近幾年的惡意程式檢測技術,憑藉著硬體運算能力的快速增長,利用深度學習技術 檢測惡意程式的研究逐漸增加,且偵測的效果也比傳統技術更加準確,Android 惡意程 式的攻擊手法不斷變化,產生許多不同的攻擊類型,而具有較相似攻擊目標及行為的惡 意程式則被研究人員歸類在同個惡意家族,以利後續分析,但某些惡意家族的樣本數較 少,造成使用深度學習技術來偵測惡意程式的方法無法有效學習這些惡意家族的特徵, 使深度學習技術對於辨識特定惡意程式的效果下降。本研究則試圖改善此一問題,使用 Android 應用程式中的多種特徵——Opcode、API 及 Permission,以不同的前處理方式生 成三個特徵向量,接著將三個特徵向量結合成 RGB 圖像,並使用深度卷積生成對抗網 路(Deep Convolutional Generative Adversarial Network,GAN)擴增少樣本惡意家族中的 樣本,最後輸入至卷積神經網路(Convolutional Neural Network,CNN)進行惡意家族分 類,提升深度學習對少樣本惡意家族的偵測率。實驗結果顯示結合多特徵及深度卷積生 成對抗網路能有效提升深度學習辨識 Android 少樣本惡意家族的能力。;With the continuous changes in malicious attack methods, the imbalanced Android malware family dataset is a big problem, which causes deep learning model cannot effectively learn the features of small families, resulting in decreased effectiveness of malware detection. This research used three static features in Android applications, which are opcode, API and permission, and used different pre-processing methods to generate feature vectors in order to form the RGB image. After RGB images generated, DCGAN (Deep Convolutional Generative Adversarial Network) is used to augment samples of small families, then input them to Convolutional Neural Networks (CNN) for family classification. The experimental results showed that using multi-feature and DCGAN can effectively improve the ability of Convolutional Neural Network (CNN) to identify small families, and the F1-score of small families can be increased between 2%-20%.
