中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/77649
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 80990/80990 (100%)
造访人次 : 41647890      在线人数 : 2186
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/77649


    题名: Android平台下整合控制流與操作碼之惡意程式分析;Integrating Control Flow and Opcode in Android Malware Analysis
    作者: 王奕鈞;Wang, Yi-Chun
    贡献者: 資訊管理學系
    关键词: Android;靜態分析;控制流;操作碼;相似度計算;惡意程式分類;Android;Static analysis;Control flow;Opcode;Application similarity;Malware classification
    日期: 2018-07-31
    上传时间: 2018-08-31 14:51:43 (UTC+8)
    出版者: 國立中央大學
    摘要: 現今的行動惡意程式數量增長的越來越快,分析大量的應用程式為現今學者專注的項目,本研究依照惡意程式家族對應用程式進行分類,以增進整個分析的過程的效率。檢測惡意程式分為靜態分析與動態分析兩種方法,靜態分析不需要執行程式,直接反編譯程式即可取得所有資源,分析上較有效率且程式覆蓋率高;動態分析需執行取得分析特徵,分析上較為耗時,且無法保證會觸發所有惡意行為,程式覆蓋率較低且耗時,因此本研究針對靜態分析進行探討。現代程式的功能非常多元,許多良性應用程式的行為與惡意應用程式的行為越來越接近,使用早期靜態特徵提取容易造成誤判,因此基於圖型、流向和操作碼的特徵興起,但依然有所限制,容易提取到無意義的特徵,因此本研究結合調整過的操作碼與控制流作為主要靜態分析特徵作為研究。本研究提出一個應用程式檢測系統,結合操作碼與控制流作為主要特徵來分類應用程式,使其對應到所屬的家族,並使用相似度計算,檢測該應用程式除了分類出來的家族特性之外,是否含有其他家族的特性。本研究使用Drebin資料集訓練出的模型F-measure達98%且偵測未知應用程式的準確率達94.86%。;Nowadays, the number of mobile malware is growing faster and faster, analyzing enor-mous malware is one of the goal for the specialist. This study classifies applications accord-ing to malware family in order to improve the efficiency of the entire analysis process.
    The detection of malware is divided into two methods: dynamic analysis and static analysis. Dynamic analysis needs to execute the application to get analysis feature, which is time-consuming and cannot guarantee that all malicious behavior will be triggered. Besides, the program coverage is low in dynamic analysis. Without executing program, static analysis can obtain all resources by decompiling the application directly. Static analysis is more effi-cient and the program coverage is higher than dynamic analysis. In summary, this study fo-cuses on static analysis for further discussion.
    The functions of modern application are very diverse; the behavior of benign applica-tions is closer to the behavior of malware. Thus, the use of early static feature is easy to cause misjudgment. In recent year, using the graph-based feature, flow-based feature and opcode as analysis feature is becoming more and more popular, but still have some re-strictions such as extracting meaningless features easily.
    This study proposes a system that combines the adjusted opcode and control flow as the main features to classify the application to correspond to the family it belongs to, and uses the similarity calculation to detect the application whether it contains other family charac-teristics. In this study, the model F-measure trained using the Drebin data set was 98% and the accuracy of detecting unknown applications was 94.86%.
    显示于类别:[資訊管理研究所] 博碩士論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML308检视/开启


    在NCUIR中所有的数据项都受到原著作权保护.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明