隨著Android手機系統日新月異的累積成長,手機軟體運用與人們的生活息息相關密不可分,如日常記帳拍照、網路社群的互動、地圖導航、銀行交易或是股市操作等等。Android在市場中占有極高的市占率,但基於平台開放性的問題,也衍生了許多資安上的問題,許多的惡意程式接連產生。雖然Android手機系統有持續地在資訊安全上加強防護與權限分級,可以讓使用者主動拒絕非必要的權限授予,但是惡意軟體也隨著時間的成長,會誘導使用者給予過高的權限以致隱私資料被竊取或是資料綁架。本研究使用加拿大網路安全研究所所提供的病毒資源庫,使用靜態分析方法分析惡意軟體的權限列表,整理成資料集後利用五種機器學習方法與深度學習方法比較後得出深度學習方法判別率較高,使用其模組來建立惡意軟體的資料庫,並且規劃出一種可行性的行動惡意軟體檢測架構。
With the cumulative growth of the Android mobile phone system, the use of mobile phone software is closely related to people's lives, such as daily accounting, taking pictures, interaction of the Internet community, map navigation, bank transactions, etc. Android has a very high market share in the market. However, due to the openness of the platform, many information security problems have also arisen, and many malware have emerged one after another. The Android mobile phone system has continuously strengthened protection and permission classification on information security, allowing users to actively reject unnecessary permission grants. However, malware also grows over time and will induce users to give too high permissions to cause privacy data was stolen or data kidnapped. This research uses the android malware dataset, namely CICMalDroid 2020, provided by the Canadian Institute of Cybersecurity. This research uses static analysis to analyze the permission list of malware and organize it into a data set as training data. Then, this research establishes a malware detection model through machine learning and deep learning methods, and proposes a feasible mobile malware detection architecture.