Android Malware Analysis Based on System Call sequences and Attention-LSTM
碩士 === 國立中央大學 === 資訊管理學系 === 107 === With the popularity of Android mobile devices, detecting and protecting malicious software has become an important issue. Although there have been studies proposed that dynamic analysis can overcome the shortcomings of avoidance detection problems such as code ob...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | zh-TW |
Published: |
2019
|
Online Access: | http://ndltd.ncl.edu.tw/handle/gdrth9 |
id |
ndltd-TW-107NCU05396088 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-TW-107NCU053960882019-10-22T05:28:14Z http://ndltd.ncl.edu.tw/handle/gdrth9 Android Malware Analysis Based on System Call sequences and Attention-LSTM 基於系統呼叫序列與注意力LSTM模型偵測Android惡意軟體之研究 Po-Yen Tseng 曾博彥 碩士 國立中央大學 資訊管理學系 107 With the popularity of Android mobile devices, detecting and protecting malicious software has become an important issue. Although there have been studies proposed that dynamic analysis can overcome the shortcomings of avoidance detection problems such as code obfuscated. However, how to learn more detail of correlation between the sequence-type features extracted by dynamic analysis to improve the resolution accuracy of the classification model is the direction of many research efforts. This study extracts the system call sequence as a feature, and extracts the system call correlation through the Long Short-Term Memory (LSTM) deep learning model. In addition, in order to avoid the increase of the length of the system call sequence and reduce the accuracy of the model classification, the attention mechanism is added to the classification model. The experimental results show that through the two-layer of Bi- LSTM architecture and the deep neural network of the Attention mechanism, the resolution of benign and malicious programs is 93.5%, and the classification of benign programs and two other malicious types is detailed. The result is an accuracy of 93.1%, showing excellent classification ability. Yi-Ming Chen 陳奕明 2019 學位論文 ; thesis 61 zh-TW |
collection |
NDLTD |
language |
zh-TW |
format |
Others
|
sources |
NDLTD |
description |
碩士 === 國立中央大學 === 資訊管理學系 === 107 === With the popularity of Android mobile devices, detecting and protecting malicious software has become an important issue. Although there have been studies proposed that dynamic analysis can overcome the shortcomings of avoidance detection problems such as code obfuscated. However, how to learn more detail of correlation between the sequence-type features extracted by dynamic analysis to improve the resolution accuracy of the classification model is the direction of many research efforts. This study extracts the system call sequence as a feature, and extracts the system call correlation through the Long Short-Term Memory (LSTM) deep learning model. In addition, in order to avoid the increase of the length of the system call sequence and reduce the accuracy of the model classification, the attention mechanism is added to the classification model. The experimental results show that through the two-layer of Bi- LSTM architecture and the deep neural network of the Attention mechanism, the resolution of benign and malicious programs is 93.5%, and the classification of benign programs and two other malicious types is detailed. The result is an accuracy of 93.1%, showing excellent classification ability.
|
author2 |
Yi-Ming Chen |
author_facet |
Yi-Ming Chen Po-Yen Tseng 曾博彥 |
author |
Po-Yen Tseng 曾博彥 |
spellingShingle |
Po-Yen Tseng 曾博彥 Android Malware Analysis Based on System Call sequences and Attention-LSTM |
author_sort |
Po-Yen Tseng |
title |
Android Malware Analysis Based on System Call sequences and Attention-LSTM |
title_short |
Android Malware Analysis Based on System Call sequences and Attention-LSTM |
title_full |
Android Malware Analysis Based on System Call sequences and Attention-LSTM |
title_fullStr |
Android Malware Analysis Based on System Call sequences and Attention-LSTM |
title_full_unstemmed |
Android Malware Analysis Based on System Call sequences and Attention-LSTM |
title_sort |
android malware analysis based on system call sequences and attention-lstm |
publishDate |
2019 |
url |
http://ndltd.ncl.edu.tw/handle/gdrth9 |
work_keys_str_mv |
AT poyentseng androidmalwareanalysisbasedonsystemcallsequencesandattentionlstm AT céngbóyàn androidmalwareanalysisbasedonsystemcallsequencesandattentionlstm AT poyentseng jīyúxìtǒnghūjiàoxùlièyǔzhùyìlìlstmmóxíngzhēncèandroidèyìruǎntǐzhīyánjiū AT céngbóyàn jīyúxìtǒnghūjiàoxùlièyǔzhùyìlìlstmmóxíngzhēncèandroidèyìruǎntǐzhīyánjiū |
_version_ |
1719274261916418048 |