基於混合神經網絡之惡意程式偵測與分類-以 Android 作業系統為例

Abstract

在現今行動作業系統市場上，Android是目前用戶人數最多的，由於開放且自由的開發環境，任何開發者皆能夠在Android平台上自行開發APK檔，然而，這樣的開放性及自由性也產生巨大的資訊安全風險，許多有心人士基於各種原因將惡意程式潛藏於APK檔中，這樣的惡意程式攻擊造成許多危害，因此，能夠精準且有效率的偵測及分類惡意程式的方法，在資訊安全領域研究上顯得極為重要。

本研究欲提出一能夠精準且有效率的去偵測及分類惡意程式的方法，能夠找到惡意程式與正常程式之間潛藏的關係，並且透過這樣的關係去學習惡意程式的行為模式，最終能夠正確識別及分類惡意程式。

本研究預計使用基於卷積神經網絡架構及基於圖神經網絡架構的混合模型來訓練惡意程式資料，並使用一公開大規模惡意軟體資料集 — MalNet-image tiny進行實驗，針對資料集中的圖像資料格式、多種的惡意程式類型及混合模型使用上，去設計多種可實驗的場景。最終在評估模型及實驗結果方面，在結果表現方面預計與過往相關的研究以及基準實驗結果進行比較。

In today's mobile operating system market, Android has the largest user base. Due to its open and flexible development environment, any developer can develop APK files on the Android platform. However, such openness and flexibility also pose significant information security risks. Malware can be hidden within APK files for various reasons, resulting in various harms. Therefore, it is crucial to have accurate and efficient methods for detecting and classifying malware in the field of information security research.

This study aims to propose a precise and efficient method for detecting and classifying malware by uncovering the hidden relationships between malware and benign. Through these relationships, the study seeks to learn the behavioral patterns of malware and ultimately achieve accurate identification and classification.

This study aims to employ a hybrid model based on convolutional neural network (CNN) and graph neural network (GNN) architectures to train on malware data. The experiment will be conducted using a publicly available large-scale dataset called MalNet, which encompasses a diverse range of malware. The dataset includes various image data formats and covers multiple types of malware, allowing for the design of multiple experimental scenarios incorporating the hybrid model.

Finally, in terms of evaluating the models and experimental results, a comparison will be made with relevant previous studies and benchmark experiments.