中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/77660
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 66984/66984 (100%)
造访人次 : 23045970      在线人数 : 373
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/77660


    题名: 結合靜態權限及動態封包分析以提升Android惡意程式偵測效能之研究;Combining Static Permissions and Dynamic Packet Analysis to Improve Android Malware Detection Performance
    作者: 熊永菁;Shyong, Yung-Ching
    贡献者: 資訊管理學系
    关键词: 動態分析;Android;惡意程式分類;網路封包;應用程式權限;Dynamic analysis;Android;malware classification;network packet;application permission
    日期: 2018-07-31
    上传时间: 2018-08-31 14:51:58 (UTC+8)
    出版者: 國立中央大學
    摘要: 現今Android智慧行動裝置普及,成為惡意程式開發者的主要攻擊目標,如何將行動惡意程式進行偵測及防範已成為一大資安議題。同時,行動應用程式的網路流量成長快速,使得將網路封包作為資料集來檢測行動惡意軟體的可行性也提高。然而動態分析具有蒐集資料耗時的缺點,且過去文獻僅從網路封包中提取單一種類協定特徵,此外,僅將應用程式判斷是否為惡意是不夠的。基於此,本研究提出一個結合靜態權限及動態封包分析的Android惡意程式分析系統,先以靜態分析方式,透過應用程式的宣告資訊權限過濾掉良性應用程式,避免過多的資料蒐集時間,並從惡意程式網路流量提取多種類特徵,提升偵測效果同時降低誤判率,最後進行惡意程式家族分類,由於同個惡意家族下的應用程式具有類似的惡意行為,此分類方式能提供資安人員足夠資訊來建立防範策略。經實驗證實,靜、動態模型準確度分別為98.96%及95.6%,其中網路封包動態分析,高於惡意家族分類的94.33%準確度。以測試資料驗證系統整體效能上,準確率為89.1%,然而本實驗證實在動態分析的資料蒐集時間上有大幅改善,僅47.5%的應用程式需進行五分鐘的動態網路封包蒐集。;The popularity of Android smart mobile devices has become the main target of malware developers. How to detect and prevent mobile malware has become a major issue. At the same time, the mobile application′s network traffic has grown rapidly, making it more feasible to use network packets as a data set to detect malicious applications. However, dynamic analysis has the disadvantage of collecting data and taking time, and the past literature only extracts a single kind of agreement feature from the network packet. In addition, it is not enough to distinguish application into malicious or benign. Based on this, this study proposes an Android malware analysis system combining static permissions and dynamic packet analysis. Firstly, static analysis is used to filter out benign applications through the application′s announcement information permission, avoiding excessive data collection time and maliciously. The program network traffic extracts multiple types of features, improves the detection effect and reduces the false positive rate. Finally, the malware family is classified. Since the application under the same malicious family has similar malicious behavior, this classification method can provide sufficient information for the security personnel. To establish a prevention strategy. The experimental results show that the accuracy of static and dynamic models are 98.96% and 95.6%, respectively, and the dynamic analysis of network packets is higher than the accuracy of 94.33% of malicious family classification. Using the test data to verify the overall performance of the system, the accuracy rate was 89.1%. However, this experiment confirmed that the data collection time of the dynamic analysis was greatly improved, and only 47.5% of the applications required a five-minute dynamic network packet collection.
    显示于类别:[資訊管理研究所] 博碩士論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML118检视/开启


    在NCUIR中所有的数据项都受到原著作权保护.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回馈  - 隱私權政策聲明