| Summary: | 碩士 === 國立交通大學 === 電機工程學系 === 104 === The population of mobile users grows rapidly and people get used to storing information on a mobile device, hence the possibility under attack raises. Among the mobile attacks, malware is the most common attack and cause large damage for mobile users. For example, A victim may suffer from the information leakage or money lost causing by Short Message Service (SMS) attacks. To improve the security of a mobile device, experts have proposed many methods for malware detection. The website, Datasets, defines four malware families to simplify the detection of malware. In this thesis, we design DMFF (Detecting Malware by its Family Features) to provide an automation tool for categorizing them. DMFF comprises four stages, \textit{Extracting Stage}, \textit{Training Stage}, \textit{Testing Stage} and \textit{Update \& Retraining}. \textit{Extracting Stage} extracts Permission and Service from an application configuration file. \textit{Training Stage} applies matrix computation to generate system training model \textbf{k} for each malware family. The value \textbf{k} is used to detect a malware in DMFF to indicate its malicious behavior. The result then are forwarded to update the system model. To evaluate DMFF, four experiments with 179 malware and 200 normal samples involving are designed to test the accuracy on applying only Permission, only Service and the combination of both Permission and Service. The last experiment tests the accuracy on distinguishing benign application from malware. With 97.42\% accuracy on distinguishing benign application from malware and 82\% accuracy on categorizing malwares, DMFF is proved its ability to detect a malware and categorize the malware by its behavior.
|
|---|
