English  |  正體中文  |  简体中文  |  Items with full text/Total items : 78852/78852 (100%)
Visitors : 36178584      Online Users : 680
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version

    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/92662

    Title: 結合自然語言處理與可解釋性技術之Android惡意程式分析加速研究;Accelerating Android Malware Analysis by Combining Natural Language Processing and Interpretability Technique
    Authors: 陳立凱;Chen, Li-Kai
    Contributors: 資訊管理學系
    Keywords: Android惡意程式;深度學習;操作碼;自然語言處理;可解釋性;Android malware;Deep learning;Opcode;Natural Language Processing;Explainable AI
    Date: 2023-07-28
    Issue Date: 2023-10-04 16:07:49 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 隨著科技高速發展,人們的生活與網路密不可分。不論是通過電腦、智慧型手機、或是智慧手環等產品,其中又以手機普遍使用頻率最高。然而,伴隨這個現象而來的就是行動裝置惡意程式的日益增長,這會讓行動裝置的使用受到嚴重的威脅。本研究會針對行動裝置作業系統市占率最高的Android作為研究主題,為了應對行動裝置惡意程式快速成長的環境,系統會使用靜態分析的方式,從APK(Android Application Package)檔案中提取出操作碼,並用其建立一個自然語言處理模型,學習操作碼的之間的關係,以增強特徵表示,用更少量的特徵就表達操作碼序列,接下來將操作碼通過自然語言模型轉換成向量,輸入分類器來進行訓練,以判斷APK是否為惡意應用程式,因為用的特徵量更少,訓練速度可以得以提升,訓練成本隨之下降。惡意程式快速成長就會有越來越多未知的樣本,當面對可能的誤報時,只能由研究人員一一檢查,但有限的人力無法應付如此大量的惡意應用程式。因此,本研究會利用可解釋性技術SHAP對訓練好的模型進行分析,產生解釋性資料,再根據這些資料製作成指標,可以篩選出較可能為誤報的樣本,研究人員便可優先分析這些有價值的樣本,增加研究人員的效率,之後分析完這些未知樣本,便可加入訓練集來訓練,以面對這些未知樣本。;With the rapid development of technology, people′s lives are closely tied to the internet. Whether it is through computers, smartphones, or smartwatches, among which smartphones have the highest usage frequency. However, this situation has also led to the growing of malicious software on mobile devices. which can put the use of mobile devices at serious risk. This study focuses on Android, the mobile operating system with the highest market share, to address the rapidly growing environment of mobile malware. The system uses static analysis to extract the opcode from the APK file and builds a Natural Language Processing (NLP) Model to learn the relationships between opcodes, enhancing feature representation to express opcode sequences with fewer features. The opcode is then converted into vectors through the NLP model and input into the classifier for training to detect whether the APK is a malicious application. Because fewer features are used, training speed can be improved, and training costs are reduced. As malicious programs grow rapidly, there will be more and more unknown samples. When facing possible false alerts, researchers can only check them one by one. Therefore, this study will use the interpretability technique SHAP to analyze the trained models to generate XAI data, and then make indicators based on these data, which can filter out samples that are more likely to be misreported, so that researchers can analyze these valuable samples first, increasing researchers efficiency.
    Appears in Collections:[資訊管理研究所] 博碩士論文

    Files in This Item:

    File Description SizeFormat

    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明