;Wang, Yi-Chun
    Contributors: 資訊管理學系
    Keywords: Android;靜態分析;控制流;操作碼;相似度計算;惡意程式分類;Android;Static analysis;Control flow;Opcode;Application similarity;Malware classification
    Date: 2018-07-31
    Issue Date: 2018-08-31 14:51:43 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 現今的行動惡意程式數量增長的越來越快,分析大量的應用程式為現今學者專注的項目,本研究依照惡意程式家族對應用程式進行分類,以增進整個分析的過程的效率。檢測惡意程式分為靜態分析與動態分析兩種方法,靜態分析不需要執行程式,直接反編譯程式即可取得所有資源,分析上較有效率且程式覆蓋率高;動態分析需執行取得分析特徵,分析上較為耗時,且無法保證會觸發所有惡意行為,程式覆蓋率較低且耗時,因此本研究針對靜態分析進行探討。現代程式的功能非常多元,許多良性應用程式的行為與惡意應用程式的行為越來越接近,使用早期靜態特徵提取容易造成誤判,因此基於圖型、流向和操作碼的特徵興起,但依然有所限制,容易提取到無意義的特徵,因此本研究結合調整過的操作碼與控制流作為主要靜態分析特徵作為研究。本研究提出一個應用程式檢測系統,結合操作碼與控制流作為主要特徵來分類應用程式,使其對應到所屬的家族,並使用相似度計算,檢測該應用程式除了分類出來的家族特性之外,是否含有其他家族的特性。本研究使用Drebin資料集訓練出的模型F-measure達98%且偵測未知應用程式的準確率達94.86%。;Nowadays, the number of mobile malware is growing faster and faster, analyzing enor-mous malware is one of the goal for the specialist. This study classifies applications accord-ing to malware family in order to improve the efficiency of the entire analysis process.
    The detection of malware is divided into two methods: dynamic analysis and static analysis. Dynamic analysis needs to execute the application to get analysis feature, which is time-consuming and cannot guarantee that all malicious behavior will be triggered. Besides, the program coverage is low in dynamic analysis. Without executing program, static analysis can obtain all resources by decompiling the application directly. Static analysis is more effi-cient and the program coverage is higher than dynamic analysis. In summary, this study fo-cuses on static analysis for further discussion.
    The functions of modern application are very diverse; the behavior of benign applica-tions is closer to the behavior of malware. Thus, the use of early static feature is easy to cause misjudgment. In recent year, using the graph-based feature, flow-based feature and opcode as analysis feature is becoming more and more popular, but still have some re-strictions such as extracting meaningless features easily.
    This study proposes a system that combines the adjusted opcode and control flow as the main features to classify the application to correspond to the family it belongs to, and uses the similarity calculation to detect the application whether it contains other family charac-teristics. In this study, the model F-measure trained using the Drebin data set was 98% and the accuracy of detecting unknown applications was 94.86%.
    Appears in Collections:[Graduate Institute of Information Management] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML115View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback  - 隱私權政策聲明