中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/89853
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41642506      Online Users : 1428
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/89853


    Title: 結合權限與應用程式介面特徵之Android惡意程式分類器可持續性研究;A Sustainability Research of Android Malware Classifier Using Permissions and APIs
    Authors: 張玟婷;Chang, Wen-Ting
    Contributors: 資訊管理學系
    Keywords: 模型老化;機器學習;Android 惡意程式檢測;靜態分析
    Date: 2022-07-26
    Issue Date: 2022-10-04 12:02:20 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 機器學習被廣泛應用在Android惡意程式檢測研究中,且已證實機器學習模型能取得亮眼的檢測成效。然而Android開發環境持續改變,以及攻擊者不斷演進其惡意程式,導致使用舊資料訓練的模型難以檢測出後期出現的惡意程式,也就是模型檢測能力之可持續性低,此種模型檢測能力隨時間下降的現象又稱為模型老化(Model Aging)。面對此問題的常見做法為重新訓練模型,但若模型老化速度快會使得重新訓練面臨更多的困難,例如需要花費較高的成本且新標記資料取得不易,更重要的是在新模型上線前檢測系統對新惡意程式的防護力較低,也就容易出現空窗期。為了降低重訓練的困難以及在新模型上線前正確檢測出較多的惡意軟體,本研究旨在建立一個老化速度較慢的Android惡意程式檢測系統,並以AUT(Area Under Time)及模型於各時間點的F1-score來評估老化程度。具體來說,本研究組合權限(Permission)與應用程式介面(API)兩種特徵,透過線性模型學習特徵組合時的權重。同時建立兩個模型,以集成學習的軟投票(Soft Voting)判斷APK(Android Application Package)是否為惡意軟體。本研究實驗於2012~2019的資料集上,除了評估模型在同年份樣本的檢測表現外,也評估模型對新年份樣本的檢測效果。與其他Android惡意程式檢測研究相比,AUT提升2% ~ 22%。;Machine learning is widely used in Android malware detection research, and it has been proven that machine learning models can achieve good results. However, detection models trained by old samples are hard to identify new malware with the changes in Android development environment and the evolution of Android applications. That is, the models’ detection ability is not sustainable. The phenomenon that the models’ detection ability degrade over time is called model aging. The common solution to this problem is to retrain models. But if the model ages quickly, it will make retraining process more difficult. More importantly, the detection system has low protection against new malwares before the retrained model released. Using AUT (Area Under Time) and F1-Score at each time slot to evaluate the degree of aging. This research establishes an Android malware detection system with higher sustainability. Specifically, this research combines APKs’ permissions and APIs by the weights learned by linear models. This research will build two detection models and using soft voting to decide whether the application is malware or not. This research evaluates the detection system’s same period and over time performance on the dataset of year 2012 to 2019. Compared to other Android malware detection research, the AUT increase of 2%~22%.
    Appears in Collections:[Graduate Institute of Information Management] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML62View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明