中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/93292
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 41266874      線上人數 : 380
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/93292


    題名: 結合自然語言處理與可解釋性技術之Android惡意程式分析加速研究;Accelerating Android Malware Analysis by Combining Natural Language Processing and Interpretability Technique
    作者: 陳立凱;Chen, Li-Kai
    貢獻者: 資訊管理學系
    關鍵詞: Android惡意程式;深度學習;操作碼;自然語言處理;可解釋性;Android malware;Deep learning;Opcode;Natural Language Processing;Explainable AI
    日期: 2023-07-28
    上傳時間: 2024-09-19 16:53:00 (UTC+8)
    出版者: 國立中央大學
    摘要: 隨著科技高速發展,人們的生活與網路密不可分。不論是通過電腦、智慧型手機、或是智慧手環等產品,其中又以手機普遍使用頻率最高。然而,伴隨這個現象而來的就是行動裝置惡意程式的日益增長,這會讓行動裝置的使用受到嚴重的威脅。本研究會針對行動裝置作業系統市占率最高的Android作為研究主題,為了應對行動裝置惡意程式快速成長的環境,系統會使用靜態分析的方式,從APK(Android Application Package)檔案中提取出操作碼,並用其建立一個自然語言處理模型,學習操作碼的之間的關係,以增強特徵表示,用更少量的特徵就表達操作碼序列,接下來將操作碼通過自然語言模型轉換成向量,輸入分類器來進行訓練,以判斷APK是否為惡意應用程式,因為用的特徵量更少,訓練速度可以得以提升,訓練成本隨之下降。惡意程式快速成長就會有越來越多未知的樣本,當面對可能的誤報時,只能由研究人員一一檢查,但有限的人力無法應付如此大量的惡意應用程式。因此,本研究會利用可解釋性技術SHAP對訓練好的模型進行分析,產生解釋性資料,再根據這些資料製作成指標,可以篩選出較可能為誤報的樣本,研究人員便可優先分析這些有價值的樣本,增加研究人員的效率,之後分析完這些未知樣本,便可加入訓練集來訓練,以面對這些未知樣本。;With the rapid development of technology, people′s lives are closely tied to the internet. Whether it is through computers, smartphones, or smartwatches, among which smartphones have the highest usage frequency. However, this situation has also led to the growing of malicious software on mobile devices. which can put the use of mobile devices at serious risk. This study focuses on Android, the mobile operating system with the highest market share, to address the rapidly growing environment of mobile malware. The system uses static analysis to extract the opcode from the APK file and builds a Natural Language Processing (NLP) Model to learn the relationships between opcodes, enhancing feature representation to express opcode sequences with fewer features. The opcode is then converted into vectors through the NLP model and input into the classifier for training to detect whether the APK is a malicious application. Because fewer features are used, training speed can be improved, and training costs are reduced. As malicious programs grow rapidly, there will be more and more unknown samples. When facing possible false alerts, researchers can only check them one by one. Therefore, this study will use the interpretability technique SHAP to analyze the trained models to generate XAI data, and then make indicators based on these data, which can filter out samples that are more likely to be misreported, so that researchers can analyze these valuable samples first, increasing researchers efficiency.
    顯示於類別:[資訊管理研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML14檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明