結合系統呼叫序列關係與局部特徵計算 之行動惡意程式檢測方法;Combining system call sequence relationship with local feature calculation in a mobile malware detection method

NCU Institutional Repository > 管理學院 > 資訊管理研究所 > 博碩士論文 > Item 987654321/89864

jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/89864

题名:	結合系統呼叫序列關係與局部特徵計算之行動惡意程式檢測方法;Combining system call sequence relationship with local feature calculation in a mobile malware detection method
作者:	洪千惠;Hung, Chien-Hui
贡献者:	資訊管理學系
关键词:	Android 惡意程式分析;動態分析;系統呼叫序列;序列關係;深度學習;Android malware analysis;dynamic analysis;system call sequence;sequence relationship;deep learning
日期:	2022-07-28
上传时间:	2022-10-04 12:02:50 (UTC+8)
出版者:	國立中央大學
摘要:	在這資訊快速發展的時代，市占率最高的作業系統—Android其開源特性成為駭客的攻擊目標，進而威脅到使用者的隱私。在惡意程式分析中的動態分析不受混淆及動態載入攻擊的影響，還可以了解到程式在執行時的行為，當中的系統呼叫（System calls）能實際呈現應用程式與內核（kernel）間的溝通，因此本研究以動態檢測方法進行，並以系統呼叫為特徵，來表示應用程式的行為。利用TF-IDF的特徵處理方法能將其系統呼叫特徵依據出現的次數以及在整體的關係給予不同重要程度的權重分配，不過此方法以一個系統呼叫為一個單位，因此在計算時未有序列的前後關係，而在系統呼叫序列（System call sequences）中，前後關係有其重要性，因此本研究利用n-gram概念結合局部TF-IDF來讓序列型的資料能取得含有序列前後關係及重要程度的特徵。而在惡意程式檢測領域中，深度學習已有卓越的分類效果，因此本研究將動態序列特徵以提出的方法化為向量，並在深度學習的模型上分析Android應用程式。於本研究顯示利用本方法在應用程式的多元分類下能提高3%以上的準確率，而對於未知的2019年資料集準確率提升11%。;In this era of rapid development of information technology, Android has the highest market share in the operating system. However, its open source feature has been the target of hackers, which in turn threatens the privacy of users. Dynamic analysis in malware analysis is not affected by obfuscation and dynamic loading attacks, but also provides insight into the behavior of the program during execution. The system calls can actually represent the communication between the application and the kernel, so this research uses a dynamic detection method to analyze the system calls as a feature to represent the behavior of the application. The TF-IDF feature processing method can assign different weights to system call features according to the number of call occurrences and the overall relationship, but this method uses one system call as a unit, so there is no sequence relationship in the calculation. However, in System call sequences, the pre- and post-sequence relationships have their importance. Therefore, this research uses the concept of n-gram combined with local TF-IDF to enable sequence-based data to obtain features containing the pre- and post-sequence relationships and importance of sequences. In the field of malware detection, deep learning has excellent classification results, so in this research, dynamic sequence features are transformed into vectors by the proposed method and Android applications are analyzed on the deep learning model. In this research, it is shown that using this method can improve the accuracy by more than 3% for multiple classification of applications and 11 % for unknown 2019 dataset.
显示于类别:	[資訊管理研究所] 博碩士論文

文件中的档案:

档案	描述	大小	格式	浏览次数
index.html		0Kb	HTML	106	检视/开启

在NCUIR中所有的数据项都受到原著作权保护.

社群 sharing

数据加载中.....