中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/95616
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 42119823      Online Users : 1421
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/95616


    Title: 利用GNNExplainer分析第三方API改善敏感子圖提取方法以提升Android惡意程式檢測能力;Enhancing Android Malware Detection through Improved Sensitive Subgraph:A GNNExplainer-based Approach for Third-party API Analysis
    Authors: 張華哲;Chang, Hua-Che
    Contributors: 資訊管理學系
    Keywords: 敏感子圖;第三方函式庫API;解釋性技術;圖神經網路;Android惡意程式檢測系統;Sensitive Subgraphs;Third-Party Library APIs;Explainable AI;Graph Neural Networks;Android Malware Detection System
    Date: 2024-07-30
    Issue Date: 2024-10-09 17:06:10 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 隨著Android平台的普及和應用程式功能的不斷擴展,第三方函式庫的使用日益普遍。然而這些未經嚴格審核的函式庫可能存在安全隱患,成為惡意程式的潛在工具,引發供應鏈攻擊等新型威脅。本研究旨在改進現有的Android惡意程式檢測系統,特別聚焦於改善敏感子圖的前處理方法。我們的目標是防止攻擊者利用第三方函式庫中的API執行敏感行為或利用先前研究認定為無害的API來製作的危害第三方函式庫,通過改善圖結構前處理方式,以提高檢測系統對新興威脅的防禦能力。
    本研究採用了圖神經網路和GNNExplainer解釋性技術,提出了一種創新的方法來評估敏感的第三方函式庫API。通過分析GNNExplainer生成的惡意和良性行為子圖,並結合本研究的敏感API評分方法能夠有效辨別出調用敏感資訊和執行敏感操作的第三方API,同時也能辨別具有類似行為的官方API。基於這個全面的敏感API列表,我們生成更加精確和完整的敏感子圖,作為惡意程式檢測模型的輸入。
    根據實驗結果,本方法在保留完整惡意行為的同時,有效降低了圖結構的複雜性。相較於現有研究如SFCGDroid和DGCNDroid的敏感子圖方法,本方法在多項檢測指標上均有所提升。現有模型架構下本方法的敏感子圖F1-Score可以達到96.33%,比SFCGDroid、DGCNDroid表現分別高出1%、2%,訓練時間分別減少了3%、58%。除此之外,本研究提出的檢測系統在CICMalDroid2020與AndroZoo資料集中F1-Score的表現高達98.65%,也相比於現有敏感子圖檢測系統F1-Score表現好上1~4%,並且訓練時間可以減少3倍以上。
    ;The increasing use of third-party libraries in Android applications has introduced new security vulnerabilities, including potential supply chain attacks. This research aims to enhance Android malware detection systems by improving the preprocessing of sensitive subgraphs. Our focus is on preventing attackers from exploiting third-party library APIs to perform sensitive operations or utilizing APIs previously deemed harmless to create malicious third-party libraries. These malicious activities could include unauthorized access to sensitive information, execution of harmful operations, or compromising the integrity of the host application.
    We propose an innovative method using graph neural networks and GNNExplainer to evaluate sensitive APIs in third-party libraries and official Android APIs. By analyzing behavior subgraphs and employing our novel API scoring technique, we generate more precise sensitive subgraphs for enhanced malware detection.
    Experimental results show that our method reduces graph complexity while preserving malicious behaviors. Our approach achieves a sensitive subgraph F1-Score of 96.33%, outperforming existing methods like SFCGDroid and DGCNDroid by 1-2%, with reduced training times. On the CICMalDroid2020 and AndroZoo datasets, our system reaches an F1-Score of 98.65%, surpassing current systems by 1-4% while reducing training time by over 4 times. These improvements significantly enhance the detection system′s capabilities against emerging Android application threats.
    Appears in Collections:[Graduate Institute of Information Management] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML32View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明