隨著近年來持有行動裝置的數量逐漸增長,且越來越多的使用者將個人隱私資訊儲存於行動裝置,而其中以Android作業系統為最受歡迎的平台,但由於其平台開放性的緣故,使得大量的駭客以Android平台為首要攻擊目標,嚴重影響使用者的隱私安全。在Android惡意程式偵測領域中的動態分析能夠藉由將程式實際執行並透過將執行過程紀錄,實際了解程式實際執行的行為,並加以分析,其中常見的特徵為系統呼叫,同時隨著近年來深度學習的快速發展,使得惡意程式偵測領域達到更佳的分析結果。但由於取得的系統呼叫序列為應用程式執行一段時間所產生的執行紀錄,因此取得到的特徵屬於一段長序列,而長序列特徵會造成深度學習的模型訓練不佳以及訓練時間過長的問題,因此本研究提出一種基於局部權重的系統呼叫序列壓縮方法,能使壓縮的序列仍具有序列關係,並透過局部權重方法強化壓縮過的序列特徵,使深度學習模型快速訓練且達到高準確率的效果,並在二元分類的表現Accuracy以及F1-Score達到95.32%以及95.31%。;With the gradual increase in the number of mobile devices held in recent years, and more and more users store personal privacy information on their mobile devices. And the Android operating system is the most popular operating system. However, due to the openness of its platform, a large number of hackers take the Android platform as the primary target of attack, which seriously affects the privacy and security of users. Dynamic analysis in the field of Android malware detection can analyze the actual execution behavior of the application by actually executing the application and recording the execution process. The common feature in Dynamic analysis is system calls. At the same time, with the rapid development of deep learning in recent years, the field of Android malware detection has achieved better analysis results. However, the extracted system call sequence is an execution record generated by the application running for a period of time, it belongs to a long sequence, and the long sequence features will cause problems such as poor training of the deep learning model and excessive training time. Therefore, this research proposes a system call sequence compression method based on local weights, which can make the compressed sequence still have sequence relationship, and strengthen the compressed sequence features through the local weight method, so that the deep learning model can be trained quickly and achieve high accuracy. And the performance Accuracy and F1-Score in the binary classification reached 95.32% and 95.31%.
