跳到主要內容

臺灣博碩士論文加值系統

(44.192.49.72) 您好!臺灣時間:2024/09/11 06:16
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:陳冠宇
研究生(外文):CHEN, KUAN-YU
論文名稱:應用特徵選擇與深度學習方法於惡意軟體檢測
論文名稱(外文):Application of Feature Selection and Deep Learning Methods for Malware Detection
指導教授:張定原張定原引用關係
指導教授(外文):CHANG, THING-YUAN
口試委員:張定原連俊瑋董俊良
口試委員(外文):CHANG, THING-YUANLIAN, JIUNN-WOEITUNG, CHUN-LIANG
口試日期:2024-06-28
學位類別:碩士
校院名稱:國立勤益科技大學
系所名稱:資訊管理系
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2024
畢業學年度:112
語文別:中文
論文頁數:80
中文關鍵詞:惡意軟體檢測深度學習特徵選擇
外文關鍵詞:Malware detectionDeep learningFeature selection
相關次數:
  • 被引用被引用:0
  • 點閱點閱:29
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
隨著資訊科技的發展,帶來網際網路使用頻率的增加,並且成為日常生活的一部分,然而在網路空間中,惡意軟體是一種安全威脅,其目的為影響電腦等設備,並造成負面的影響,使得檢測惡意軟體成為重要課題。
本研究旨在使用深度學習模型於惡意軟體檢測,分別運用深度神經網路(DNN)、循環神經網路(RNN)以及長短期記憶(LSTM)建立檢測模型,並透過混淆矩陣、ROC曲線以及AUC面積等評估指標,以及模型的訓練與測試時間,以比較三種不同的深度學習模型之分類性能與效率。另結合特徵選擇的方法,用於刪除不相關或較不重要的特徵,以較少特徵作為模型的輸入,並比較特徵選擇方法對於模型的影響。
本研究實驗結果顯示,在使用所有特徵的情況下建立模型,DNN、RNN與LSTM皆具有良好的分類性能,達到99%以上的準確率,其中DNN為三種方法之中較佳的模型,在分類性能與時間方面皆優於RNN與LSTM模型。此外,透過特徵選擇方法以減少特徵數量,可以維持模型的分類性能甚至提升準確率,且有效的降低模型訓練及測試時間,其中使用資訊增益過濾的前30特徵建立的DNN模型具有良好的分類性能,為各方法之中最佳的模型。
With the development of information technology, the use of the Internet has increased, and it has become a part of daily life. However, in cyberspace, malware is a security threat. Its purpose is to affect computers or other devices and cause negative impact. So, detecting malware has become an important issue.
This study aims to use deep learning models for malware detection, using deep neural network (DNN), recurrent neural network (RNN) and long short-term memory (LSTM) to build detection models. The classification performance and efficiency of three different deep learning models were compared by evaluation metrics such as confusion matrix, ROC curve and AUC area, and model’s training and testing time. The model also combined with the feature selection method to delete irrelevant or less important features, use fewer features as input to the model, and compare the impact of the feature selection method on the model.
The experimental results show that when all features are used to build a model, DNN, RNN and LSTM all have good classification performance, achieving an accuracy of more than 99%. DNN is the better model among the three methods in classification performance and time cost. In addition, reducing the number of features through feature selection methods, the classification performance of the model can be maintained or even improved, and the time cost of the model can be reduced. The DNN model built by the top 30 features filtered by information gain has good classification performance, this method is the best model among all methods.
摘要 i
Abstract ii
誌謝 iv
目錄 v
圖目錄 viii
表目錄 ix
第一章 緒論 1
1.1 研究背景與動機 1
1.2 研究目的 4
第二章 文獻探討 5
2.1 惡意軟體 5
2.2 惡意軟體檢測方法 7
2.3 深度學習 (Deep learning) 10
2.3.1 深度神經網路 (Deep Neural Network, DNN) 11
2.3.2 循環神經網路 (Recurrent Neural Network, RNN) 13
2.3.3 長短期記憶 (Long Short-Term Memory, LSTM) 15
2.4 特徵選擇 (Feature Selection) 17
第三章 研究方法 20
3.1 研究架構 20
3.2 特徵選擇方法 21
3.2.1 資訊增益 (Information Gain, IG) 21
3.2.2 皮爾森相關分析 (Pearson correlation) 22
3.3 深度學習演算法 23
3.3.1 深度神經網路(DNN)演算法 23
3.3.2 循環神經網路(RNN)演算法 25
3.3.3 長短期記憶(LSTM)演算法 26
3.3.4 激活函數 (Activation function) 28
3.4 模型評估指標 30
3.4.1 混淆矩陣 (Confusion Matrix) 30
3.4.2 ROC曲線與AUC面積 31
第四章 研究結果與分析 33
4.1 實驗環境 33
4.2 實驗資料集來源與特徵 34
4.3 資料預處理 38
4.4 實驗一:三種模型結果比較 40
4.4.1 深度神經網路(DNN)模型 40
4.4.2 循環神經網路(RNN)模型 43
4.4.3 長短期記憶(LSTM)模型 45
4.4.4 實驗結果比較 47
4.5 實驗二:基於過濾法的特徵選擇 49
4.5.1 特徵選擇結合DNN模型比較 57
4.5.2 特徵選擇結合RNN模型比較 59
4.5.3 特徵選擇結合LSTM模型比較 61
4.5.4 實驗結果比較 63
第五章 結論與建議 64
5.1 研究結論 64
5.2 理論與學術貢獻 67
5.3 管理與實務貢獻 68
5.4 研究限制 68
5.5 未來研究與建議 69
參考文獻 70
網路部分 70
英文部分 70

網路部分
Canadian Institute for Cybersecurity. CIC-MalMem-2022 Datasets. Available: https://www.unb.ca/cic/datasets/malmem-2022.html
iThome (2023)。Fortinet 報告:2023 年上半年台灣平均每秒遭攻擊近 1.5 萬次,居亞太之冠。檢索日期:2023年12月19日。取自:https://www.ithome.com.tw/pr/158375
iThome (2024)。鴻海旗下的半導體設備廠京鼎網頁遭到竄改,駭客聲稱竊得該公司5 TB內部資料。檢索日期:2024年1月18日。取自:https://www.ithome.com.tw/news/160856
TechNews科技新報 (2023)。ChatGPT 可快速「量產」超危險惡意軟體,任何人都能發動國家級駭客攻擊。檢索日期:2023年6月19日。取自:https://technews.tw/2023/04/18/ai-created-malware-sends-shockwaves-through-cybersecurity-world/
TechNews科技新報 (2023)。駭客竊取 160GB 資料高價出售,宏碁證實資料外洩(更新)。檢索日期:2023年6月19日。取自:https://technews.tw/2023/03/08/acer-confirms-breach-after-160gb-of-data-for-sale-on-hacking-forum/

英文部分
Abdullah, M. A., Yu, Y., Adu, K., Imrana, Y., Wang, X., & Cai, J. (2023). HCL-Classifier: CNN and LSTM based hybrid malware classifier for Internet of Things (IoT). Future Generation Computer Systems, 142, 41-58.
Ahmed, H. A., Hameed, A., & Bawany, N. Z. (2022). Network intrusion detection using oversampling technique and machine learning algorithms. PeerJ Computer Science, 8, e820.
Akgun, D., Hizal, S., & Cavusoglu, U. (2022). A new DDoS attacks intrusion detection model based on deep learning for cybersecurity. Computers & Security, 118, 102748.
Al-Fawa'reh, M., Al-Fayoumi, M., Nashwan, S., & Fraihat, S. (2022). Cyber threat intelligence using PCA-DNN model to detect abnormal network behavior. Egyptian Informatics Journal, 23(2), 173-185.
Alani, M. M., Mashatan, A., & Miri, A. (2023). XMal: A lightweight memory-based explainable obfuscated-malware detector. Computers & Security, 133, 103409.
Almahmoud, M., Alzu’bi, D., & Yaseen, Q. (2021). ReDroidDet: android malware detection based on recurrent neural network. Procedia Computer Science, 184, 841-846.
Alsaif, S. A. (2023). Machine Learning-Based Ransomware Classification of Bitcoin Transactions. Applied Computational Intelligence and Soft Computing, 2023.
Alshra’a, A. S., Farhat, A., & Seitz, J. (2021). Deep learning algorithms for detecting denial of service attacks in software-defined networks. Procedia Computer Science, 191, 254-263.
Andrade, E. D. O., Viterbo, J., Vasconcelos, C. N., Guérin, J., & Bernardini, F. C. (2019). A model based on LSTM neural networks to identify five different types of malware. Procedia Computer Science, 159, 182-191.
Aydın, H., Orman, Z., & Aydın, M. A. (2022). A long short-term memory (LSTM)-based distributed denial of service (DDoS) detection and defense system design in public cloud network environment. Computers & Security, 118, 102725.
Banaamah, A. M., & Ahmad, I. (2022). Intrusion Detection in IoT Using Deep Learning. Sensors, 22(21), 8417.
Benkerroum, S., & Chougdali, K. (2023, December). Enhancing Forensic Analysis Using a Machine Learning-based Approach. In 2023 6th International Conference on Advanced Communication Technologies and Networking (CommNet) (pp. 1-6). IEEE.
Bhat, P., & Dutta, K. (2022). A multi-tiered feature selection model for android malware detection based on Feature discrimination and Information Gain. Journal of King Saud University-Computer and Information Sciences, 34(10), 9464-9477.
Bojarajulu, B., Tanwar, S., & Singh, T. P. (2023). Intelligent IoT-BOTNET attack detection model with optimized hybrid classification model. Computers & Security, 126, 103064.
Brown, A., Gupta, M., & Abdelsalam, M. (2024). Automated machine learning for deep learning based malware detection. Computers & Security, 137, 103582.
Cai, J., Luo, J., Wang, S., & Yang, S. (2018). Feature selection in machine learning: A new perspective. Neurocomputing, 300, 70-79.
Carrier, T., Victor, P., Tekeoglu, A., & Lashkari, A. H. (2022, February). Detecting Obfuscated Malware using Memory Feature Engineering. In Icissp (pp. 177-188).
Castillo, A., Lineses, A. B., Go, B., Labanan, R., & Octaviano, M. (2022, December). Trojan Malware Detection using ANN, Naïve Bayes and SVM Machine Learning Algorithms. In 2022 2nd International Conference in Information and Computing Research (iCORE) (pp. 72-76). IEEE.
Chen, A., Fu, Y., Zheng, X., & Lu, G. (2022). An efficient network behavior anomaly detection using a hybrid DBN-LSTM network. Computers & Security, 114, 102600.
Chen, Y., Bai, M., Zhang, Y., Liu, J., & Yu, D. (2023). Proactively selection of input variables based on information gain factors for deep learning models in short-term solar irradiance forecasting. Energy, 284, 129261.
Cil, A. E., Yildiz, K., & Buldu, A. (2021). Detection of DDoS attacks with feed forward based deep neural network model. Expert Systems with Applications, 169, 114520.
Dabas, N., & Sharma, P. (2023). MalAnalyser: An effective and efficient Windows malware detection method based on API call sequences. Expert Systems with Applications, 230, 120756.
Dener, M., Ok, G., & Orman, A. (2022). Malware detection using memory analysis data in big data environment. Applied Sciences, 12(17), 8604.
Dey, A. K., Gupta, G. P., & Sahu, S. P. (2023). A metaheuristic-based ensemble feature selection framework for cyber threat detection in IoT-enabled networks. Decision Analytics Journal, 7, 100206.
Diro, A. A., & Chilamkurti, N. (2018). Distributed attack detection scheme using deep learning approach for Internet of Things. Future Generation Computer Systems, 82, 761-768.
Dubey, S. R., Singh, S. K., & Chaudhuri, B. B. (2022). Activation functions in deep learning: A comprehensive survey and benchmark. Neurocomputing.
Dutta, N., Jadav, N., Tanwar, S., Sarma, H. K. D., Pricop, E., Dutta, N., ... & Pricop, E. (2022). Introduction to malware analysis. Cyber Security: Issues and Current Trends, 129-141.
Elmasry, W., Akbulut, A., & Zaim, A. H. (2020). Evolving deep learning architectures for network intrusion detection using a double PSO metaheuristic. Computer Networks, 168, 107042.
Falana, O. J., Sodiya, A. S., Onashoga, S. A., & Badmus, B. S. (2022). Mal-Detect: An intelligent visualization approach for malware detection. Journal of King Saud University-Computer and Information Sciences, 34(5), 1968-1983.
Fawcett, T. (2006). An introduction to ROC analysis. Pattern recognition letters, 27(8), 861-874.
Fiza, S., Kumar, A. K., Devi, V. S., Kumar, C. N., & Kubra, A. (2023). Improved chimp optimization algorithm (ICOA) feature selection and deep neural network framework for internet of things (IOT) based android malware detection. Measurement: Sensors, 100785.
Fu, Z. (2022). Computer network intrusion anomaly detection with recurrent neural network. Mobile Information Systems, 2022.
Gao, X., Hu, C., Shan, C., & Han, W. (2022). MaliCage: A packed malware family classification framework based on DNN and GAN. Journal of Information Security and Applications, 68, 103267.
Gaur, A., Singh, A., Nautiyal, A., Kothari, G., Mishra, P., & Jha, A. (2023, February). DeepHyperv: A deep neural network based virtual memory analysis for malware detection at hypervisor-layer. In 2023 International Conference on Advances in Intelligent Computing and Applications (AICAPS) (pp. 1-6). IEEE.
Gibert, D., Mateu, C., & Planes, J. (2020). The rise of machine learning for detection and classification of malware: Research developments, trends and challenges. Journal of Network and Computer Applications, 153, 102526.
Gopinath, M., & Sethuraman, S. C. (2023). A comprehensive survey on deep learning based malware detection techniques. Computer Science Review, 47, 100529.
Hajisalem, V., & Babaie, S. (2018). A hybrid intrusion detection system based on ABC-AFS algorithm for misuse and anomaly detection. Computer Networks, 136, 37-50.
Hochreiter, S., & Schmidhuber, J. (1997). Long short-term memory. Neural computation, 9(8), 1735-1780.
Imrana, Y., Xiang, Y., Ali, L., & Abdul-Rauf, Z. (2021). A bidirectional LSTM deep learning approach for intrusion detection. Expert Systems with Applications, 185, 115524.
Kasongo, S. M. (2023). A deep learning technique for intrusion detection system using a Recurrent Neural Networks based framework. Computer Communications, 199, 113-125.
Khan, A. R., Yasin, A., Usman, S. M., Hussain, S., Khalid, S., & Ullah, S. S. (2022). Exploring Lightweight Deep Learning Solution for Malware Detection in IoT Constraint Environment. Electronics, 11(24), 4147.
Khan, L. P. (2023, February). Obfuscated Malware Detection Using Artificial Neural Network (ANN). In 2023 Fifth International Conference on Electrical, Computer and Communication Technologies (ICECCT) (pp. 1-5). IEEE.
Kim, J. Y., & Cho, S. B. (2022). Obfuscated malware detection using deep generative model based on global/local features. Computers & Security, 112, 102501.
Kumar, D., Pateriya, R. K., Gupta, R. K., Dehalwar, V., & Sharma, A. (2023). DDoS Detection using Deep Learning. Procedia Computer Science, 218, 2420-2429.
Kumar, P. S., Mishra, I., Shitharth, S., & Tripathi, D. R. (2022, October). Malware Detection Classification using Recurrent Neural Network. In 2022 2nd International Conference on Technological Advancements in Computational Sciences (ICTACS) (pp. 876-880). IEEE.
Lampe, B., & Meng, W. (2023). A survey of deep learning-based intrusion detection in automotive applications. Expert Systems with Applications, 119771.
Landman, T., & Nissim, N. (2021). Deep-Hook: A trusted deep learning-based framework for unknown malware detection and classification in Linux cloud environments. Neural Networks, 144, 648-685.
Liu, X., Lin, Y., Li, H., & Zhang, J. (2020). A novel method for malware detection on ML-based visualization technique. Computers & Security, 89, 101682.
Lopes, I. O., Zou, D., Abdulqadder, I. H., Ruambo, F. A., Yuan, B., & Jin, H. (2022). Effective network intrusion detection via representation learning: A Denoising AutoEncoder approach. Computer Communications, 194, 55-65.
Louk, M. H. L., & Tama, B. A. (2022). Tree-based classifier ensembles for PE malware analysis: A performance revisit. Algorithms, 15(9), 332.
Manavi, F., & Hamzeh, A. (2021, March). Static detection of ransomware using LSTM network and PE header. In 2021 26th International Computer Conference, Computer Society of Iran (CSICC) (pp. 1-5). IEEE.
Maniriho, P., Mahmood, A. N., & Chowdhury, M. J. M. (2022). A study on malicious software behaviour analysis and detection techniques: Taxonomy, current trends and challenges. Future Generation Computer Systems, 130, 1-18.
Maniriho, P., Mahmood, A. N., & Chowdhury, M. J. M. (2023). A systematic literature review on windows malware detection: Techniques, research issues, and future directions. Journal of Systems and Software, 111921.
Maniriho, P., Mahmood, A. N., & Chowdhury, M. J. M. (2023). API-MalDetect: Automated malware detection framework for windows based on API calls and deep learning techniques. Journal of Network and Computer Applications, 218, 103704.
Miranda-García, A., Rego, A. Z., Pastor-López, I., Sanz, B., Tellaeche, A., Gaviria, J., & Bringas, P. G. (2024). Deep learning applications on cybersecurity: A practical approach. Neurocomputing, 563, 126904.
Motylinski, M., MacDermott, Á., Iqbal, F., & Shah, B. (2022). A GPU-based machine learning approach for detection of botnet attacks. Computers & Security, 123, 102918.
Naeem, H., Dong, S., Falana, O. J., & Ullah, F. (2023). Development of a deep stacked ensemble with process based volatile memory forensics for platform independent malware detection and classification. Expert Systems with Applications, 223, 119952.
Naeem, H., Ullah, F., Naeem, M. R., Khalid, S., Vasan, D., Jabbar, S., & Saeed, S. (2020). Malware detection in industrial internet of things based on hybrid image visualization and deep learning model. Ad Hoc Networks, 105, 102154.
Nazir, A., & Khan, R. A. (2021). A novel combinatorial optimization based feature selection method for network intrusion detection. Computers & Security, 102, 102164.
Pooja, T. S., & Shrinivasacharya, P. (2021). Evaluating neural networks using Bi-Directional LSTM for network IDS (intrusion detection systems) in cyber security. Global Transitions Proceedings, 2(2), 448-454.
Prazeres, N., Costa, R. L. D. C., Santos, L., & Rabadão, C. (2023). Engineering the application of machine learning in an IDS based on IoT traffic flow. Intelligent Systems with Applications, 17, 200189.
Qiang, W., Yang, L., & Jin, H. (2022). Efficient and robust malware detection based on control flow traces using deep neural networks. Computers & Security, 102871.
Rahadian, H., Bandong, S., Widyotriatmo, A., & Joelianto, E. (2023). Image encoding selection based on Pearson correlation coefficient for time series anomaly detection. Alexandria Engineering Journal, 82, 304-322.
RM, S. P., Maddikunta, P. K. R., Parimala, M., Koppu, S., Gadekallu, T. R., Chowdhary, C. L., & Alazab, M. (2020). An effective feature engineering for DNN using hybrid PCA-GWO for intrusion detection in IoMT architecture. Computer Communications, 160, 139-149.
Roy, K. S., Ahmed, T., Udas, P. B., Karim, M. E., & Majumdar, S. (2023). MalHyStack: A hybrid stacked ensemble learning framework with feature engineering schemes for obfuscated malware analysis. Intelligent Systems with Applications, 20, 200283.
Shaukat, K., Luo, S., & Varadharajan, V. (2023). A novel deep learning-based approach for malware detection. Engineering Applications of Artificial Intelligence, 122, 106030.
Smmarwar, S. K., Gupta, G. P., & Kumar, S. (2023). AI-empowered malware detection system for industrial internet of things. Computers and Electrical Engineering, 108, 108731.
Song, Y. (2023). Public cloud network intrusion and internet legal supervision based on abnormal feature detection. Computers and Electrical Engineering, 112, 109015.
Sowmya, T., & Anita, E. M. (2023). A comprehensive review of AI based intrusion detection system. Measurement: Sensors, 100827.
Susilo, B., & Sari, R. F. (2020). Intrusion detection in IoT networks using deep learning algorithm. Information, 11(5), 279.
Syed, N. F., Ge, M., & Baig, Z. (2023). Fog-cloud based intrusion detection system using Recurrent Neural Networks and feature selection for IoT networks. Computer Networks, 225, 109662.
Szandała, T. (2021). Review and comparison of commonly used activation functions for deep neural networks. Bio-inspired neurocomputing, 203-224.
Tayyab, U. E. H., Khan, F. B., Durad, M. H., Khan, A., & Lee, Y. S. (2022). A survey of the recent trends in deep learning based malware detection. Journal of Cybersecurity and Privacy, 2(4), 800-829.
Thirimanne, S. P., Jayawardana, L., Yasakethu, L., Liyanaarachchi, P., & Hewage, C. (2022). Deep neural network based real-time intrusion detection system. SN Computer Science, 3(2), 145.
Tian, D., Ying, Q., Jia, X., Ma, R., Hu, C., & Liu, W. (2021). MDCHD: A novel malware detection method in cloud using hardware trace and deep learning. Computer Networks, 198, 108394.
Verma, V., Muttoo, S. K., & Singh, V. B. (2020). Multiclass malware classification via first-and second-order texture statistics. Computers & Security, 97, 101895.
Vinayakumar, R., Alazab, M., Soman, K. P., Poornachandran, P., & Venkatraman, S. (2019). Robust intelligent malware detection using deep learning. IEEE access, 7, 46717-46738.
Vinayakumar, R., & Soman, K. P. (2018). DeepMalNet: evaluating shallow and deep networks for static PE malware detection. ICT express, 4(4), 255-258.
Woo, J. H., Song, J. Y., & Choi, Y. J. (2019, February). Performance enhancement of deep neural network using feature selection and preprocessing for intrusion detection. In 2019 International Conference on Artificial Intelligence in Information and Communication (ICAIIC) (pp. 415-417). IEEE.
Yadav, R., Sreedevi, I., & Gupta, D. (2023). Augmentation in performance and security of WSNs for IoT applications using feature selection and classification techniques. Alexandria Engineering Journal, 65, 461-473.
Yin, C., Zhu, Y., Fei, J., & He, X. (2017). A deep learning approach for intrusion detection using recurrent neural networks. Ieee Access, 5, 21954-21961.
Yin, Y., Jang-Jaccard, J., Xu, W., Singh, A., Zhu, J., Sabrina, F., & Kwak, J. (2023). IGRF-RFE: a hybrid feature selection method for MLP-based network intrusion detection on UNSW-NB15 dataset. Journal of Big Data, 10(1), 1-26.
Zhang, T., Chen, W., Liu, Y., & Wu, L. (2023). An intrusion detection method based on stacked sparse autoencoder and improved gaussian mixture model. Computers & Security, 128, 103144.

電子全文 電子全文(網際網路公開日期:20290717)
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊