English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 41264290      線上人數 : 712
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/89642


    題名: 無特徵圖神經網路分類模型以偵測Android惡意軟體為例;Non-attributed Graph Classification Model Using GNN - A Case Study of Android Malware Detection
    作者: 張祐綸;Chang, Yu-Lun
    貢獻者: 軟體工程研究所
    關鍵詞: Android惡意軟體偵測;圖神經網路;圖分類;圖卷積網路;圖同構網路;Android Malware Detection;Graph Classification;Graph Convolutional Networks;Graph Isomorphic Networks;Graph Neural Networks
    日期: 2022-09-22
    上傳時間: 2022-10-04 11:50:37 (UTC+8)
    出版者: 國立中央大學
    摘要: 在手機、平板及各式各樣的IoT(Internet of Things)裝置中,Android系統的市占率維持在第一名,Android系統相較於iOS系統能夠更自由的安裝軟體,透過網路取得APK檔案進行下載即可安裝,然而這樣的方便性也帶來了不少風險,為了因應這些風險,許多針對Android 惡意軟體偵測(malware detection)的方法也因此產生,如靜態分析、動態分析、混合方法及網路分析,這些方法能夠確保使用者安裝的APK是安全無害的。在靜態分析方法中,使用程式碼(Source code)來做分析是常見的方法,其中在程式碼分析中可以透過APK檔案取得函式呼叫圖(Function Call Graph,FCG),在FCG中可以看到函式之間彼此的呼叫關係即先後順序,也可以觀察到特定函式的使用次數及頻率,由函式建構圖可以做為偵測惡意軟體的分析,然而若將這些函式呼叫的名稱直接公開可能會讓有惡意的人有機可乘,因此把函式呼叫的名稱去除能夠防止一些資料洩漏。此外FCG有數以萬計個節點,透過人眼難以觀察與辨識,因此使用圖神經網路的方式能夠快速且自動分類出該惡意軟體。
    本論文針對無特徵圖分類問題,提出GNeP(GIN with ENhance Android DEgree Profile)框架,基於圖神經網路(Graph Neural Network,GNN)並結合處理無特徵圖的(Enhance Android Degree Profile,EADP)方法能夠解決無特徵圖的問題,本論文使用圖同構網路(Graph Isomorphic Network,GIN)作為GNN的模型,由實驗結果顯示在MalNet資料集,GNeP在FCG分類中有93.12%的準確率,優於圖卷積網路(Graph Convolution Network)的80.12%的準確率;本論文提出分類方法不僅適用於偵測Android惡意軟體也適用於其他的圖分類問題。
    ;Among mobile phones, tablets and various Internet of Things(IoT)devices, the market share of the Android system maintains the first place. Compared with the iOS system, the Android system can install software more freely, and the APK file can be downloaded through the Internet. However, this convenience also brings a lot of risks. In order to cope with these risks, many methods for Android malware detection have been developed, such as static analysis, dynamic analysis, hybrid methods and network analysis, these methods can ensure that the APK installed by the user is safe and harmless. In the static analysis method, using of code (Source code) for analysis is a common method. In the code analysis, the function call graph (FCG) can be obtained through the APK file and code analysis tool. The calling relationship between functions is represented as a side. It is difficult to observe the usage times and frequency of a specific function by human. The entire graph constructed by the function can be used as an analysis to detect malware. However, if the names of these function calls are directly exposed, malicious people may take advantage, so removing the names of the function calls can prevent the leakage of these data. In addition, the FCG has tens of thousands of nodes, which are difficult to observe and identify through the human eye. Therefore, the method of using graph neural network can quickly and automatically classify the malware.
    In order to solve the problem of featureless graph classification, this paper proposes the main mechanism: GNeP, based on the Graph Neural Network (GNN), which has developed rapidly in recent years, combined with the method of dealing with featureless graphs(Enhance Android Degree Profile,EADP)can solve the problem of non-feature graphs. For the problem of graph classfication, this paper uses Graph Isomorphic Network (GIN) as the model of GNN. GNeP has an accuracy rate of 93.12% in the classification of function call graph, which is better than the highest accuracy rate of 80.02% for Graph Convolution Network; the classification method proposed in this paper is not only suitable for Android malware detection but also for other graph classification problems.
    顯示於類別:[軟體工程研究所 ] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML79檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明