現今的行動裝置普及，再加上Android作業系統的市占率越來越高，Android惡意程式增長速度越來越快，要如何準確且快速的檢測惡意程式是一個重要的議題。本論文以靜態分析作研究，並且將現今流行的圖像技術應用至Android惡意程式檢測領域中，與現有研究不同的是本研究目標設計出一種有效的分類模型，來解決惡意程式分析上模型的訓練時間冗長的問題。現有圖像惡意程式研究，大多採用VGG Net作為分類器且訓練時間冗長，本研究將自動編碼器(Autoencoder)與圖像領域上使用的深度卷積神經網路(Convolutional Neural Network)結合，運用在惡意程式分析上，旨在縮短訓練時間且達到良好的準確度。自動編碼器（Autoencoder）透過卷積層可以將輸入圖片進行特徵萃取，獲取更低維的向量，此過程可以當作是一種圖像壓縮技術，並提取重要資訊，捨棄不需要的圖像特徵；現今圖像領域中深層卷積模型Efficient Net以較多的卷積層數來獲取圖片更細節特徵，再加上有殘差網路(Residual Network)架構，減少網路退化的問題。本研究採用卷積自動編碼器，並證實可以提取惡意程式特徵將資料集維度縮小，減少訓練時間，並利用Efficient Net作為分類器，在準確度不變的前提下，縮短75%到80%至約500秒的訓練時間。

With the popularity of mobile devices today and the increasing market share of Android operating systems, Android malware is growing faster and faster. How to detect malware accurately and quickly is an important issue. This paper uses static analysis for research, and applies today's popular image technology to the Android malware detection field. Unlike the existing research, this research goal is to design an effective classification model to solve the problem of lengthy training time and can also improve accuracy. Most of the existing image malware researches use VGG Net as the classifier and they cost lots of time to train. This study combines the Autoencoder and the deep convolutional neural network used in the image field. The malware analysis aims to shorten the training time and achieve good accuracy. Autoencoder can extract feature of input picture through convolutional layer to obtain lower dimensional vector. This process can be regarded as an image compression technology. By extracting important information and discarding unnecessary image features to reduce the dimension. Nowadays in the image field, the deep convolution model Efficient Net uses more convolution layers to obtain more detailed features of the picture, plus a Residual Network architecture to reduce the problem of network degradation. This study uses a convolutional autoencoder and proves that it can extract malware features to reduce the dimension of the data set and reduce training time. under the premise of using different data sets and unchanged accuracy, shorten Up to about 500 seconds of training time.

[參考網站]
[1] Statcounter, "Mobile Operating System Market Share Worldwide," Available: https://gs.statcounter.com/os-market-share/mobile/worldwide, 2020.
[2] McAfee, "McAfee Labs Threats Report," Available: https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-aug-2019.pdf 2019.
[3] Wiki, "Static program analysis," Available:https://en.wikipedia.org/wiki/Static_program_analysis.
[4] Wiki, "Dynamic program analysis," Available: https://en.wikipedia.org/wiki/Dynamic_program_analysis.
[25] "Apktool(A tool for reverse engineering 3rd party)," Available: https://ibotpeaches.github.io/Apktool.
[27] "APKPure," Available: https://apkpure.com/tw/.
[28] "Android Drebin Project," Available: https://www.sec.cs.tu-bs.de/~danarp/drebin/.
[29] "Android Malware Dataset," Available: http://amd.arguslab.org/.
[33] Wiki, "Ensemble Learning," https://zh.wikipedia.org/wiki/%E9%9B%86%E6%88%90%E5%AD%A6%E4%B9%A0.
[中文文獻]
[6] 游子慧, "基於靜態特徵與機器學習之 Android 惡意程式分類研究," National Central University, 2017.
[7] 王奕鈞, "Android 平台下整合控制流與操作碼之惡意程式分析," National Central University, 2018.
[22] 張櫻瀞, "整合注意力機制與圖像化操作碼之 Android 惡意程式分析研究," National Central University, 2019.

[英文文獻]
[8] T. Hsien-De Huang and H.-Y. Kao, "R2-D2: color-inspired convolutional neural network (CNN)-based android malware detections," in 2018 IEEE International Conference on Big Data (Big Data), 2018: IEEE, pp. 2633-2642.
[9] L. Nataraj, S. Karthikeyan, G. Jacob, and B. S. Manjunath, "Malware images: visualization and automatic classification," in Proceedings of the 8th international symposium on visualization for cyber security, 2011, pp. 1-7.
[10] M. Kumari, G. Hsieh, and C. A. Okonkwo, "Deep Learning Approach To Malware Multi-Class Classification Using Image Processing Techniques," in 2017 International Conference on Computational Science and Computational Intelligence (CSCI), 2017: IEEE, pp. 13-18.
[11] K. Simonyan and A. Zisserman, "Very deep convolutional networks for large-scale image recognition," arXiv preprint arXiv:1409.1556, 2014.
[12] E. Rezende, G. Ruppert, T. Carvalho, A. Theophilo, F. Ramos, and P. de Geus, "Malicious software classification using VGG16 deep neural network’s bottleneck features," in Information Technology-New Generations: Springer, 2018, pp. 51-59.
[13] M. Tan and Q. V. Le, "Efficientnet: Rethinking model scaling for convolutional neural networks," arXiv preprint arXiv:1905.11946, 2019.
[14] N. McLaughlin et al., "Deep android malware detection," in Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, 2017, pp. 301-308.
[15] Q. Jerome, K. Allix, R. State, and T. Engel, "Using opcode-sequences to detect malicious Android applications," in 2014 IEEE International Conference on Communications (ICC), 2014: IEEE, pp. 914-919.
[16] Y.-l. Zhao and Q. Qian, "Android malware identification through visual exploration of disassembly files," International Journal of Network Security, vol. 20, no. 6, pp. 1061-1073, 2018.
[17] I. Santos, F. Brezo, X. Ugarte-Pedrero, and P. G. Bringas, "Opcode sequences as representation of executables for data-mining-based unknown malware detection," Information Sciences, vol. 231, pp. 64-82, 2013.
[18] A. Naway and Y. Li, "Android Malware Detection Using Autoencoder," arXiv preprint arXiv:1901.07315, 2019.
[19] J.-Y. Kim and S.-B. Cho, "Detecting intrusive malware with a hybrid generative deep learning model," in International Conference on Intelligent Data Engineering and Automated Learning, 2018: Springer, pp. 499-507.
[20] N. He, T. Wang, P. Chen, H. Yan, and Z. Jin, "An Android malware detection method based on deep autoencoder," in Proceedings of the 2018 artificial intelligence and cloud computing conference, 2018, pp. 88-93.
[21] T. S. John, T. Thomas, and M. M. Uddin, "A Multifamily Android Malware Detection Using Deep Autoencoder Based Feature Extraction," in 2017 Ninth International Conference on Advanced Computing (ICoAC), 2017.
[23] D. Vasan, M. Alazab, S. Wassan, H. Naeem, B. Safaei, and Q. Zheng, "IMCFN: Image-based malware classification using fine-tuned convolutional neural network architecture," Computer Networks, vol. 171, p. 107138, 2020.
[24] J. Yan, Y. Qi, and Q. Rao, "Detecting malware with an ensemble method based on deep neural network," Security and Communication Networks, vol. 2018, 2018.
[26] L. I. Smith, "A tutorial on principal components analysis," 2002.
[27] R. Hecht-Nielsen, "Theory of the backpropagation neural network," in Neural networks for perception: Elsevier, 1992, pp. 65-93.
[31] Y. Zhang, Y. Yang, and X. Wang, "A novel android malware detection approach based on convolutional neural network," in Proceedings of the 2nd International Conference on Cryptography, Security and Privacy, 2018, pp. 144-149.
[32] R. Nix and J. Zhang, "Classification of android apps and malware using deep neural networks," in 2017 International joint conference on neural networks (IJCNN), 2017: IEEE, pp. 1871-1878.