隨著科技高速發展,人們的生活與網路密不可分。不論是通過電腦、智慧型手機、或是智慧手環等產品,其中又以手機普遍使用頻率最高。然而,伴隨這個現象而來的就是行動裝置惡意程式的日益增長,這會讓行動裝置的使用受到嚴重的威脅。本研究會針對行動裝置作業系統市占率最高的Android作為研究主題,為了應對行動裝置惡意程式快速成長的環境,系統會使用靜態分析的方式,從APK(Android Application Package)檔案中提取出操作碼,並用其建立一個自然語言處理模型,學習操作碼的之間的關係,以增強特徵表示,用更少量的特徵就表達操作碼序列,接下來將操作碼通過自然語言模型轉換成向量,輸入分類器來進行訓練,以判斷APK是否為惡意應用程式,因為用的特徵量更少,訓練速度可以得以提升,訓練成本隨之下降。惡意程式快速成長就會有越來越多未知的樣本,當面對可能的誤報時,只能由研究人員一一檢查,但有限的人力無法應付如此大量的惡意應用程式。因此,本研究會利用可解釋性技術SHAP對訓練好的模型進行分析,產生解釋性資料,再根據這些資料製作成指標,可以篩選出較可能為誤報的樣本,研究人員便可優先分析這些有價值的樣本,增加研究人員的效率,之後分析完這些未知樣本,便可加入訓練集來訓練,以面對這些未知樣本。;With the rapid development of technology, people′s lives are closely tied to the internet. Whether it is through computers, smartphones, or smartwatches, among which smartphones have the highest usage frequency. However, this situation has also led to the growing of malicious software on mobile devices. which can put the use of mobile devices at serious risk. This study focuses on Android, the mobile operating system with the highest market share, to address the rapidly growing environment of mobile malware. The system uses static analysis to extract the opcode from the APK file and builds a Natural Language Processing (NLP) Model to learn the relationships between opcodes, enhancing feature representation to express opcode sequences with fewer features. The opcode is then converted into vectors through the NLP model and input into the classifier for training to detect whether the APK is a malicious application. Because fewer features are used, training speed can be improved, and training costs are reduced. As malicious programs grow rapidly, there will be more and more unknown samples. When facing possible false alerts, researchers can only check them one by one. Therefore, this study will use the interpretability technique SHAP to analyze the trained models to generate XAI data, and then make indicators based on these data, which can filter out samples that are more likely to be misreported, so that researchers can analyze these valuable samples first, increasing researchers efficiency.
