中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/77660
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 43441202      Online Users : 1618
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/77660


    Title: 結合靜態權限及動態封包分析以提升Android惡意程式偵測效能之研究;Combining Static Permissions and Dynamic Packet Analysis to Improve Android Malware Detection Performance
    Authors: 熊永菁;Shyong, Yung-Ching
    Contributors: 資訊管理學系
    Keywords: 動態分析;Android;惡意程式分類;網路封包;應用程式權限;Dynamic analysis;Android;malware classification;network packet;application permission
    Date: 2018-07-31
    Issue Date: 2018-08-31 14:51:58 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 現今Android智慧行動裝置普及,成為惡意程式開發者的主要攻擊目標,如何將行動惡意程式進行偵測及防範已成為一大資安議題。同時,行動應用程式的網路流量成長快速,使得將網路封包作為資料集來檢測行動惡意軟體的可行性也提高。然而動態分析具有蒐集資料耗時的缺點,且過去文獻僅從網路封包中提取單一種類協定特徵,此外,僅將應用程式判斷是否為惡意是不夠的。基於此,本研究提出一個結合靜態權限及動態封包分析的Android惡意程式分析系統,先以靜態分析方式,透過應用程式的宣告資訊權限過濾掉良性應用程式,避免過多的資料蒐集時間,並從惡意程式網路流量提取多種類特徵,提升偵測效果同時降低誤判率,最後進行惡意程式家族分類,由於同個惡意家族下的應用程式具有類似的惡意行為,此分類方式能提供資安人員足夠資訊來建立防範策略。經實驗證實,靜、動態模型準確度分別為98.96%及95.6%,其中網路封包動態分析,高於惡意家族分類的94.33%準確度。以測試資料驗證系統整體效能上,準確率為89.1%,然而本實驗證實在動態分析的資料蒐集時間上有大幅改善,僅47.5%的應用程式需進行五分鐘的動態網路封包蒐集。;The popularity of Android smart mobile devices has become the main target of malware developers. How to detect and prevent mobile malware has become a major issue. At the same time, the mobile application′s network traffic has grown rapidly, making it more feasible to use network packets as a data set to detect malicious applications. However, dynamic analysis has the disadvantage of collecting data and taking time, and the past literature only extracts a single kind of agreement feature from the network packet. In addition, it is not enough to distinguish application into malicious or benign. Based on this, this study proposes an Android malware analysis system combining static permissions and dynamic packet analysis. Firstly, static analysis is used to filter out benign applications through the application′s announcement information permission, avoiding excessive data collection time and maliciously. The program network traffic extracts multiple types of features, improves the detection effect and reduces the false positive rate. Finally, the malware family is classified. Since the application under the same malicious family has similar malicious behavior, this classification method can provide sufficient information for the security personnel. To establish a prevention strategy. The experimental results show that the accuracy of static and dynamic models are 98.96% and 95.6%, respectively, and the dynamic analysis of network packets is higher than the accuracy of 94.33% of malicious family classification. Using the test data to verify the overall performance of the system, the accuracy rate was 89.1%. However, this experiment confirmed that the data collection time of the dynamic analysis was greatly improved, and only 47.5% of the applications required a five-minute dynamic network packet collection.
    Appears in Collections:[Graduate Institute of Information Management] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML240View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明