透過您的圖書館登入 IP:18.117.184.189
透過您的圖書館登入
IP:18.117.184.189
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

基於機器學習之Android惡意程式複合偵測方法

Machine learning based hybrid behavior model for Android malware analysis

莊欣瑜(Hsin-Yu Chuang)
指導教授 : 王勝德
國立臺灣大學/電機資訊學院/電機工程學研究所/碩士(2014年)
https://doi.org/10.6342/NTU.2014.02281
全文下載

摘要

Android平台上的惡意程式偵測為當前重要且熱門的研究議題。 本論文提出一個Android應用程式行為分析方法,以靜態分析的方式,逆向工程取得應用程式的Android API使用情形,歸納出惡意行為以及正常行為的特性,並結合機器學習的方法-支持向量機,從現有的資料中分別學習獲得在惡意行為及正常行為上的分類模型。為了提高準確度,我們修改了支持向量機的預測方法以及結合兩種不同的行為模型,能夠更加有效的達到提高偵測率的效果。由於採用機器學習為基礎的模型,有別於一般假設條件之模型,能夠於未知的應用程式甚至未知之惡意攻擊手法偵測上有較好的偵測效果。透過本篇論文,我們設計並討論了不同的結合兩種模型之方法並比較其偵測效果之差異。此外,本論文提出之偵測方法亦被設計為能夠只將具有明顯特徵之應用程式標示出之分類器,並計算標記之效果,期望能增加機器學習預測方法之實用性。實驗結果指出本論文提出之系統在辨識未知的應用程式可達到96.69%之正確率且誤報率為2.5%,另一方面,我們在未知的應用程式資料中,標示了79.4%的資料,在這些標記的資料中可達到避免錯誤分類的發生之效果。

關鍵字

惡意軟體 靜態分析 分類

並列摘要

Malware analysis on the Android platform has been an important issue as the platform is prevalent. We proposed a detection approach based on a static analysis and machine learning techniques to obtain a considerably accurate Android malware classifier. By conducting SVM classifications on two different feature sets, malicious-preferred features and normal-preferred features, we built a hybrid-model classifier to improve the detection accuracy. With the consideration of normal behavior features, the ability of detecting unknown malwares can be improved. Our experiment shows that the accuracy is as high as 96.69% in predicting unknown applications. Further, the proposed approach can be applied to make confident decisions on labeling unknown applications. In our experiments, the proposed hybrid model classifier can label 79.4% applications without false positive and false negative occurred in the labeling process.

並列關鍵字

Android Malware detection static analysis classification

參考文獻

[2] H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru and I. Molloy, "Using Probabilistic Generative Models for Ranking Risks of Android Apps," in CCS, 2012.
[3] N. Peiravian and X. Zhu, "Machine Learning for Android Malware Detection Using Permission and API Calls," in International Conference on Tools with Artificial Intelligence, 2013.
[4] W. Shin, S. Kiyomoto, K. Fukushima and T. Tanaka, "Towards Formal Analysis of the Permission-Based Security Model for Android," in International Conference on Wireless and Mobile Communications, 2009.
[5] W. Shin, S. Kiyomoto, K. Fukushima and T. Tanaka, "A Formal Model to Analyze the Permission Authorization and Enforcement in the Android Framework," in Second International Conference on Social Computing, 2010.
[7] Y. Aafer, W. Du and H. Yin, "DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android," in SECURECOMM, 2013.

延伸閱讀

全文下載