English  |  正體中文  |  简体中文  |  Items with full text/Total items : 68069/68069 (100%)
Visitors : 23237133      Online Users : 239
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version

    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/81339

    Title: 基於系統呼叫序列與注意力LSTM模型偵測Android惡意軟體之研究;Android Malware Analysis Based on System Call sequences and Attention-LSTM
    Authors: 曾博彥;Tseng, Po-Yen
    Contributors: 資訊管理學系
    Keywords: 深度學習;注意力LSTM;Android;惡意程式分類;系統呼叫序列;Deep Learning;Attention-LSTM;Android;Malware Classification;System Call Sequence
    Date: 2019-07-27
    Issue Date: 2019-09-03 15:45:22 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 行動裝置的普及與Android作業系統的開放性,使得層出不窮的惡意軟體嚴重影響使用者資訊安全,面對變化多端的攻擊手法與躲避偵測方法,如何更準確的偵測出惡意軟體並加以防護已成為重要議題。雖然目前已有研究提出透過分析應用程式實際執行過程,能有效避免程式碼混淆等躲避偵測問題。但是面對此方法所提取的序列型特徵,如何更詳細地得知特徵之間的關聯性,藉以提升分類模型的分辨準確率,為許多研究所努力的方向。基於應用程式執行過程所呼叫的系統呼叫序列(System Call Sequence),具有可以真實呈現應用程式實際執行為的特性。本研究提取系統呼叫序列作為特徵,並透過長短期記憶(Long Short-Term Memory, LSTM)深度學習模型架構提取系統呼叫前後相互關聯。然而,為了避免隨著系統調用序列的長度增長,降低模型分類準確率,於分類模型中加入注意力機制(Attention),透過計算LSTM神經元的短期記憶專注分數並加權平均於分類決策演算法中,達到增強分類不同惡意攻擊類型的判斷能力。經實驗結果證實,通過兩層的雙向LSTM架構並加入Attention機制的深度神經網路,在分類良性與惡意程式的分辨能力達93.5%,而在詳細分類良性程式與另外兩種惡意種類程式的分類結果則具有93.1%的準確率,展現優良的分類能力。;With the popularity of Android mobile devices, detecting and protecting malicious software has become an important issue. Although there have been studies proposed that dynamic analysis can overcome the shortcomings of avoidance detection problems such as code obfuscated. However, how to learn more detail of correlation between the sequence-type features extracted by dynamic analysis to improve the resolution accuracy of the classification model is the direction of many research efforts. This study extracts the system call sequence as a feature, and extracts the system call correlation through the Long Short-Term Memory (LSTM) deep learning model. In addition, in order to avoid the increase of the length of the system call sequence and reduce the accuracy of the model classification, the attention mechanism is added to the classification model. The experimental results show that through the two-layer of Bi- LSTM architecture and the deep neural network of the Attention mechanism, the resolution of benign and malicious programs is 93.5%, and the classification of benign programs and two other malicious types is detailed. The result is an accuracy of 93.1%, showing excellent classification ability.
    Appears in Collections:[資訊管理研究所] 博碩士論文

    Files in This Item:

    File Description SizeFormat

    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback  - 隱私權政策聲明