基於機器學習之Android惡意程式複合偵測方法

Hsin-Yu Chuang; 莊欣瑜

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/55685

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	王勝德(Sheng-De Wang)
dc.contributor.author	Hsin-Yu Chuang	en
dc.contributor.author	莊欣瑜	zh_TW
dc.date.accessioned	2021-06-16T04:17:14Z	-
dc.date.available	2019-08-25
dc.date.copyright	2014-08-25
dc.date.issued	2014
dc.date.submitted	2014-08-20
dc.identifier.citation	[1] 'Android will shift more than one billion devices in 2014,' [Online]. Available: http://www.theinquirer.net/inquirer/news/2321425/android-will-shift-more-than-one-billion-devices-in-2014. [2] H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru and I. Molloy, 'Using Probabilistic Generative Models for Ranking Risks of Android Apps,' in CCS, 2012. [3] N. Peiravian and X. Zhu, 'Machine Learning for Android Malware Detection Using Permission and API Calls,' in International Conference on Tools with Artificial Intelligence, 2013. [4] W. Shin, S. Kiyomoto, K. Fukushima and T. Tanaka, 'Towards Formal Analysis of the Permission-Based Security Model for Android,' in International Conference on Wireless and Mobile Communications, 2009. [5] W. Shin, S. Kiyomoto, K. Fukushima and T. Tanaka, 'A Formal Model to Analyze the Permission Authorization and Enforcement in the Android Framework,' in Second International Conference on Social Computing, 2010. [6] 'contagiodump,' [Online]. Available: http://contagiominidump.blogspot.tw/. [7] Y. Aafer, W. Du and H. Yin, 'DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android,' in SECURECOMM, 2013. [8] B. Amos, H. Turner and J. White, 'Applying machine learning classiﬁers to dynamicAndroid malware detection at scale,' in Wireless Communications and Mobile Computing Conference, 2013. [9] D. Arp, M. Spreitzenbarth, M. H. ‥. ubner, H. Gascon and K. Rieck, 'DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket,' in Network and Distributed System Security Symposium, 2014. [10] Y. Zhou and X. Jiang, 'Dissecting Android Malware: Characterization and Evolution,' in Security and Privacy , 2012. [11] M. Grace, Y. Zhou, Q. Zhang, S. Zou and X. Jiang, 'RiskRanker: Scalable and Accurate Zero-day Android Malware Detection,' in Mobile systems, applications, and services, 2012. [12] W. Enck, . M. Ongtang and P. McDaniel, 'On Lightweight Mobile Phone Application Certiﬁcation,' in Proc. of ACM conference on Computer and Communications Security, 2009. [13] M. Grace, Y. Zhou, Z. Wang and X. Jiang, 'Systematic Detection of Capability Leaks in Stock Android Smartphones,' in Proc of Network and Distributed System Security Symposium, 2012. [14] L. Lu, Z. Li, Z. Wu, W. Lee and G. Jiang, 'CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities,' in Proc of the 9th ACM CCS, 2002. [15] Y. Zhou, Z. Wang, W. Zhou and X. Jiang, 'Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications,' in In Proc. of Network and Distributed System Security Symposium, 2014. [16] E. Chin, A. . P. Felt, K. Greenwood and D. Wagner, 'Analyzing Inter-Application Communication in Android,' in Proc of 12th International Conference on Mobile Systems, 2011. [17] E. Chin, S. Hanna, D. Song and D. Wagner, 'Android permissions demystified,' in Proceedings of the 18th ACM conference on Computer and communications security, 2011. [18] M. Zheng, M. Sun and J. C. Lui, 'DroidAnalytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware,' in Trust, Security and Privacy in Computing and Communications (TrustCom),, 2013. [19] C. Jarabek, D. Barrera and J. Aycock, 'ThinAV: truly lightweight mobile cloud-based anti-malware,' in Proceedings of the 28th Annual Computer Security Applications Conference, 2012. [20] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel and A. N. Sheth, 'TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones,' in Proceedings of the 9th USENIX conference on Operating systems design and implementation, 2010. [21] Y. Zhou, Z. Wang, W. Zhou and X. Jiang, 'Hey, You, Get Off of My Market: Detecting Malicious Apps in Ofﬁcial and Alternative Android Markets,' in Proceedings of the 19th Network and Distributed System Security Symposium, 2012. [22] M. Nauman, S. Khan and X. Zhang, 'Apex: extending Android permission model and enforcement with user-defined runtime constraints,' in Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, 2010. [23] M. Ongtang, S. McLaughlin, W. Enck and P. McDaniel, 'Semantically Rich Application-Centric Security in Android,' in In Proceedings of the Annual Computer Security Applications Conference, ACSAC, 2009. [24] I. Burguera, . U. Zurutuza and S. Nadjm-Tehrani, 'Crowdroid: Behavior-Based Malware Detection System for Android,' in Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, 2011. [25] G. Dini, F. Martinelli, A. Saracino and D. Sgandurra, 'MADAM: a multi-level anomaly detector for android malware,' in Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security, 2012. [26] R. Xu, H. Saidi and R. Anderson, 'Aurasium: practical policy enforcement for Android applications,' in Proceedings of the 21st USENIX conference on Security symposium, 2012. [27] 'Charlie Miller: 'Difficult to write exploits' for Android 4.1,' [Online]. Available: http://www.zdnet.com/charlie-miller-difficult-to-write-exploits-for-android-4-1-7000001073/. [28] 'Androguard,' [Online]. Available: https://code.google.com/p/androguard/. [29] M. Fauvel and J. Atli, 'A Combined Support Vector Machines Classiﬁcation Based on Decision Fusion,' in Geoscience and Remote Sensing Symposium, 2006. [30] B. Sch‥olkopf , J. C. Platt, J. S.-. Taylor, A. J. Smola and R. C. Williamson, 'Estimating the Support of a High-Dimensional Distribution,' Neural Computation, 2000. [31] 'libsvm,' [Online]. Available: http://www.csie.ntu.edu.tw/~cjlin/libsvm/. [32] 'Downloading Free Apks from Google Play and Alternate markets to your desktop,' [Online]. Available: http://machiry.wordpress.com/2012/10/01/downloading-apks-from-google-play-to-your-desktop/. [33] 'Android penetration rate 2013,' [Online]. Available: http://technews.tw/2013/11/13/idc-2013q3-smartphone-report/. [34] A. A. Abu Samra, K. Yim and O. A. Ghanem, 'Analysis of Clustering Technique in Android Malware Detection,' in International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, 2013. [35] B. Amos, H. Turner and J. White, 'Applying machine learning classifiers to dynamic Android malware detection at scale,' in Wireless Communications and Mobile Computing Conference (IWCMC), 2013. [36] W. Enck, 'Understanding Android Security,' in Security & Privacy, IEEE, 2009. [37] H.-S. Ham and M.-J. Choi, 'Analysis of Android malware detection performance using machine learning classifiers,' in ICT Convergence (ICTC), 2013. [38] J. Sahs and L. Khan, 'A Machine Learning Approach to Android Malware Detection,' in European Intelligence and Security Informatics Conference, 2012. [39] S. Y. Y. Sakir Sezer and I. Muttik, 'A New Android Malware Detection Approach Using Bayesian Classification,' in International Conference on Advanced Information Networking and Applications, 2013. [40] F. D. Cerbo, A. Girardello, F. Michahelles and . S. Voronkova, 'Detection of Malicious Applications on Android OS,' in international conference on Computational, 2011. [41] D.-J. Wu, . C.-H. Mao, T.-E. Wei, H.-M. Lee and . K.-P. Wu, 'DroidMat: Android Malware Detection through Manifest and API Calls Tracing,' in Seventh Asia Joint Conference on Information Security, 2012. [42] 'Google Play,' [Online]. Available: http://en.wikipedia.org/wiki/Google_Play. [43] . C. Cortes and V. Vapnik, 'Support-vector networks,' Machine Learning, 1995.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/55685	-
dc.description.abstract	Android平台上的惡意程式偵測為當前重要且熱門的研究議題。本論文提出一個Android應用程式行為分析方法，以靜態分析的方式，逆向工程取得應用程式的Android API使用情形，歸納出惡意行為以及正常行為的特性，並結合機器學習的方法-支持向量機，從現有的資料中分別學習獲得在惡意行為及正常行為上的分類模型。為了提高準確度，我們修改了支持向量機的預測方法以及結合兩種不同的行為模型，能夠更加有效的達到提高偵測率的效果。由於採用機器學習為基礎的模型，有別於一般假設條件之模型，能夠於未知的應用程式甚至未知之惡意攻擊手法偵測上有較好的偵測效果。透過本篇論文，我們設計並討論了不同的結合兩種模型之方法並比較其偵測效果之差異。此外，本論文提出之偵測方法亦被設計為能夠只將具有明顯特徵之應用程式標示出之分類器，並計算標記之效果，期望能增加機器學習預測方法之實用性。實驗結果指出本論文提出之系統在辨識未知的應用程式可達到96.69%之正確率且誤報率為2.5%，另一方面，我們在未知的應用程式資料中，標示了79.4%的資料，在這些標記的資料中可達到避免錯誤分類的發生之效果。	zh_TW
dc.description.abstract	Malware analysis on the Android platform has been an important issue as the platform is prevalent. We proposed a detection approach based on a static analysis and machine learning techniques to obtain a considerably accurate Android malware classifier. By conducting SVM classifications on two different feature sets, malicious-preferred features and normal-preferred features, we built a hybrid-model classifier to improve the detection accuracy. With the consideration of normal behavior features, the ability of detecting unknown malwares can be improved. Our experiment shows that the accuracy is as high as 96.69% in predicting unknown applications. Further, the proposed approach can be applied to make confident decisions on labeling unknown applications. In our experiments, the proposed hybrid model classifier can label 79.4% applications without false positive and false negative occurred in the labeling process.	en
dc.description.provenance	Made available in DSpace on 2021-06-16T04:17:14Z (GMT). No. of bitstreams: 1 ntu-103-R01921019-1.pdf: 573415 bytes, checksum: b9a45400aa805a948c1b17b43f62f3ca (MD5) Previous issue date: 2014	en
dc.description.tableofcontents	摘要 iii Abstract iv Chapter 1 Introduction 1 1.1 Machine Learning in Detecting malwares 2 1.2 Motivation 2 1.3 Approach overview 3 1.4 Contribution 5 1.5 Thesis organization 6 Chapter 2 Related Works 7 2.1 Static Analysis 7 2.2 Dynamic Analysis 8 Chapter 3 Classification 10 3.1 Preprocessing 11 3.2 Classification Model 13 Chapter 4 Experiments 24 4.1 Implementation 24 4.2 Experiment Result 26 4.3 Comparing with other works 30 4.4 Cross Validation on Dataset A 31 4.5 Time consumption 32 4.6 Evaluation on popular apps in 2014 33 Chapter 5 Discussion 34 5.1 Other features 34 5.2 Malwares characteristics and Possible Evasion techniques 35 5.4 Future Work 37 Chapter 6 Conclusion 39 Chapter 7 References 40 Appendix A 45
dc.language.iso	en
dc.subject	惡意軟體	zh_TW
dc.subject	靜態分析	zh_TW
dc.subject	分類	zh_TW
dc.subject	static analysis	en
dc.subject	Android	en
dc.subject	classification	en
dc.subject	Malware detection	en
dc.title	基於機器學習之Android惡意程式複合偵測方法	zh_TW
dc.title	Machine learning based hybrid behavior model for Android malware analysis	en
dc.type	Thesis
dc.date.schoolyear	102-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	陳銘憲(Ming-Syan Chen),顏嗣鈞(Hsu-chun Yen),曾俊元(Tseung-Yuen Tseng),雷欽隆(Chin-Laung Lei)
dc.subject.keyword	惡意軟體,靜態分析,分類,	zh_TW
dc.subject.keyword	Android,Malware detection,static analysis,classification,	en
dc.relation.page	45
dc.rights.note	有償授權
dc.date.accepted	2014-08-20
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電機工程學研究所	zh_TW
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-103-1.pdf 未授權公開取用	559.98 kB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。