跳到主要內容

臺灣博碩士論文加值系統

(18.204.48.64) 您好!臺灣時間:2021/08/03 11:56
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:黃獻德
研究生(外文):Hsien-DeHuang
論文名稱:基於深度學習的網路威脅異常分析
論文名稱(外文):Deep learning based anomaly analysis in cyber threats
指導教授:高宏宇高宏宇引用關係
指導教授(外文):Hung-Yu Kao
學位類別:博士
校院名稱:國立成功大學
系所名稱:資訊工程學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2019
畢業學年度:107
語文別:英文
論文頁數:65
中文關鍵詞:深度學習Android惡意程式分析情感分析社群輿情分析推薦系統
外文關鍵詞:Deep LearningAndroid Malware AnalysisSentiment AnalysisSocial Opinion AnalysisPop-ups Recommendation
相關次數:
  • 被引用被引用:2
  • 點閱點閱:132
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:1
在網路的世界,近年來,有幾個現象值得關注。其一是有關智慧型手機以及App的使用,智慧型手機已是人們日常生活中不可或缺的東西,而Android 因為其開放性而成為最受歡迎的智慧型手機作業系統,然而,卻也因其開放性,造成惡意軟件非常容易傳播並感染Android設備。Android 應用程式(app)的推送通知是維護使用者和app關係的強大工具,但我們不能忽略Android的安全以及通知欄彈窗造成擾人效果等問題。其二是,加密貨幣所形成的經濟問題,社群網站上充斥了非常多的加密貨幣相關資訊,其背後所造成的風險和欺詐行為已陸續引起包括美國、韓國和中國在等國家發佈警告並制定了相對應之法規,然而尚無一套有系統的方法可以協助判斷風險與詐欺。為因應以上兩個現象,本研究提出基於深度學習在圖形識別和自然語言處理的網路威脅異常分析方法,偵測惡意行為與詐欺,分別應用於社會輿論情感分析、Android惡意程式偵測以及通知欄彈窗推薦系統三個面向。

我們首先從Facebook、Twitter及Telegram上搜集用戶的評論,然後輸入整合sequence dependency和local features的Long Short Term Memory(LSTM)和Convolutional Neural Network (CNN) 做為情感分析模型來進行訓練,並藉由softmax 和tanh 各自輸出[-1, 1] 等兩種情緒,其中-1表示負面情緒,反之亦然。另一方面,針對Android 安全的問題,在效能優先且不進行特徵預處理的狀況下,我們提出了藉由顏色以及rgb 色碼將Android 的dalvik 核心classes.dex的bytecode 轉譯成彩色圖片,再透過Inception-v3 模型做遷移學習(transfer learning),並輸出其偵測是否為惡意程式的結果。最後,為了提高app 端廣告的點擊率和使用者留存率,我們透過Deep Neural Network(DNN),開發了藉由分析用戶行為的通知欄彈窗推薦系統。

為進行驗證,我們與台灣雪豹科技(獵豹移動總代理)合作,搜集實際的數據並將我們的方法部署於合作夥伴的核心產品上,包含Security Master、RatingToken 和Coin Master 等核心產品。實驗證明本研究可有效降低社群網站的網路欺詐和Android惡意程式感染的風險,且能準確地了解用戶點擊推送通知/彈出窗口的偏好和頻率,減少對用戶的麻煩。
In the world of the Internet, in recent years, there have been several phenomena worthy of attention. One is the use of smart phones and Android applications (apps). Smart phones are an indispensable part of people's daily lives, and Android has become the most popular smart phone operating system because of its openness. However, its openness makes malware very easy to spread and infect Android devices. Pop-ups for Android apps are a powerful tool for maintaining user and app relationships, but we can't ignore the security of Android and the nuisance caused by pop-ups in the notification bar. Second, the economic problems resulting in huge losses for victims and the economy caused by cryptocurrencies are serious. The social network websites are flooded with a lot of cryptocurrency related information, and the risks and frauds behind it have caused warnings in countries including the United States, South Korea, and China. Corresponding regulations have been formulated, but there is no systematic way to help judge risks and fraud. In order to cope with the above two phenomena, in this study, we propose a deep learning based anomaly analysis for cyber threats, using deep learning in image recognition and natural language processing to detect Android malicious behavior and fraud on the social network websites. We applied the method to Sentiment Analysis, Android Malware Detection, and Pop-ups Recommendation.

We first collect user comments from the Facebook, Twitter, and Telegram. Then input the data into the sentiment analysis model built by the Long Short-Term Memory Network (LSTM) + Convolutional Neural Network (CNN) that integrates the sequence dependency and local features to train the model, using activation functions (softmax and tanh) to output [-1, 1] as emotions, where -1 means negative emotions and vice versa. On the other hand, for the security problem of Android, in the case of taking performance as a priority without feature engineering, we propose to translate the bytecode of Android's Dalvik core classes.dex into color images by color and RGB color code. Then, using Inception-v3 model does Transfer Learning and outputs the results of its detection of malware. Finally, in order to improve the click-through rate and user retention rate of app-side ads, we developed a pop-up recommendation system for analyzing user behavior through the Deep Neural Network (DNN).

For validation, we partnered with Leopard Mobile Inc. (Cheetah Mobile Taiwan Agency) to collect real data and deploy our approach to our partners' core products, including core products such as Security Master, Clean Master, RatingToken and Coin Master. The experiment proves that our research can effectively reduce the risk of online fraud on social network sites, Android malware infection, and can accurately understand the preference and frequency of users clicking push notifications/pop-ups, reducing the trouble for users.
摘要. . . . . . . . . . . . . .. . . . . . . . . . . . . . i
Abstract . . . . . . . . . . . . . .. . . . . . . . . . . ii
致謝. . . . . . . . . . . . . .. . . . . . . . . . . . . . iv
Table of Contents . . . . . . . . . . . . . .. . . . . . . v
List of Tables . . . . . . . . . . . . . .. . . . . . . . vi
List of Figures . . . . . . . . . . . . . .. . . . . . . vii
Chapter 1. Introduction . . . . . . . . . . . . . .. . . . 1
1.1 Sentiment Analysis . . . . . . . . . . . . . . . . . 3
1.2 Android Malware Detection . . . . . . . . . . . . . . 4
1.3 Pop-ups Recommendation . . . . . . . . . . . . . . . 7
Chapter 2. Related Work . . . . . . . . . . . . . . . . . 10
2.1 Deep Learning . . . . . . . . . . . . . . . . . . . . 10
2.2 Sentiment Analysis . . . . . . . . . . . . . . . . . 11
2.3 Android Malware Analysis . . . . . . . . . . . . . . 12
2.3.1. The Background of Android Malware Analysis . . . . 12
2.3.2. Machine Learning-based Malware Detection . . . . . 14
2.3.3. Deep Learning-based Malware Detection . . . . . . 16
2.4 Recommendation System . . . . . . . . . . . . . . . . 18
Chapter 3. Sentiment Analysis . . . . . . . . . . . . . . 21
3.1 Our Proposed Methodology: SOC . . . . . . . . . . . .21
3.2 Experimental Results and Discussion . . . . . . . . . 25
Chapter 4. Android Malware and Smart Contract Detection . 32
4.1 Our Proposed Mechanism: R2-D2 . . . . . . . . . . . . 32
4.2 Experimental Results and Discussion . . . . . . . . . 39
Chapter 5. Pop-ups Recommendation . . . . . . . . . . . . 46
5.1 Our Proposed System: C-3PO . . . . . . . . . . . . . .46
5.2 Experimental Results and Discussion . . . . . . . . . 49
Chapter 6. Conclusion. . . . . . . . . . . . . .. . . . . 54
References . . . . . . . . . . . . . .. . . . . . . . . . 58
[1] S. Nakamoto, Bitcoin: A peer-to-peer electronic cash system, 2008. [Online]. Available: http://bitcoin.org/bitcoin.pdf. [Accessed: 15-Jan-2019].
[2] X. Li, P. Jiang, T. Chen, X. Luo, and Q. Wen, A survey on the security of blockchain systems, Future Generation Computer Systems, 2017.
[3] V. Buterin, “Ethereum: A Next-Generation Cryptocurrency and Decentralized Application Platform,Bitcoin Magazine, 24-Jan-2014. [Online]. Available: https://bitcoinmagazine.com/articles/ethereum-next-generation-cryptocurrencydecentralized-application-platform-1390528211/. [Accessed: 15-Jan-2019].
[4] S. Cohney, D. Hoffman, J. Sklaroff and D. Wishnick, Coin-Operated Capitalism, Columbia Law Review, Forthcoming; U of Penn, Inst for Law & Econ Research Paper No. 18-37.
[5] International Data Corporation (IDC), Smartphone OS Market Share 2016 Q3, 2016, [Online]. Available: https://www.idc.com/prodserv/smartphone-os-market-share.jsp. [Accessed: 15-Jan-2019].
[6] The AV-TEST Institute, (2016) Security Report 2015/16, 2016, [Online]. Available: https://www.av-test.org/fileadmin/pdf/security_report/AVTEST_
Security_Report_2015-2016.pdf. [Accessed: 15-Jan-2019].
[7] Cheetah Mobile (CMCM), (2017), Mobile Security Report for the First Half of 2017, 2017, [Online]. Available: http://www.cmcm.com/blog/en/security/2017-08-
09/1090.html. [Accessed: 15-Jan-2019].
[8] Trend Micro, Continued Rise in Mobile Threats for 2016, 2015, [Online]. Available: http://blog.trendmicro.com/continued-rise-in-mobile-threats-for-2016/. [Accessed: 15-Jan-2019].
[9] D. Silver, A. Huang, C. J. Maddison, A. Guez, L. Sifre, G. Van Den Driessche, et al., Mastering the game of Go with deep neural networks and tree search, Nature, vol. 529, pp. 484-489, 2016.
[10] M. Abadi, P. Barham, J. Chen, Z. Chen, A. Davis, J. Dean, et al., TensorFlow: a system for large-scale machine learning, in Proceedings of the 12th USENIX conference on Operating Systems Design and Implementation, Savannah, GA, USA, 2016.
[11] Y. LeCun, Y. Bengio, and G. Hinton, Deep learning, Nature, vol. 521, pp. 436-444, 2015.
[12] I. Goodfellow, Y. Bengio and A. Courville, Deep learning, MIT Press Cambridge, 2016.
[13] A. Krizhevsky, I. Sutskever, and G. E. Hinton, ImageNet Classification with Deep Convolutional Neural Networks, in Proceedings of the Advances in Neural Information Processing Systems 25 (NIPS), Harrahs and Harveys, Lake Tahoe, 2012, pp. 1097-1105.
[14] A. Z. K. Simonyan, Very Deep Convolutional Networks for Large-Scale Image Recognition, in International Conference on Learning Representations (ICLR), San Diego, CA, USA, 2015.
[15] C. Szegedy, V. Vanhoucke, S. Ioffe, J. Shlens and Z. Wojna, Rethinking the Inception Architecture for Computer Vision, in Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Las Vegas, NV, USA, 2016, pp. 2818-2826.
[16] K. He, X. Zhang, S. Ren and J. Sun, Deep Residual Learning for Image Recognition, in Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Las Vegas, NV, USA, 2016, pp. 770-778.
[17] J. Wang, L.-C. Yu, K. R. Lai, and X. Zhang, Dimensional Sentiment Analysis Using a Regional CNN-LSTM Model, in Proceedings of the Annual Meeting of the Association for Computational Linguistics (ACL) (Volume 2: Short Papers), Berlin, Germany, 2016, pp. 225-230.
[18] X. Wang, Y. Liu, C. Sun, B. Wang, and X. Wang, Predicting Polarities of Tweets by Composing Word Embeddings with Long Short-Term Memory, in Proceedings of the Annual Meeting of the Association for Computational Linguistics (ACL) and the 7th International Joint Conference on Natural Language Processing (Volume 1: Long Papers), Beijing, China, 2015, pp. 1343-1353.
[19] C. Guggilla, T. Miller, and I. Gurevych, CNN- and LSTM-based Claim Classification in Online User Comments, in Proceedings of the International Conference on Computational Linguistics (COLING), Osaka, Japan, 2016, pp. 2740-2751.
[20] Y. Kim, Convolutional Neural Networks for Sentence Classification, in Proceedings of the Conference on Empirical Methods in Natural Language Processing (EMNLP), Doha, Qatar, 2014, pp. 1746-1751.
[21] F. Carcillo, Y. A. L. Borgne, O. Caelen, and G. Bontempi, An Assessment of Streaming Active Learning Strategies for Real-Life Credit Card Fraud Detection, in Proceedings of the IEEE International Conference on Data Science and Advanced Analytics (DSAA), Tokyo, Japan, 2017, pp. 631-639.
[22] S. Wang, C. Liu, X. Gao, H. Qu, and W. Xu, Session-Based Fraud Detection in Online E-Commerce Transactions Using Recurrent Neural Networks, in Joint European Conference on Machine Learning and Knowledge Discovery in Databases, Skopje, Macedonia, 2017, pp. 241-252.
[23] K. Toyoda, T. Ohtsuki and P. T. Mathiopoulos, Identification of High Yielding Investment Programs in Bitcoin via Transactions Pattern Analysis, in Proceedings of the IEEE Global Communications Conference (GLOBECOM), Singapore, 2017, pp. 1-6.
[24] S. Bian, Z. Deng, F. Li, W. Monroe, P. Shi, Z. Sun, et al., IcoRating: A Deep-Learning System for Scam ICO Identification, arXiv preprint arXiv:1803.03670, 2018.
[25] T. Vidas and N. Christin, Evading Android Runtime Analysis via Sandbox Detection, in Proceedings of the ACM symposium on Information, Computer and Communications Security (ASIA CCS), Kyoto, Japan, 2014, pp. 447-458.
[26] V. Rastogi, C. Yan, and J. Xuxian, Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks, IEEE Transactions on Information Forensics and Security, vol. 9, pp. 99-108, 2014.
[27] V. Rastogi, Y. Chen, and X. Jiang, DroidChameleon: evaluating Android anti-malware against transformation attacks, in Proceedings of the ACM symposium on Information, computer and communications security (SIGSAC), Hangzhou, China, 2013, pp. 329-334.
[28] C. Yang, Z. Xu, G. Gu, V. Yegneswaran, and P. Porras, DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications, in Proceedings of the European Symposium on Research in Computer Security (ESORICS), Wroclaw, Poland, 2014, pp. 163-182.
[29] C. Lei, C. S. Gates, S. Luo, and L. Ninghui, A Probabilistic Discriminative Model for Android Malware Detection with Decompiled Source Code, IEEE Transactions on Dependable and Secure Computing, vol. 12, pp. 400-412, 2015.
[30] W. Hardy, L. Chen, S. Hou, Y. Ye, and X. Li. DL4MD: A Deep Learning Framework for Intelligent Malware Detection, in Proceedings of the International Conference on Data Mining (DMIN), Las Vegas, NV, USA, 2016.
[31] J. Saxe and K. Berlin, Deep neural network based malware detection using two dimensional binary program features, in Proceedings of the International Conference on Malicious and Unwanted Software (MALWARE), Fajardo, PR, USA, 2015, pp. 11-20.
[32] Z. Yuan, Y. Lu, Z. Wang, and Y. Xue, Droid-Sec: deep learning in android malware detection, in Proceedings of the ACM conference on SIGCOMM, Chicago, Illinois, USA, 2014, pp. 371-372
[33] T. Abou-Assaleh, N. Cercone, V. Keselj and R. Sweidan, N-gram-based detection of new malicious code, in Proceedings of the Annual International Computer Software and Applications Conference (COMPSAC), Hong Kong, 2004, pp. 41-42 vol.2.
[34] D. K. S. Reddy and A. K. Pujari, N-gram analysis for computer virus detection, Journal in Computer Virology, vol. 2, pp. 231-239, 2006.
[35] R. Moskovitch, C. Feher, N. Tzachar, E. Berger, M. Gitelman, S. Dolev, et al., Unknown Malcode Detection Using OPCODE Representation, in Proceedings of the Intelligence and Security Informatics, Berlin, Heidelberg, 2008, pp. 204-215.
[36] L. Nataraj, S. Karthikeyan, G. Jacob, and B. S. Manjunath, Malware images: visualization and automatic classification, in Proceedings of the International Symposium on Visualization for Cyber Security (VizSec), Pittsburgh, Pennsylvania, USA, 2011.
[37] X. Zhang, J. Zhao, and Y. LeCun, Character-level convolutional networks for text classification, in Proceedings of the International Conference on Neural Information Processing Systems (NIPS), Montreal, Canada, 2015, pp. 649-657.
[38] N. McLaughlin, J. M. d. Rincon, B. Kang, S. Yerima, P. Miller, S. Sezer, et al., Deep Android Malware Detection, in Proceedings of the ACM on Conference on Data and Application Security and Privacy (CODASPY), Scottsdale, Arizona, USA, 2017, pp. 301-308.
[39] Bob Pan, Inside of APK Protectors, RSA Conference 2015, [Online] Available: https://www.rsaconference.com/writable/presentations/file_upload/spor09_
inside_of_apk_protectors.pdf. [Accessed: 15-Jan-2019].
[40] Caleb Fenton and Tim Strazzere, Dex Education: Practicing Safe Dex, Black Hat USA 2012, [Online] Available: https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Strazzere. [Accessed: 15-Jan-2019].
[41] Tim Strazzere and Jon Sawyer, Android Hacker Protection Level 0, Defcon 22, [Online] Available: https://www.defcon.org/images/defcon-22/dc-22-
presentations/Strazzere-Sawyer/DEFCON-22-Strazzere-and-Sawyer-Android-Hacker-Protection-Level-UPDATED.pdf. [Accessed: 15-Jan-2019].
[42] R. Pan, Y. Zhou, B. Cao, N. N. Liu, R. Lukose, M. Scholz, et al., One-class collaborative filtering, in Proceedings of the IEEE International Conference on Data Mining (ICDM), Pisa, Italy, 2008, pp. 502-511.
[43] Y. Koren, R. Bell and C. Volinsky, Matrix Factorization Techniques for Recommender Systems, Computer, vol. 42, no. 8, pp. 30-37, 2009.
[44] K. Verstrepen and B. Goethals, Unifying nearest neighbors collaborative filtering, in Proceedings of the ACM Conference on Recommender Systems (RecSys), New York, NY, USA, 2014, pp. 177–184.
[45] F. Aiolli. Efficient top-n recommendation for very large scale binary rated datasets, in Proceedings of the ACM Conference on Recommender Systems (RecSys), New York, NY, USA, 2013, pp. 273–280.
[46] R. Salakhutdinov, A. Mnih, G. E. Hinton, Restricted Boltzmann machines for collaborative filtering, in Proceedings of the International Conference on Machine Learning (ICML), Corvallis, Oregon, USA, 2007, pp. 791-798.
[47] Y. Zheng, B. Tang, W. Ding, and H. Zhou, A neural autoregressive approach to collaborative filtering, in Proceedings of the International Conference on International Conference on Machine Learning (ICML), New York, NY, USA, 2016, pp. 764-773.
[48] Y. Wu, C. DuBois, A. X. Zheng, and M. Ester, Collaborative Denoising Auto-Encoders for Top-N Recommender Systems, in Proceedings of the ACM International Conference on Web Search and Data Mining (WSDM), San Francisco, California, USA, 2016, pp. 153-162.
[49] H. Wang, N. Wang, and D.-Y. Yeung, Collaborative Deep Learning for Recommender Systems, in Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD), Sydney, NSW, Australia, 2015, pp. 1235-1244.
[50] Aäron Van Den Oord, S. Dieleman, and B. Schrauwen, Deep content-based music recommendation, in Proceedings of the International Conference on Neural Information Processing Systems (NIPS), Vol. 2, Lake Tahoe, Nevada, 2013, pp. 2643-2651.
[51] X. Wang and Y. Wang, Improving Content-based and Hybrid Music Recommendation using Deep Learning, in Proceedings of the ACM international conference on Multimedia, Orlando, Florida, USA, 2014, pp. 627-636.
[52] P. Covington, J. Adams, and E. Sargin, Deep Neural Networks for YouTube Recommendations, in Proceedings of the ACM Conference on Recommender Systems (Rec-Sys), Boston, Massachusetts, USA, 2016, pp. 191-198.
[53] H.-T. Cheng, L. Koc, J. Harmsen, T. Shaked, T. Chandra, H. Aradhye, et al., Wide & Deep Learning for Recommender Systems, in Proceedings of the Workshop on Deep Learning for Recommender Systems, Boston, MA, USA, 2016, pp. 7-10.
[54] J. Pennington, R. Socher, and C. Manning, Glove: Global Vectors for Word Representation, in Proceedings of the Conference on Empirical Methods in Natural Language Processing (EMNLP), Doha, Qatar, 2014, pp. 1532-1543.
[55] S. Hochreiter and J. Schmidhuber, Long short-term memory, Neural computation, vol. 9, pp. 1735-1780, 1997.
[56] G. Klambauer, T. Unterthiner, A. Mayr, and S. Hochreiter, Self-normalizing neural networks, in Proceedings of the Advances in Neural Information Processing Systems (NIPS), Long Beach, CA, USA, 2017, pp. 971-980.
[57] D. Kinga and J. B. Adam, A method for stochastic optimization, in International Conference on Learning Representations (ICLR), San Diego, CA, 2015.
[58] A. Go, R. Bhayani, and L. Huang, Twitter sentiment classification using distant supervision, CS224N Project Report, Stanford, vol. 1, 2009.
[59] A. Esuli and F. Sebastiani, SENTIWORDNET: A Publicly Available Lexical Resource for Opinion Mining, in Proceedings of the International Conference on Language Resources and Evaluation (LREC), Genoa, Italy, 2006.
[60] M. Lin, C. Qiang, and Y. Shuicheng, Network In Network, in International Conference on Learning Representations (ICLR), Banff, Canada, 2014.
[61] TonTon H.-D. Huang, New Mindset for Malware Battlefield: Bytecode Analysis and Physical Machine-based for Android, HITCON CMT, Taipei, Taiwan, 2015.
[62] TonTon H.-D. Huang, Chia-Mu Yu, and Hung-Yu Kao, R2-D2: Color-Inspired Convolutional Neural Network (CNN)-based Android Malware Detection, OWASP AppSec
USA, Orlando, Florida, 2017.
[63] TonTon H.-D. Huang, Chia-Mu Yu, and Hung-Yu Kao, Look! Ransomware is there: Large Scale Ransomware Detection with Naked Eye, Ruxcon Security Conference,
Melbourne, Australia, 2017.
[64] TonTon H.-D. Huang, Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks, AI Village, Defcon 26, Las Vegas, Nevada, 2018.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top