整合注意力機制與圖像化操作碼之 Android 惡意程式分析研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：22

、訪客IP：18.190.253.122

姓名

張櫻瀞(Ying-Ching Chang) 查詢紙本館藏

畢業系所

資訊管理學系

論文名稱

整合注意力機制與圖像化操作碼之 Android 惡意程式分析研究
(Using Attention Mechanism and Visualization of Opcode Sequences for Android Malware Detection)

相關論文

★ 應用數位版權管理機制於數位影音光碟內容保護之研究	★ 以應用程式虛擬化技術達成企業軟體版權管理之研究
★ 以IAX2為基礎之網頁電話架構設計	★ 應用機器學習技術協助警察偵辦詐騙案件之研究
★ 擴充防止詐欺及保護隱私功能之帳戶式票務系統研究-以大眾運輸為例	★ 網際網路半結構化資料之蒐集與整合研究
★ 電子商務環境下網路購物幫手之研究	★ 網路安全縱深防護機制之研究
★ 國家寬頻實驗網路上資源預先保留與資源衝突之研究	★ 以樹狀關聯式架構偵測電子郵件病毒之研究
★ 考量地區差異性之隨選視訊系統影片配置研究	★ 不信任區域網路中數位證據保留之研究
★ 入侵偵測系統事件說明暨自動增加偵測規則之整合性輔助系統研發	★ 利用程序追蹤方法關聯分散式入侵偵測系統之入侵警示研究
★ 一種網頁資訊擷取程式之自動化產生技術研發	★ 應用XML/XACML於工作流程管理系統之授權管制研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

現今的行動裝置普及，相對惡意程式增長速度越來越快，如何快速且高效的分析大量惡意程式，同時提升少量惡意家族樣本辨識率為現今學者關注的議題。現有分析惡意程式的方式可分為靜、動態分析，本論文以靜態分析作研究，與現有研究不同的是本研究欲探討現有之圖像技術應用至Android惡意程式分析領域的效能，故將操作碼轉為圖像，並使用注意力機制（Attention）與資料擴增（Data Augmentation）於此領域中，注意力機制的啟發為生物學上人腦對於文字或圖像辨識而言，可看見其認為當前最重要的部分，並針對此部分做判斷，本研究藉此來提升現有卷積神經網路分類惡意應用程式的準確度;資料擴增目前廣泛用於解決圖像領域中資料量過少，導致深度學習難以學習的問題，本論文利用將操作碼轉為圖像之優勢，將數量稀少的惡意家族直接進行水平翻轉，藉此擴增原本的資料集。本研究證實注意力機制能有效提升卷積神經網路1.99%的準確度，並證明資料擴增－水平翻轉對於對於大部分惡意家族的操作碼圖像都能提升至少3.6%的效果。

摘要(英)

With the popularity of mobile devices, malware is growing faster and faster. How to quickly and efficiently analyze a large number of malware, and at the same time improve the recognition rate of a small number of malicious family samples, has become a topic of concern for scholars today. The existing methods of analyzing malware can be divided into static and dynamic analysis, and this paper chooses static analysis as the basis of research. Unlike the existing research, this study is to explore the effectiveness of existing image technology in the field of Android malware analysis. We turn the opcode into an image and use ttention mechanisms and Data Augmentation in this area. We are inspired by the attention mechanism because in the field of biology, when the human brain recognizes words or images, it can see the more important parts and make judgments on this part, and in view of the above, this study uses attention mechanism to improve the accuracy of existing convolutional neural networks in classifying malicious applications. Data Augmentation is widely used to solve the problem that the amount of data in the image field is too small, which makes deep learning difficult to learn. This study is based on the opcode that has been converted into an image to horizontally flip a small number of malicious families, thereby increasing the original data set. We demonstrate that the use of attention mechanisms improves accuracy by 1.99% compared to convolutional neural networks, and also demonstrate that horizontal flipping of Data Augmentation can improve accuracy by 3.6% for most malicious families’ opcode images.

關鍵字(中)

★ 注意力機制
★ 資料擴增
★ 靜態分析
★ 深度學習
★ Android

關鍵字(英)

★ Attention mechanism
★ Data augmentation
★ Static analysis
★ Deep learning
★ Android

論文目次

論文摘要 i
Abstract ii
誌謝 iii
目錄 iv
圖目錄 vii
表目錄 x
第一章緒論 1
1-1 研究背景 1
1-2 研究動機 4
1-3 研究貢獻 7
1-4 章節架構 8
第二章相關研究 9
2-1 以操作碼為特徵之研究 9
2-1-1 傳統機器學習 9
2-1-2 卷積神經網路 11
2-2 圖像化惡意程式碼之研究 14
2-2-1 傳統機器學習 14
2-2-2 卷積神經網路 15
2-3 注意力機制之研究 16
2-3-1 應用於惡意程式圖像領域之研究 18
2-4 資料擴增 22
2-5 小結 24
第三章系統設計 26
3-1 系統架構 26
3-1-1 資料前處理 27
3-1-2 分類 31
3-1-3 評估指標 34
3-2 系統之訓練與使用流程 35
第四章實驗結果 37
4-1 實驗環境與使用資料集 37
4-1-1 實驗環境 37
4-1-2 資料集 38
4-2 注意力機制 41
4-2-1 實驗一 41
4-2-2 實驗二 44
4-3 資料擴增 47
4-3-1 實驗三 47
4-3-2 實驗四 48
4-3-3 實驗五 50
4-4 實驗結果與討論 52
第五章結論與未來研究 59
5-1 結論與貢獻 59
5-2 未來研究 60
參考文獻 63

參考文獻

[參考網站]

[1] Pwc. (2019). Global Consumer Insights Survey Available: https://www.pwc.com/gx/en/industries/consumer-markets/consumer-insights-survey.html
[2] Gartner. (2018, 10-Jun). Gartner Says Huawei Secured No. 2 Worldwide Smartphone Vendor Spot, Surpassing Apple in Second Quarter 2018. Available: https://www.gartner.com/en/newsroom/press-releases/2018-08-28-gartner-says-huawei-secured-no-2-worldwide-smartphone-vendor-spot-surpassing-apple-in-second-quarter
[3] McAfee. (2019). McAfee Labs Threats Report December 2018. Available: https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-dec-2018.pdf
[4] Wiki. Static program analysis. Available: https://en.wikipedia.org/wiki/Static_program_analysis
[7] Wiki. Dynamic program analysis. Available: https://en.wikipedia.org/wiki/Dynamic_program_analysis
[19] . Contagio Blog. Available: http://contagiominidump.blogspot.tw/
[23] . Baidu Apps Market. Available: https://shouji.baidu.com/
[24] . Android Drebin Project. Available: https://www.sec.cs.tu-bs.de/~danarp/drebin/
[32] . Apktool(A tool for reverse engineering 3rd party). Available: https://ibotpeaches.github.io/Apktool
[33] G. Paller. Dalvik opcodes. Available: http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html
[34] . APKPure. Available: https://apkpure.com/tw/
[35] . Android Malware Dataset. Available: http://amd.arguslab.org/

[中文文獻]

[5] 游子慧, "基於靜態特徵與機器學習之 Android 惡意程式分類研究," 國立中央大學資訊管理所碩士論文, 2017.
[8] 胡哲君, "去可識別個人資訊後之 Android惡意程式動態分析研究," 國立中央大學資訊管理所碩士論文, 2017.
[11] 王奕鈞, "Android平台下整合控制流與操作碼之惡意程式分析," 國立中央大學資訊管理所碩士論文, 2018.

[英文文獻]

[6] M. Pomilia, "A study on obfuscation techniques for Android malware," ed: Master’s thesis. Sapienza University of Rome, 2016.
[9] Z. Chen et al., "A first look at android malware traffic in first few minutes," in 2015 IEEE Trustcom/BigDataSE/ISPA, 2015, vol. 1, pp. 206-213: IEEE.
[10] H. Qi and A. Gani, "Research on mobile cloud computing: Review, trend and perspectives," in 2012 Second International Conference on Digital Information and Communication Technology and it′s Applications (DICTAP), 2012, pp. 195-202: ieee.
[12] L. Nataraj, S. Karthikeyan, G. Jacob, and B. Manjunath, "Malware images: visualization and automatic classification," in Proceedings of the 8th international symposium on visualization for cyber security, 2011, p. 4: ACM.
[13] B. Chen, Z. Ren, C. Yu, I. Hussain, and J. J. I. A. Liu, "Adversarial Examples for CNN-Based Malware Detectors," vol. 7, pp. 54360-54371, 2019.
[14] R. R. Selvaraju, M. Cogswell, A. Das, R. Vedantam, D. Parikh, and D. Batra, "Grad-cam: Visual explanations from deep networks via gradient-based localization," in Proceedings of the IEEE International Conference on Computer Vision, 2017, pp. 618-626.
[15] L. Perez and J. J. a. p. a. Wang, "The effectiveness of data augmentation in image classification using deep learning," 2017.
[16] I. Santos, F. Brezo, X. Ugarte-Pedrero, and P. G. J. I. S. Bringas, "Opcode sequences as representation of executables for data-mining-based unknown malware detection," vol. 231, pp. 64-82, 2013.
[17] Q. Jerome, K. Allix, R. State, and T. Engel, "Using opcode-sequences to detect malicious Android applications," in 2014 IEEE International Conference on Communications (ICC), 2014, pp. 914-919: IEEE.
[18] B. Kang, S. Y. Yerima, K. McLaughlin, and S. Sezer, "N-opcode analysis for android malware classification and categorization," in 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security), 2016, pp. 1-7: IEEE.
[20] N. McLaughlin et al., "Deep Android Malware Detection," presented at the Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy - CODASPY ′17, 2017.
[21] Y. LeCun, L. Bottou, Y. Bengio, and P. J. P. o. t. I. Haffner, "Gradient-based learning applied to document recognition," vol. 86, no. 11, pp. 2278-2324, 1998.
[22] M. Yang and Q. Wen, "Detecting android malware by applying classification techniques on images patterns," in 2017 IEEE 2nd International Conference on Cloud Computing and Big Data Analysis (ICCCBDA), 2017, pp. 344-347: IEEE.
[25] J. Yan, Y. Qi, Q. J. S. Rao, and C. Networks, "Detecting malware with an ensemble method based on deep neural network," vol. 2018, 2018.
[26] T. Hsien-De Huang and H.-Y. Kao, "R2-d2: Color-inspired convolutional neural network (cnn)-based android malware detections," in 2018 IEEE International Conference on Big Data (Big Data), 2018, pp. 2633-2642: IEEE.
[27] D. Bahdanau, K. Cho, and Y. J. I. A. Bengio, "Neural machine translation by jointly learning to align and translate," 2014.
[28] I. Sutskever, O. Vinyals, and Q. V. Le, "Sequence to sequence learning with neural networks," in Advances in neural information processing systems, 2014, pp. 3104-3112.
[29] H. Yakura, S. Shinozaki, R. Nishimura, Y. Oyama, and J. Sakuma, "Malware Analysis of Imaged Binary Samples by Convolutional Neural Network with Attention Mechanism," in Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, 2018, pp. 127-134: ACM.
[30] K. Xu et al., "Show, attend and tell: Neural image caption generation with visual attention," in International conference on machine learning, 2015, pp. 2048-2057.
[31] A. Krizhevsky, I. Sutskever, and G. E. Hinton, "Imagenet classification with deep convolutional neural networks," in Advances in neural information processing systems, 2012, pp. 1097-1105.
[36] D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, and C. Siemens, "Drebin: Effective and explainable detection of android malware in your pocket," in Ndss, 2014, vol. 14, pp. 23-26.
[37] C. Hasegawa and H. Iyatomi, "One-dimensional convolutional neural networks for Android malware detection," in 2018 IEEE 14th International Colloquium on Signal Processing & Its Applications (CSPA), 2018, pp. 99-102: IEEE.
[38] L. Shiqi, T. Shengwei, Y. Long, Y. Jiong, S. J. K. T. o. I. Hua, and I. Systems, "Android malicious code Classification using Deep Belief Network," vol. 12, no. 1, 2018.

指導教授

陳奕明(Yi-Ming Chen)

審核日期

2019-7-29

推文