English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 41635566      線上人數 : 1424
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/77660


    題名: 結合靜態權限及動態封包分析以提升Android惡意程式偵測效能之研究;Combining Static Permissions and Dynamic Packet Analysis to Improve Android Malware Detection Performance
    作者: 熊永菁;Shyong, Yung-Ching
    貢獻者: 資訊管理學系
    關鍵詞: 動態分析;Android;惡意程式分類;網路封包;應用程式權限;Dynamic analysis;Android;malware classification;network packet;application permission
    日期: 2018-07-31
    上傳時間: 2018-08-31 14:51:58 (UTC+8)
    出版者: 國立中央大學
    摘要: 現今Android智慧行動裝置普及,成為惡意程式開發者的主要攻擊目標,如何將行動惡意程式進行偵測及防範已成為一大資安議題。同時,行動應用程式的網路流量成長快速,使得將網路封包作為資料集來檢測行動惡意軟體的可行性也提高。然而動態分析具有蒐集資料耗時的缺點,且過去文獻僅從網路封包中提取單一種類協定特徵,此外,僅將應用程式判斷是否為惡意是不夠的。基於此,本研究提出一個結合靜態權限及動態封包分析的Android惡意程式分析系統,先以靜態分析方式,透過應用程式的宣告資訊權限過濾掉良性應用程式,避免過多的資料蒐集時間,並從惡意程式網路流量提取多種類特徵,提升偵測效果同時降低誤判率,最後進行惡意程式家族分類,由於同個惡意家族下的應用程式具有類似的惡意行為,此分類方式能提供資安人員足夠資訊來建立防範策略。經實驗證實,靜、動態模型準確度分別為98.96%及95.6%,其中網路封包動態分析,高於惡意家族分類的94.33%準確度。以測試資料驗證系統整體效能上,準確率為89.1%,然而本實驗證實在動態分析的資料蒐集時間上有大幅改善,僅47.5%的應用程式需進行五分鐘的動態網路封包蒐集。;The popularity of Android smart mobile devices has become the main target of malware developers. How to detect and prevent mobile malware has become a major issue. At the same time, the mobile application′s network traffic has grown rapidly, making it more feasible to use network packets as a data set to detect malicious applications. However, dynamic analysis has the disadvantage of collecting data and taking time, and the past literature only extracts a single kind of agreement feature from the network packet. In addition, it is not enough to distinguish application into malicious or benign. Based on this, this study proposes an Android malware analysis system combining static permissions and dynamic packet analysis. Firstly, static analysis is used to filter out benign applications through the application′s announcement information permission, avoiding excessive data collection time and maliciously. The program network traffic extracts multiple types of features, improves the detection effect and reduces the false positive rate. Finally, the malware family is classified. Since the application under the same malicious family has similar malicious behavior, this classification method can provide sufficient information for the security personnel. To establish a prevention strategy. The experimental results show that the accuracy of static and dynamic models are 98.96% and 95.6%, respectively, and the dynamic analysis of network packets is higher than the accuracy of 94.33% of malicious family classification. Using the test data to verify the overall performance of the system, the accuracy rate was 89.1%. However, this experiment confirmed that the data collection time of the dynamic analysis was greatly improved, and only 47.5% of the applications required a five-minute dynamic network packet collection.
    顯示於類別:[資訊管理研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML233檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明