- 學位論文
基於貝氏推論之新型 Android 惡意程式偵測
A Novel Android Malware Detection Using Bayesian Inference
摘要
由於越來越多惡意軟體針對 Android 平台進行攻擊,該平台的惡意軟體偵測已成為一個相當熱門的研究領域。而在許許多多的論文裡,簡單貝氏分類器是相當常見的一項技術,然而我們發現該方法在 Contagio Malware Dump 資料集的表現差強人意,其因可能源自於缺乏考量特徵間的相依性。 本論文提出一個針對 Android 平台上應用程式的輕量級惡意軟體偵測方法,用以增進貝氏分類器在 Contagio Malware Dump 資料集的準確性。先藉由靜態分析取得應用程式的相關惡意特徵,再經主成份分析降低特徵間的相依性,並以隱藏式簡單貝氏機率模型推論該應用程式為惡意軟體的可能性。本論文分析了 18,723 個應用程式,其中 3,150 個為惡意軟體,實驗結果得到 94.5% 偵測率及 1.0% 誤報率。在實驗中也展示了該方法在手機平台上的可行性。
並列摘要
Android malware detection has been a popular research topic due to non-negligible amount of malware targeting the Android operating system. In particular, the naive Bayes generative classifier is a common technique widely adopted in many papers. However, we found that the naive Bayes classifier performs badly in Contagio Malware Dump dataset, which could result from the assumption that no feature dependency exists. In this paper, we propose a lightweight method for Android malware detection, which improves the performance of Bayesian classification on the Contagio Malware Dump dataset. It performs static analysis to gather malicious features from an application, and applies principal component analysis to reduce the dependencies among them. With the hidden naive Bayes model, we can infer the identity of the application. In an evaluation with 15,573 normal applications and 3,150 malicious samples, our work detects 94.5% of the malware with a false positive rate of 1.0%. The experiment also shows that our approach is feasible on smartphones.