現今的行動裝置普及,相對惡意程式增長速度越來越快,如何快速且高效的分析大量惡意程式,同時提升少量惡意家族樣本辨識率為現今學者關注的議題。現有分析惡意程式的方式可分為靜、動態分析,本論文以靜態分析作研究,與現有研究不同的是本研究欲探討現有之圖像技術應用至Android惡意程式分析領域的效能,故將操作碼轉為圖像,並使用注意力機制(Attention)與資料擴增(Data Augmentation)於此領域中,注意力機制的啟發為生物學上人腦對於文字或圖像辨識而言,可看見其認為當前最重要的部分,並針對此部分做判斷,本研究藉此來提升現有卷積神經網路分類惡意應用程式的準確度;資料擴增目前廣泛用於解決圖像領域中資料量過少,導致深度學習難以學習的問題,本論文利用將操作碼轉為圖像之優勢,將數量稀少的惡意家族直接進行水平翻轉,藉此擴增原本的資料集。本研究證實注意力機制能有效提升卷積神經網路1.99%的準確度,並證明資料擴增-水平翻轉對於對於大部分惡意家族的操作碼圖像都能提升至少3.6%的效果。 ;With the popularity of mobile devices, malware is growing faster and faster. How to quickly and efficiently analyze a large number of malware, and at the same time improve the recognition rate of a small number of malicious family samples, has become a topic of concern for scholars today. The existing methods of analyzing malware can be divided into static and dynamic analysis, and this paper chooses static analysis as the basis of research. Unlike the existing research, this study is to explore the effectiveness of existing image technology in the field of Android malware analysis. We turn the opcode into an image and use ttention mechanisms and Data Augmentation in this area. We are inspired by the attention mechanism because in the field of biology, when the human brain recognizes words or images, it can see the more important parts and make judgments on this part, and in view of the above, this study uses attention mechanism to improve the accuracy of existing convolutional neural networks in classifying malicious applications. Data Augmentation is widely used to solve the problem that the amount of data in the image field is too small, which makes deep learning difficult to learn. This study is based on the opcode that has been converted into an image to horizontally flip a small number of malicious families, thereby increasing the original data set. We demonstrate that the use of attention mechanisms improves accuracy by 1.99% compared to convolutional neural networks, and also demonstrate that horizontal flipping of Data Augmentation can improve accuracy by 3.6% for most malicious families’ opcode images.