現今的行動裝置普及，相對惡意程式增長速度越來越快，如何快速且高效的分析大量惡意程式，同時提升少量惡意家族樣本辨識率為現今學者關注的議題。現有分析惡意程式的方式可分為靜、動態分析，本論文以靜態分析作研究，與現有研究不同的是本研究欲探討現有之圖像技術應用至Android惡意程式分析領域的效能，故將操作碼轉為圖像，並使用注意力機制（Attention）與資料擴增（Data Augmentation）於此領域中，注意力機制的啟發為生物學上人腦對於文字或圖像辨識而言，可看見其認為當前最重要的部分，並針對此部分做判斷，本研究藉此來提升現有卷積神經網路分類惡意應用程式的準確度;資料擴增目前廣泛用於解決圖像領域中資料量過少，導致深度學習難以學習的問題，本論文利用將操作碼轉為圖像之優勢，將數量稀少的惡意家族直接進行水平翻轉，藉此擴增原本的資料集。本研究證實注意力機制能有效提升卷積神經網路1.99%的準確度，並證明資料擴增－水平翻轉對於對於大部分惡意家族的操作碼圖像都能提升至少3.6%的效果。

With the popularity of mobile devices, malware is growing faster and faster. How to quickly and efficiently analyze a large number of malware, and at the same time improve the recognition rate of a small number of malicious family samples, has become a topic of concern for scholars today. The existing methods of analyzing malware can be divided into static and dynamic analysis, and this paper chooses static analysis as the basis of research. Unlike the existing research, this study is to explore the effectiveness of existing image technology in the field of Android malware analysis. We turn the opcode into an image and use ttention mechanisms and Data Augmentation in this area. We are inspired by the attention mechanism because in the field of biology, when the human brain recognizes words or images, it can see the more important parts and make judgments on this part, and in view of the above, this study uses attention mechanism to improve the accuracy of existing convolutional neural networks in classifying malicious applications. Data Augmentation is widely used to solve the problem that the amount of data in the image field is too small, which makes deep learning difficult to learn. This study is based on the opcode that has been converted into an image to horizontally flip a small number of malicious families, thereby increasing the original data set. We demonstrate that the use of attention mechanisms improves accuracy by 1.99% compared to convolutional neural networks, and also demonstrate that horizontal flipping of Data Augmentation can improve accuracy by 3.6% for most malicious families’ opcode images.

[參考網站]

[1] Pwc. (2019). Global Consumer Insights Survey Available: https://www.pwc.com/gx/en/industries/consumer-markets/consumer-insights-survey.html
[2] Gartner. (2018, 10-Jun). Gartner Says Huawei Secured No. 2 Worldwide Smartphone Vendor Spot, Surpassing Apple in Second Quarter 2018. Available: https://www.gartner.com/en/newsroom/press-releases/2018-08-28-gartner-says-huawei-secured-no-2-worldwide-smartphone-vendor-spot-surpassing-apple-in-second-quarter
[3] McAfee. (2019). McAfee Labs Threats Report December 2018. Available: https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-dec-2018.pdf
[4] Wiki. Static program analysis. Available: https://en.wikipedia.org/wiki/Static_program_analysis
[7] Wiki. Dynamic program analysis. Available: https://en.wikipedia.org/wiki/Dynamic_program_analysis
[19] . Contagio Blog. Available: http://contagiominidump.blogspot.tw/
[23] . Baidu Apps Market. Available: https://shouji.baidu.com/
[24] . Android Drebin Project. Available: https://www.sec.cs.tu-bs.de/~danarp/drebin/
[32] . Apktool(A tool for reverse engineering 3rd party). Available: https://ibotpeaches.github.io/Apktool
[33] G. Paller. Dalvik opcodes. Available: http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html
[34] . APKPure. Available: https://apkpure.com/tw/
[35] . Android Malware Dataset. Available: http://amd.arguslab.org/

[中文文獻]

[5] 游子慧, "基於靜態特徵與機器學習之 Android 惡意程式分類研究," 國立中央大學資訊管理所碩士論文, 2017.
[8] 胡哲君, "去可識別個人資訊後之 Android惡意程式動態分析研究," 國立中央大學資訊管理所碩士論文, 2017.
[11] 王奕鈞, "Android平台下整合控制流與操作碼之惡意程式分析," 國立中央大學資訊管理所碩士論文, 2018.

[英文文獻]

[6] M. Pomilia, "A study on obfuscation techniques for Android malware," ed: Master’s thesis. Sapienza University of Rome, 2016.
[9] Z. Chen et al., "A first look at android malware traffic in first few minutes," in 2015 IEEE Trustcom/BigDataSE/ISPA, 2015, vol. 1, pp. 206-213: IEEE.
[10] H. Qi and A. Gani, "Research on mobile cloud computing: Review, trend and perspectives," in 2012 Second International Conference on Digital Information and Communication Technology and it's Applications (DICTAP), 2012, pp. 195-202: ieee.
[12] L. Nataraj, S. Karthikeyan, G. Jacob, and B. Manjunath, "Malware images: visualization and automatic classification," in Proceedings of the 8th international symposium on visualization for cyber security, 2011, p. 4: ACM.
[13] B. Chen, Z. Ren, C. Yu, I. Hussain, and J. J. I. A. Liu, "Adversarial Examples for CNN-Based Malware Detectors," vol. 7, pp. 54360-54371, 2019.
[14] R. R. Selvaraju, M. Cogswell, A. Das, R. Vedantam, D. Parikh, and D. Batra, "Grad-cam: Visual explanations from deep networks via gradient-based localization," in Proceedings of the IEEE International Conference on Computer Vision, 2017, pp. 618-626.
[15] L. Perez and J. J. a. p. a. Wang, "The effectiveness of data augmentation in image classification using deep learning," 2017.
[16] I. Santos, F. Brezo, X. Ugarte-Pedrero, and P. G. J. I. S. Bringas, "Opcode sequences as representation of executables for data-mining-based unknown malware detection," vol. 231, pp. 64-82, 2013.
[17] Q. Jerome, K. Allix, R. State, and T. Engel, "Using opcode-sequences to detect malicious Android applications," in 2014 IEEE International Conference on Communications (ICC), 2014, pp. 914-919: IEEE.
[18] B. Kang, S. Y. Yerima, K. McLaughlin, and S. Sezer, "N-opcode analysis for android malware classification and categorization," in 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security), 2016, pp. 1-7: IEEE.
[20] N. McLaughlin et al., "Deep Android Malware Detection," presented at the Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy - CODASPY '17, 2017.
[21] Y. LeCun, L. Bottou, Y. Bengio, and P. J. P. o. t. I. Haffner, "Gradient-based learning applied to document recognition," vol. 86, no. 11, pp. 2278-2324, 1998.
[22] M. Yang and Q. Wen, "Detecting android malware by applying classification techniques on images patterns," in 2017 IEEE 2nd International Conference on Cloud Computing and Big Data Analysis (ICCCBDA), 2017, pp. 344-347: IEEE.
[25] J. Yan, Y. Qi, Q. J. S. Rao, and C. Networks, "Detecting malware with an ensemble method based on deep neural network," vol. 2018, 2018.
[26] T. Hsien-De Huang and H.-Y. Kao, "R2-d2: Color-inspired convolutional neural network (cnn)-based android malware detections," in 2018 IEEE International Conference on Big Data (Big Data), 2018, pp. 2633-2642: IEEE.
[27] D. Bahdanau, K. Cho, and Y. J. I. A. Bengio, "Neural machine translation by jointly learning to align and translate," 2014.
[28] I. Sutskever, O. Vinyals, and Q. V. Le, "Sequence to sequence learning with neural networks," in Advances in neural information processing systems, 2014, pp. 3104-3112.
[29] H. Yakura, S. Shinozaki, R. Nishimura, Y. Oyama, and J. Sakuma, "Malware Analysis of Imaged Binary Samples by Convolutional Neural Network with Attention Mechanism," in Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, 2018, pp. 127-134: ACM.
[30] K. Xu et al., "Show, attend and tell: Neural image caption generation with visual attention," in International conference on machine learning, 2015, pp. 2048-2057.
[31] A. Krizhevsky, I. Sutskever, and G. E. Hinton, "Imagenet classification with deep convolutional neural networks," in Advances in neural information processing systems, 2012, pp. 1097-1105.
[36] D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, and C. Siemens, "Drebin: Effective and explainable detection of android malware in your pocket," in Ndss, 2014, vol. 14, pp. 23-26.
[37] C. Hasegawa and H. Iyatomi, "One-dimensional convolutional neural networks for Android malware detection," in 2018 IEEE 14th International Colloquium on Signal Processing & Its Applications (CSPA), 2018, pp. 99-102: IEEE.
[38] L. Shiqi, T. Shengwei, Y. Long, Y. Jiong, S. J. K. T. o. I. Hua, and I. Systems, "Android malicious code Classification using Deep Belief Network," vol. 12, no. 1, 2018.