(3.236.6.6) 您好!臺灣時間:2021/04/22 19:26
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:曾博彥
研究生(外文):Po-Yen Tseng
論文名稱:基於系統呼叫序列與注意力LSTM模型偵測Android惡意軟體之研究
論文名稱(外文):Android Malware Analysis Based on System Call sequences and Attention-LSTM
指導教授:陳奕明陳奕明引用關係
指導教授(外文):Yi-Ming Chen
學位類別:碩士
校院名稱:國立中央大學
系所名稱:資訊管理學系
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2019
畢業學年度:107
語文別:中文
論文頁數:61
中文關鍵詞:深度學習注意力LSTMAndroid惡意程式分類系統呼叫序列
外文關鍵詞:Deep LearningAttention-LSTMAndroidMalware ClassificationSystem Call Sequence
相關次數:
  • 被引用被引用:1
  • 點閱點閱:73
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
行動裝置的普及與Android作業系統的開放性,使得層出不窮的惡意軟體嚴重影響使用者資訊安全,面對變化多端的攻擊手法與躲避偵測方法,如何更準確的偵測出惡意軟體並加以防護已成為重要議題。雖然目前已有研究提出透過分析應用程式實際執行過程,能有效避免程式碼混淆等躲避偵測問題。但是面對此方法所提取的序列型特徵,如何更詳細地得知特徵之間的關聯性,藉以提升分類模型的分辨準確率,為許多研究所努力的方向。基於應用程式執行過程所呼叫的系統呼叫序列(System Call Sequence),具有可以真實呈現應用程式實際執行為的特性。本研究提取系統呼叫序列作為特徵,並透過長短期記憶(Long Short-Term Memory, LSTM)深度學習模型架構提取系統呼叫前後相互關聯。然而,為了避免隨著系統調用序列的長度增長,降低模型分類準確率,於分類模型中加入注意力機制(Attention),透過計算LSTM神經元的短期記憶專注分數並加權平均於分類決策演算法中,達到增強分類不同惡意攻擊類型的判斷能力。經實驗結果證實,通過兩層的雙向LSTM架構並加入Attention機制的深度神經網路,在分類良性與惡意程式的分辨能力達93.5%,而在詳細分類良性程式與另外兩種惡意種類程式的分類結果則具有93.1%的準確率,展現優良的分類能力。
With the popularity of Android mobile devices, detecting and protecting malicious software has become an important issue. Although there have been studies proposed that dynamic analysis can overcome the shortcomings of avoidance detection problems such as code obfuscated. However, how to learn more detail of correlation between the sequence-type features extracted by dynamic analysis to improve the resolution accuracy of the classification model is the direction of many research efforts. This study extracts the system call sequence as a feature, and extracts the system call correlation through the Long Short-Term Memory (LSTM) deep learning model. In addition, in order to avoid the increase of the length of the system call sequence and reduce the accuracy of the model classification, the attention mechanism is added to the classification model. The experimental results show that through the two-layer of Bi- LSTM architecture and the deep neural network of the Attention mechanism, the resolution of benign and malicious programs is 93.5%, and the classification of benign programs and two other malicious types is detailed. The result is an accuracy of 93.1%, showing excellent classification ability.
論文摘要 i
Abstract ii
誌謝 ii
目錄 iii
圖目錄 v
表目錄 viii
第1章 緒論 1
1-1研究背景 1
1-2研究動機與目的 4
1-3研究貢獻 7
1-4章節架構 8
第2章 相關文獻 9
2-1系統呼叫序列提取方式 9
2-2處理序列型特徵之深度學習模型 10
2-2-1 遞歸神經網路 10
2-2-2 長短期記憶 11
2-2-3 雙向遞歸神經網路 12
2-2-3 注意力機制 13
2-3 以Android系統呼叫序列為特徵之分類方法 16
2-3-1 採用傳統機器學習偵測 16
2-3-2 採用深度學習之偵測 17
2-4 小結 20
第3章 系統設計 23
3-1系統架構 23
3-1-1動態特徵蒐集模組(DFCM) 24
3-1-2樣本/特徵資料庫(Samples/Features Database) 26
3-1-3分類模型訓練器(Model Trainer) 27
3-1-4分類模型資料庫(Model Database) 30
3-1-5分類模組(Deep Learning Classifier Module) 31
3-2系統流程 31
第4章 實驗與討論 32
4-1實驗環境 32
4-2 : 實驗樣本與評估方式 33
4-3實驗一 : 動態特徵蒐集模組功能驗證 33
4-3-1 實驗目的 33
4-3-2 實驗方法 34
4-3-3 實驗結果 34
4-4實驗二 :系統呼叫序列輸入長度評估 35
4-4-1 實驗目的 35
4-4-2 實驗方法 35
4-4-3 實驗結果 36
4-5實驗三 : bi-LSTM神經網路參數評估 37
4-5-1 實驗目的 37
4-5-2 實驗方法 37
4-5-3 實驗結果 37
4-6實驗四 : 注意力機制參數評估 38
4-6-1 實驗目的 38
4-6-2 實驗方法 38
4-6-3 實驗結果 38
-4-7實驗五 :相關深度神經網路模型辨識能力比對 39
4-7-1 實驗目的 39
4-7-2 實驗方法 39
4-7-3 實驗結果 39
4-8 結果與討論 41
第五章 結論與未來研究 43
5-1研究結論 43
5-2未來研究 44
參考文獻 46
[參考網站]
[1] anzhi. (2019). 安智市場. Available: http://dev.anzhi.com/
[2] Apple. (2019). App Store. Available: https://www.apple.com/tw/ios/app-store/
[3] DATA, G. (2018). Cyber attacks on Android devices on the rise. Available: https://www.gdatasoftware.com/blog/2018/11/31255-cyber-attacks-on-android-devices-on-the-rise
[4] Google. (2019). Google Play. Available: https://play.google.com/store?hl=zh-TW
[5] imdb. (2019). IMDB Dataset. Available: https://www.imdb.com/
[6] INRIA. (2019). scikit-learn Machine Learning in Python. Available: https://scikit-learn.org/stable/
[7] Lab, A. C. S. (2019). Android Malware Dataset. Available: http://amd.arguslab.org/
[8] Sheridan, K. Kaspersky Security Bulletin 2018. Story of the year: miners. Available: https://www.darkreading.com/threat-intelligence/backdoors-up-44--ransomware-up-43--from-2017/d/d-id/1333399
[9] StatCounter. (2019). Desktop vs Mobile vs Tablet Market Share Worldwide. Available: http://gs.statcounter.com/platform-market-share/desktop-mobile-tablet
[10] StatCounter. (2019). Mobile Operating System Market Share Worldwide. Available: http://gs.statcounter.com/os-market-share/mobile/worldwide/2019
[11] sureshmca. (2014). Android and Java Programming. Available: http://www.onsandroid.com/2014/10/in-depth-android-boot-sequence-process.html
[12] zhushou360. (2019). 360手机助手. Available: https://zhushou.360.cn/

[中文文獻]
[13] 胡哲君, "去可識別個人資訊後之 Android惡意程式動態分析研究," 碩士論文, 資訊管理學系, 國立中央大學, 2017.
[14] 熊永菁, "結合靜態權限及動態封包分析以提升Android惡意程式偵測效能之研究," 碩士論文, 資訊管理學系, 國立中央大學, 2018.
[英文文獻]
[15] Alshahrani, H., Mansourt, H., Thorn, S., Alshehri, A., Alzahrani, A., and Fu, H., "DDefender: Android application threat detection using static and dynamic analysis," in 2018 IEEE International Conference on Consumer Electronics (ICCE), 2018, pp. 1-6: IEEE.
[16] Bahdanau, D., Cho, K., and Bengio, Y., "Neural machine translation by jointly learning to align and translate," International Conference on Learning Representations, 2015.
[17] Bengio, Y., "Learning deep architectures for AI," Foundations and trends® in Machine Learning, vol. 2, no. 1, pp. 1-127, 2009.
[18] Chau, N.-T. and Jung, S., "Dynamic analysis with Android container: Challenges and opportunities," Digital Investigation, vol. 27, pp. 38-46, 2018.
[19] Chen, Y., Ghorbanzadeh, M., Ma, K., Clancy, C., and McGwier, R., "A hidden markov model detection of malicious android applications at runtime," in 2014 23rd Wireless and Optical Communication Conference (WOCC), 2014, pp. 1-6: IEEE.
[20] Dimjašević, M., Atzeni, S., Ugrina, I., and Rakamaric, Z., "Evaluation of android malware detection based on system calls," in Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics, 2016, pp. 1-8: ACM.
[21] Elman, J. L., "Finding structure in time," Cognitive science, vol. 14, no. 2, pp. 179-211, 1990.
[22] Ghaffari, F., Abadi, M., and Tajoddin, A., "AMD-EC: Anomaly-based Android malware detection using ensemble classifiers," in 2017 Iranian Conference on Electrical Engineering (ICEE), 2017, pp. 2247-2252: IEEE.
[23] Graves, A., Jaitly, N., and Mohamed, A.-r., "Hybrid speech recognition with deep bidirectional LSTM," in 2013 IEEE workshop on automatic speech recognition and understanding, 2013, pp. 273-278: IEEE.
[24] Hasegawa, C. and Iyatomi, H., "One-dimensional convolutional neural networks for Android malware detection," in 2018 IEEE 14th International Colloquium on Signal Processing & Its Applications (CSPA), 2018, pp. 99-102: IEEE.
[25] Hou, S., Saas, A., Chen, L., and Ye, Y., "Deep4maldroid: A deep learning framework for android malware detection based on linux kernel system call graphs," in 2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW), 2016, pp. 104-111: IEEE.
[26] Isohara, T., Takemori, K., and Kubota, A., "Kernel-based behavior analysis for android malware detection," in 2011 Seventh International Conference on Computational Intelligence and Security, 2011, pp. 1011-1015: IEEE.
[27] Kaushik, P. and Yadav, P. K., "A Novel approach for detecting malware in Android applications using Deep learning," in 2018 Eleventh International Conference on Contemporary Computing (IC3), 2018, pp. 1-4: IEEE.
[28] Kolosnjaji, B., Zarras, A., Webster, G., and Eckert, C., "Deep learning for classification of malware system call sequences," in Australasian Joint Conference on Artificial Intelligence, 2016, pp. 137-149: Springer.
[29] Krizhevsky, A., Sutskever, I., and Hinton, G. E., "Imagenet classification with deep convolutional neural networks," in Advances in neural information processing systems, 2012, pp. 1097-1105.
[30] Liang, H., Song, Y., and Xiao, D., "An end-To-end model for Android malware detection," in 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 2017, pp. 140-142: IEEE.
[31] Lin, Y.-D., Lai, Y.-C., Chen, C.-H., Tsai, H.-C. J. c., and security, "Identifying android malicious repackaged applications by thread-grained system call sequences," vol. 39, pp. 340-350, 2013.
[32] Malik, S. and Khatter, K., "System call analysis of android malware families," Indian Journal of Science and Technology, vol. 9, no. 21, 2016.
[33] Mariconti, E., Onwuzurike, L., Andriotis, P., De Cristofaro, E., Ross, G., and Stringhini, G. J. a. p. a., "Mamadroid: Detecting android malware by building markov chains of behavioral models," 2016.
[34] Martinelli, F., Marulli, F., and Mercaldo, F., "Evaluating convolutional neural network for effective mobile malware detection," Procedia computer science, vol. 112, pp. 2372-2381, 2017.
[35] Martín, A., Lara-Cabrera, R., Camacho, D. J. D. S., and Support, K. E. f. S. D., "A new tool for static and dynamic android malware analysis," pp. 509-516, 2018.
[36] Martín, A., Rodríguez-Fernández, V., and Camacho, D., "CANDYMAN: Classifying Android malware families by modelling dynamic traces with Markov chains," Engineering Applications of Artificial Intelligence, vol. 74, pp. 121-133, 2018.
[37] Naway, A. and LI, Y., "A Review on The Use of Deep Learning in Android Malware Detection," International Journal of Computer Science and Mobile Computing, , vol. 7 no. 12, pp. 42-58, 2018.
[38] Reina, A., Fattori, A., and Cavallaro, L., "A system call-centric analysis and stimulation technique to automatically reconstruct android malware behaviors," EuroSec, April, 2013.
[39] Schuster, M. and Paliwal, K. K., "Bidirectional recurrent neural networks," IEEE Transactions on Signal Processing, vol. 45, no. 11, pp. 2673-2681, 1997.
[40] Silver, D. et al., "Mastering the game of go without human knowledge," Nature, vol. 550, no. 7676, p. 354, 2017.
[41] Sundermeyer, M., Schlüter, R., and Ney, H., "LSTM neural networks for language modeling," in Thirteenth annual conference of the international speech communication association, 2012.
[42] Thon, J., "Predictive Identification of Android Malware through Hybrid Analysis," Master's Thesis, Fakultät IV Elektrotechnik und Informatik, Technische Universität, 2018.
[43] Vinayakumar, R., Soman, K., Poornachandran, P., and Sachin Kumar, S., "Detecting Android malware using long short-term memory (LSTM)," Journal of Intelligent & Fuzzy Systems, vol. 34, no. 3, pp. 1277-1288, 2018.
[44] Xiao, X., Wang, Z., Li, Q., Xia, S., and Jiang, Y., "Back-propagation neural network on Markov chains from system call sequences: a new approach for detecting Android malware with system call sequences," IET Information Security, vol. 11, no. 1, pp. 8-15, 2016.
[45] Xiao, X., Zhang, S., Mercaldo, F., Hu, G., and Sangaiah, A. K., "Android malware detection based on system call sequences and LSTM," Multimedia Tools and Applications, vol. 78, no. 4, pp. 3979-3999, 2019.
[46] Zhou, P. et al., "Attention-based bidirectional long short-term memory networks for relation classification," in Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 2: Short Papers), 2016, vol. 2, pp. 207-212.
電子全文 電子全文(網際網路公開日期:20210731)
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔