| DC 欄位 |
值 |
語言 |
| DC.contributor | 資訊管理學系 | zh_TW |
| DC.creator | 張玟婷 | zh_TW |
| DC.creator | Wen-Ting Chang | en_US |
| dc.date.accessioned | 2022-7-26T07:39:07Z | |
| dc.date.available | 2022-7-26T07:39:07Z | |
| dc.date.issued | 2022 | |
| dc.identifier.uri | http://ir.lib.ncu.edu.tw:88/thesis/view_etd.asp?URN=109423027 | |
| dc.contributor.department | 資訊管理學系 | zh_TW |
| DC.description | 國立中央大學 | zh_TW |
| DC.description | National Central University | en_US |
| dc.description.abstract | 機器學習被廣泛應用在Android惡意程式檢測研究中,且已證實機器學習模型能取得亮眼的檢測成效。然而Android開發環境持續改變,以及攻擊者不斷演進其惡意程式,導致使用舊資料訓練的模型難以檢測出後期出現的惡意程式,也就是模型檢測能力之可持續性低,此種模型檢測能力隨時間下降的現象又稱為模型老化(Model Aging)。面對此問題的常見做法為重新訓練模型,但若模型老化速度快會使得重新訓練面臨更多的困難,例如需要花費較高的成本且新標記資料取得不易,更重要的是在新模型上線前檢測系統對新惡意程式的防護力較低,也就容易出現空窗期。為了降低重訓練的困難以及在新模型上線前正確檢測出較多的惡意軟體,本研究旨在建立一個老化速度較慢的Android惡意程式檢測系統,並以AUT(Area Under Time)及模型於各時間點的F1-score來評估老化程度。具體來說,本研究組合權限(Permission)與應用程式介面(API)兩種特徵,透過線性模型學習特徵組合時的權重。同時建立兩個模型,以集成學習的軟投票(Soft Voting)判斷APK(Android Application Package)是否為惡意軟體。本研究實驗於2012~2019的資料集上,除了評估模型在同年份樣本的檢測表現外,也評估模型對新年份樣本的檢測效果。與其他Android惡意程式檢測研究相比,AUT提升2% ~ 22%。 | zh_TW |
| dc.description.abstract | Machine learning is widely used in Android malware detection research, and it has been proven that machine learning models can achieve good results. However, detection models trained by old samples are hard to identify new malware with the changes in Android development environment and the evolution of Android applications. That is, the models’ detection ability is not sustainable. The phenomenon that the models’ detection ability degrade over time is called model aging. The common solution to this problem is to retrain models. But if the model ages quickly, it will make retraining process more difficult. More importantly, the detection system has low protection against new malwares before the retrained model released. Using AUT (Area Under Time) and F1-Score at each time slot to evaluate the degree of aging. This research establishes an Android malware detection system with higher sustainability. Specifically, this research combines APKs’ permissions and APIs by the weights learned by linear models. This research will build two detection models and using soft voting to decide whether the application is malware or not. This research evaluates the detection system’s same period and over time performance on the dataset of year 2012 to 2019. Compared to other Android malware detection research, the AUT increase of 2%~22%. | en_US |
| DC.subject | 模型老化 | zh_TW |
| DC.subject | 機器學習 | zh_TW |
| DC.subject | Android 惡意程式檢測 | zh_TW |
| DC.subject | 靜態分析 | zh_TW |
| DC.title | 結合權限與應用程式介面特徵之Android惡意程式分類器可持續性研究 | zh_TW |
| dc.language.iso | zh-TW | zh-TW |
| DC.title | A Sustainability Research of Android Malware Classifier Using Permissions and APIs | en_US |
| DC.type | 博碩士論文 | zh_TW |
| DC.type | thesis | en_US |
| DC.publisher | National Central University | en_US |