進階搜尋


   電子論文尚未授權公開,紙本請查館藏目錄
(※如查詢不到或館藏狀況顯示「閉架不公開」,表示該本論文不在書庫,無法取用。)
系統識別號 U0026-1102201902083500
論文名稱(中文) 基於深度學習的網路威脅異常分析
論文名稱(英文) Deep learning based anomaly analysis in cyber threats
校院名稱 成功大學
系所名稱(中) 資訊工程學系
系所名稱(英) Institute of Computer Science and Information Engineering
學年度 107
學期 1
出版年 108
研究生(中文) 黃獻德
研究生(英文) Hsien-De Huang
電子信箱 TonTon@TWMAN.ORG
學號 p78991244
學位類別 博士
語文別 英文
論文頁數 65頁
口試委員 指導教授-高宏宇
口試委員-黃瓊瑩
口試委員-吳德威
召集委員-謝孫源
口試委員-李育杰
口試委員-李家岩
口試委員-黃仁暐
中文關鍵字 深度學習  Android惡意程式分析  情感分析  社群輿情分析  推薦系統 
英文關鍵字 Deep Learning  Android Malware Analysis  Sentiment Analysis  Social Opinion Analysis  Pop-ups Recommendation 
學科別分類
中文摘要 在網路的世界,近年來,有幾個現象值得關注。其一是有關智慧型手機以及App的使用,智慧型手機已是人們日常生活中不可或缺的東西,而Android 因為其開放性而成為最受歡迎的智慧型手機作業系統,然而,卻也因其開放性,造成惡意軟件非常容易傳播並感染Android設備。Android 應用程式(app)的推送通知是維護使用者和app關係的強大工具,但我們不能忽略Android的安全以及通知欄彈窗造成擾人效果等問題。其二是,加密貨幣所形成的經濟問題,社群網站上充斥了非常多的加密貨幣相關資訊,其背後所造成的風險和欺詐行為已陸續引起包括美國、韓國和中國在等國家發佈警告並制定了相對應之法規,然而尚無一套有系統的方法可以協助判斷風險與詐欺。為因應以上兩個現象,本研究提出基於深度學習在圖形識別和自然語言處理的網路威脅異常分析方法,偵測惡意行為與詐欺,分別應用於社會輿論情感分析、Android惡意程式偵測以及通知欄彈窗推薦系統三個面向。

我們首先從Facebook、Twitter及Telegram上搜集用戶的評論,然後輸入整合sequence dependency和local features的Long Short Term Memory(LSTM)和Convolutional Neural Network (CNN) 做為情感分析模型來進行訓練,並藉由softmax 和tanh 各自輸出[-1, 1] 等兩種情緒,其中-1表示負面情緒,反之亦然。另一方面,針對Android 安全的問題,在效能優先且不進行特徵預處理的狀況下,我們提出了藉由顏色以及rgb 色碼將Android 的dalvik 核心classes.dex的bytecode 轉譯成彩色圖片,再透過Inception-v3 模型做遷移學習(transfer learning),並輸出其偵測是否為惡意程式的結果。最後,為了提高app 端廣告的點擊率和使用者留存率,我們透過Deep Neural Network(DNN),開發了藉由分析用戶行為的通知欄彈窗推薦系統。

為進行驗證,我們與台灣雪豹科技(獵豹移動總代理)合作,搜集實際的數據並將我們的方法部署於合作夥伴的核心產品上,包含Security Master、RatingToken 和Coin Master 等核心產品。實驗證明本研究可有效降低社群網站的網路欺詐和Android惡意程式感染的風險,且能準確地了解用戶點擊推送通知/彈出窗口的偏好和頻率,減少對用戶的麻煩。
英文摘要 In the world of the Internet, in recent years, there have been several phenomena worthy of attention. One is the use of smart phones and Android applications (apps). Smart phones are an indispensable part of people's daily lives, and Android has become the most popular smart phone operating system because of its openness. However, its openness makes malware very easy to spread and infect Android devices. Pop-ups for Android apps are a powerful tool for maintaining user and app relationships, but we can't ignore the security of Android and the nuisance caused by pop-ups in the notification bar. Second, the economic problems resulting in huge losses for victims and the economy caused by cryptocurrencies are serious. The social network websites are flooded with a lot of cryptocurrency related information, and the risks and frauds behind it have caused warnings in countries including the United States, South Korea, and China. Corresponding regulations have been formulated, but there is no systematic way to help judge risks and fraud. In order to cope with the above two phenomena, in this study, we propose a deep learning based anomaly analysis for cyber threats, using deep learning in image recognition and natural language processing to detect Android malicious behavior and fraud on the social network websites. We applied the method to Sentiment Analysis, Android Malware Detection, and Pop-ups Recommendation.

We first collect user comments from the Facebook, Twitter, and Telegram. Then input the data into the sentiment analysis model built by the Long Short-Term Memory Network (LSTM) + Convolutional Neural Network (CNN) that integrates the sequence dependency and local features to train the model, using activation functions (softmax and tanh) to output [-1, 1] as emotions, where -1 means negative emotions and vice versa. On the other hand, for the security problem of Android, in the case of taking performance as a priority without feature engineering, we propose to translate the bytecode of Android's Dalvik core classes.dex into color images by color and RGB color code. Then, using Inception-v3 model does Transfer Learning and outputs the results of its detection of malware. Finally, in order to improve the click-through rate and user retention rate of app-side ads, we developed a pop-up recommendation system for analyzing user behavior through the Deep Neural Network (DNN).

For validation, we partnered with Leopard Mobile Inc. (Cheetah Mobile Taiwan Agency) to collect real data and deploy our approach to our partners' core products, including core products such as Security Master, Clean Master, RatingToken and Coin Master. The experiment proves that our research can effectively reduce the risk of online fraud on social network sites, Android malware infection, and can accurately understand the preference and frequency of users clicking push notifications/pop-ups, reducing the trouble for users.
論文目次 摘要. . . . . . . . . . . . . .. . . . . . . . . . . . . . i
Abstract . . . . . . . . . . . . . .. . . . . . . . . . . ii
致謝. . . . . . . . . . . . . .. . . . . . . . . . . . . . iv
Table of Contents . . . . . . . . . . . . . .. . . . . . . v
List of Tables . . . . . . . . . . . . . .. . . . . . . . vi
List of Figures . . . . . . . . . . . . . .. . . . . . . vii
Chapter 1. Introduction . . . . . . . . . . . . . .. . . . 1
1.1 Sentiment Analysis . . . . . . . . . . . . . . . . . 3
1.2 Android Malware Detection . . . . . . . . . . . . . . 4
1.3 Pop-ups Recommendation . . . . . . . . . . . . . . . 7
Chapter 2. Related Work . . . . . . . . . . . . . . . . . 10
2.1 Deep Learning . . . . . . . . . . . . . . . . . . . . 10
2.2 Sentiment Analysis . . . . . . . . . . . . . . . . . 11
2.3 Android Malware Analysis . . . . . . . . . . . . . . 12
2.3.1. The Background of Android Malware Analysis . . . . 12
2.3.2. Machine Learning-based Malware Detection . . . . . 14
2.3.3. Deep Learning-based Malware Detection . . . . . . 16
2.4 Recommendation System . . . . . . . . . . . . . . . . 18
Chapter 3. Sentiment Analysis . . . . . . . . . . . . . . 21
3.1 Our Proposed Methodology: SOC . . . . . . . . . . . .21
3.2 Experimental Results and Discussion . . . . . . . . . 25
Chapter 4. Android Malware and Smart Contract Detection . 32
4.1 Our Proposed Mechanism: R2-D2 . . . . . . . . . . . . 32
4.2 Experimental Results and Discussion . . . . . . . . . 39
Chapter 5. Pop-ups Recommendation . . . . . . . . . . . . 46
5.1 Our Proposed System: C-3PO . . . . . . . . . . . . . .46
5.2 Experimental Results and Discussion . . . . . . . . . 49
Chapter 6. Conclusion. . . . . . . . . . . . . .. . . . . 54
References . . . . . . . . . . . . . .. . . . . . . . . . 58
參考文獻 [1] S. Nakamoto, ”Bitcoin: A peer-to-peer electronic cash system,” 2008. [Online]. Available: http://bitcoin.org/bitcoin.pdf. [Accessed: 15-Jan-2019].
[2] X. Li, P. Jiang, T. Chen, X. Luo, and Q. Wen, ”A survey on the security of blockchain systems,” Future Generation Computer Systems, 2017.
[3] V. Buterin, “Ethereum: A Next-Generation Cryptocurrency and Decentralized Application Platform,”Bitcoin Magazine, 24-Jan-2014. [Online]. Available: https://bitcoinmagazine.com/articles/ethereum-next-generation-cryptocurrencydecentralized-application-platform-1390528211/. [Accessed: 15-Jan-2019].
[4] S. Cohney, D. Hoffman, J. Sklaroff and D. Wishnick, ”Coin-Operated Capitalism,” Columbia Law Review, Forthcoming; U of Penn, Inst for Law & Econ Research Paper No. 18-37.
[5] International Data Corporation (IDC), ”Smartphone OS Market Share 2016 Q3,” 2016, [Online]. Available: https://www.idc.com/prodserv/smartphone-os-market-share.jsp. [Accessed: 15-Jan-2019].
[6] The AV-TEST Institute, (2016) ”Security Report 2015/16,” 2016, [Online]. Available: https://www.av-test.org/fileadmin/pdf/security_report/AVTEST_
Security_Report_2015-2016.pdf. [Accessed: 15-Jan-2019].
[7] Cheetah Mobile (CMCM), (2017), ”Mobile Security Report for the First Half of 2017,” 2017, [Online]. Available: http://www.cmcm.com/blog/en/security/2017-08-
09/1090.html. [Accessed: 15-Jan-2019].
[8] Trend Micro, ”Continued Rise in Mobile Threats for 2016,” 2015, [Online]. Available: http://blog.trendmicro.com/continued-rise-in-mobile-threats-for-2016/. [Accessed: 15-Jan-2019].
[9] D. Silver, A. Huang, C. J. Maddison, A. Guez, L. Sifre, G. Van Den Driessche, et al., ”Mastering the game of Go with deep neural networks and tree search,” Nature, vol. 529, pp. 484-489, 2016.
[10] M. Abadi, P. Barham, J. Chen, Z. Chen, A. Davis, J. Dean, et al., ”TensorFlow: a system for large-scale machine learning,” in Proceedings of the 12th USENIX conference on Operating Systems Design and Implementation, Savannah, GA, USA, 2016.
[11] Y. LeCun, Y. Bengio, and G. Hinton, ”Deep learning,” Nature, vol. 521, pp. 436-444, 2015.
[12] I. Goodfellow, Y. Bengio and A. Courville, ”Deep learning,” MIT Press Cambridge, 2016.
[13] A. Krizhevsky, I. Sutskever, and G. E. Hinton, ”ImageNet Classification with Deep Convolutional Neural Networks,” in Proceedings of the Advances in Neural Information Processing Systems 25 (NIPS), Harrahs and Harveys, Lake Tahoe, 2012, pp. 1097-1105.
[14] A. Z. K. Simonyan, ”Very Deep Convolutional Networks for Large-Scale Image Recognition,” in International Conference on Learning Representations (ICLR), San Diego, CA, USA, 2015.
[15] C. Szegedy, V. Vanhoucke, S. Ioffe, J. Shlens and Z. Wojna, ”Rethinking the Inception Architecture for Computer Vision,” in Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Las Vegas, NV, USA, 2016, pp. 2818-2826.
[16] K. He, X. Zhang, S. Ren and J. Sun, ”Deep Residual Learning for Image Recognition,” in Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Las Vegas, NV, USA, 2016, pp. 770-778.
[17] J. Wang, L.-C. Yu, K. R. Lai, and X. Zhang, ”Dimensional Sentiment Analysis Using a Regional CNN-LSTM Model,” in Proceedings of the Annual Meeting of the Association for Computational Linguistics (ACL) (Volume 2: Short Papers), Berlin, Germany, 2016, pp. 225-230.
[18] X. Wang, Y. Liu, C. Sun, B. Wang, and X. Wang, ”Predicting Polarities of Tweets by Composing Word Embeddings with Long Short-Term Memory,” in Proceedings of the Annual Meeting of the Association for Computational Linguistics (ACL) and the 7th International Joint Conference on Natural Language Processing (Volume 1: Long Papers), Beijing, China, 2015, pp. 1343-1353.
[19] C. Guggilla, T. Miller, and I. Gurevych, ”CNN- and LSTM-based Claim Classification in Online User Comments,” in Proceedings of the International Conference on Computational Linguistics (COLING), Osaka, Japan, 2016, pp. 2740-2751.
[20] Y. Kim, ”Convolutional Neural Networks for Sentence Classification”, in Proceedings of the Conference on Empirical Methods in Natural Language Processing (EMNLP), Doha, Qatar, 2014, pp. 1746-1751.
[21] F. Carcillo, Y. A. L. Borgne, O. Caelen, and G. Bontempi, ”An Assessment of Streaming Active Learning Strategies for Real-Life Credit Card Fraud Detection,” in Proceedings of the IEEE International Conference on Data Science and Advanced Analytics (DSAA), Tokyo, Japan, 2017, pp. 631-639.
[22] S. Wang, C. Liu, X. Gao, H. Qu, and W. Xu, ”Session-Based Fraud Detection in Online E-Commerce Transactions Using Recurrent Neural Networks,” in Joint European Conference on Machine Learning and Knowledge Discovery in Databases, Skopje, Macedonia, 2017, pp. 241-252.
[23] K. Toyoda, T. Ohtsuki and P. T. Mathiopoulos, ”Identification of High Yielding Investment Programs in Bitcoin via Transactions Pattern Analysis,” in Proceedings of the IEEE Global Communications Conference (GLOBECOM), Singapore, 2017, pp. 1-6.
[24] S. Bian, Z. Deng, F. Li, W. Monroe, P. Shi, Z. Sun, et al., ”IcoRating: A Deep-Learning System for Scam ICO Identification,” arXiv preprint arXiv:1803.03670, 2018.
[25] T. Vidas and N. Christin, ”Evading Android Runtime Analysis via Sandbox Detection,” in Proceedings of the ACM symposium on Information, Computer and Communications Security (ASIA CCS), Kyoto, Japan, 2014, pp. 447-458.
[26] V. Rastogi, C. Yan, and J. Xuxian, ”Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks,” IEEE Transactions on Information Forensics and Security, vol. 9, pp. 99-108, 2014.
[27] V. Rastogi, Y. Chen, and X. Jiang, ”DroidChameleon: evaluating Android anti-malware against transformation attacks,” in Proceedings of the ACM symposium on Information, computer and communications security (SIGSAC), Hangzhou, China, 2013, pp. 329-334.
[28] C. Yang, Z. Xu, G. Gu, V. Yegneswaran, and P. Porras, ”DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications,” in Proceedings of the European Symposium on Research in Computer Security (ESORICS), Wroclaw, Poland, 2014, pp. 163-182.
[29] C. Lei, C. S. Gates, S. Luo, and L. Ninghui, ”A Probabilistic Discriminative Model for Android Malware Detection with Decompiled Source Code,” IEEE Transactions on Dependable and Secure Computing, vol. 12, pp. 400-412, 2015.
[30] W. Hardy, L. Chen, S. Hou, Y. Ye, and X. Li. ”DL4MD: A Deep Learning Framework for Intelligent Malware Detection,” in Proceedings of the International Conference on Data Mining (DMIN), Las Vegas, NV, USA, 2016.
[31] J. Saxe and K. Berlin, ”Deep neural network based malware detection using two dimensional binary program features,” in Proceedings of the International Conference on Malicious and Unwanted Software (MALWARE), Fajardo, PR, USA, 2015, pp. 11-20.
[32] Z. Yuan, Y. Lu, Z. Wang, and Y. Xue, ”Droid-Sec: deep learning in android malware detection,” in Proceedings of the ACM conference on SIGCOMM, Chicago, Illinois, USA, 2014, pp. 371-372
[33] T. Abou-Assaleh, N. Cercone, V. Keselj and R. Sweidan, ”N-gram-based detection of new malicious code,” in Proceedings of the Annual International Computer Software and Applications Conference (COMPSAC), Hong Kong, 2004, pp. 41-42 vol.2.
[34] D. K. S. Reddy and A. K. Pujari, ”N-gram analysis for computer virus detection,” Journal in Computer Virology, vol. 2, pp. 231-239, 2006.
[35] R. Moskovitch, C. Feher, N. Tzachar, E. Berger, M. Gitelman, S. Dolev, et al., ”Unknown Malcode Detection Using OPCODE Representation,” in Proceedings of the Intelligence and Security Informatics, Berlin, Heidelberg, 2008, pp. 204-215.
[36] L. Nataraj, S. Karthikeyan, G. Jacob, and B. S. Manjunath, ”Malware images: visualization and automatic classification,” in Proceedings of the International Symposium on Visualization for Cyber Security (VizSec), Pittsburgh, Pennsylvania, USA, 2011.
[37] X. Zhang, J. Zhao, and Y. LeCun, ”Character-level convolutional networks for text classification,” in Proceedings of the International Conference on Neural Information Processing Systems (NIPS), Montreal, Canada, 2015, pp. 649-657.
[38] N. McLaughlin, J. M. d. Rincon, B. Kang, S. Yerima, P. Miller, S. Sezer, et al., ”Deep Android Malware Detection,” in Proceedings of the ACM on Conference on Data and Application Security and Privacy (CODASPY), Scottsdale, Arizona, USA, 2017, pp. 301-308.
[39] Bob Pan, ”Inside of APK Protectors,” RSA Conference 2015, [Online] Available: https://www.rsaconference.com/writable/presentations/file_upload/spor09_
inside_of_apk_protectors.pdf. [Accessed: 15-Jan-2019].
[40] Caleb Fenton and Tim Strazzere, ”Dex Education: Practicing Safe Dex,” Black Hat USA 2012, [Online] Available: https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Strazzere. [Accessed: 15-Jan-2019].
[41] Tim Strazzere and Jon Sawyer, ”Android Hacker Protection Level 0,” Defcon 22, [Online] Available: https://www.defcon.org/images/defcon-22/dc-22-
presentations/Strazzere-Sawyer/DEFCON-22-Strazzere-and-Sawyer-Android-Hacker-Protection-Level-UPDATED.pdf. [Accessed: 15-Jan-2019].
[42] R. Pan, Y. Zhou, B. Cao, N. N. Liu, R. Lukose, M. Scholz, et al., ”One-class collaborative filtering,” in Proceedings of the IEEE International Conference on Data Mining (ICDM), Pisa, Italy, 2008, pp. 502-511.
[43] Y. Koren, R. Bell and C. Volinsky, ”Matrix Factorization Techniques for Recommender Systems,” Computer, vol. 42, no. 8, pp. 30-37, 2009.
[44] K. Verstrepen and B. Goethals, ”Unifying nearest neighbors collaborative filtering,” in Proceedings of the ACM Conference on Recommender Systems (RecSys), New York, NY, USA, 2014, pp. 177–184.
[45] F. Aiolli. ”Efficient top-n recommendation for very large scale binary rated datasets,” in Proceedings of the ACM Conference on Recommender Systems (RecSys), New York, NY, USA, 2013, pp. 273–280.
[46] R. Salakhutdinov, A. Mnih, G. E. Hinton, ”Restricted Boltzmann machines for collaborative filtering,” in Proceedings of the International Conference on Machine Learning (ICML), Corvallis, Oregon, USA, 2007, pp. 791-798.
[47] Y. Zheng, B. Tang, W. Ding, and H. Zhou, ”A neural autoregressive approach to collaborative filtering,” in Proceedings of the International Conference on International Conference on Machine Learning (ICML), New York, NY, USA, 2016, pp. 764-773.
[48] Y. Wu, C. DuBois, A. X. Zheng, and M. Ester, ”Collaborative Denoising Auto-Encoders for Top-N Recommender Systems,” in Proceedings of the ACM International Conference on Web Search and Data Mining (WSDM), San Francisco, California, USA, 2016, pp. 153-162.
[49] H. Wang, N. Wang, and D.-Y. Yeung, ”Collaborative Deep Learning for Recommender Systems,” in Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD), Sydney, NSW, Australia, 2015, pp. 1235-1244.
[50] Aäron Van Den Oord, S. Dieleman, and B. Schrauwen, ”Deep content-based music recommendation,” in Proceedings of the International Conference on Neural Information Processing Systems (NIPS), Vol. 2, Lake Tahoe, Nevada, 2013, pp. 2643-2651.
[51] X. Wang and Y. Wang, ”Improving Content-based and Hybrid Music Recommendation using Deep Learning,” in Proceedings of the ACM international conference on Multimedia, Orlando, Florida, USA, 2014, pp. 627-636.
[52] P. Covington, J. Adams, and E. Sargin, ”Deep Neural Networks for YouTube Recommendations,” in Proceedings of the ACM Conference on Recommender Systems (Rec-Sys), Boston, Massachusetts, USA, 2016, pp. 191-198.
[53] H.-T. Cheng, L. Koc, J. Harmsen, T. Shaked, T. Chandra, H. Aradhye, et al., ”Wide & Deep Learning for Recommender Systems,” in Proceedings of the Workshop on Deep Learning for Recommender Systems, Boston, MA, USA, 2016, pp. 7-10.
[54] J. Pennington, R. Socher, and C. Manning, ”Glove: Global Vectors for Word Representation,” in Proceedings of the Conference on Empirical Methods in Natural Language Processing (EMNLP), Doha, Qatar, 2014, pp. 1532-1543.
[55] S. Hochreiter and J. Schmidhuber, ”Long short-term memory,” Neural computation, vol. 9, pp. 1735-1780, 1997.
[56] G. Klambauer, T. Unterthiner, A. Mayr, and S. Hochreiter, ”Self-normalizing neural networks,” in Proceedings of the Advances in Neural Information Processing Systems (NIPS), Long Beach, CA, USA, 2017, pp. 971-980.
[57] D. Kinga and J. B. Adam, ”A method for stochastic optimization,” in International Conference on Learning Representations (ICLR), San Diego, CA, 2015.
[58] A. Go, R. Bhayani, and L. Huang, ”Twitter sentiment classification using distant supervision,” CS224N Project Report, Stanford, vol. 1, 2009.
[59] A. Esuli and F. Sebastiani, ”SENTIWORDNET: A Publicly Available Lexical Resource for Opinion Mining,” in Proceedings of the International Conference on Language Resources and Evaluation (LREC), Genoa, Italy, 2006.
[60] M. Lin, C. Qiang, and Y. Shuicheng, ”Network In Network,” in International Conference on Learning Representations (ICLR), Banff, Canada, 2014.
[61] TonTon H.-D. Huang, ”New Mindset for Malware Battlefield: Bytecode Analysis and Physical Machine-based for Android,” HITCON CMT, Taipei, Taiwan, 2015.
[62] TonTon H.-D. Huang, Chia-Mu Yu, and Hung-Yu Kao, ”R2-D2: Color-Inspired Convolutional Neural Network (CNN)-based Android Malware Detection,” OWASP AppSec
USA, Orlando, Florida, 2017.
[63] TonTon H.-D. Huang, Chia-Mu Yu, and Hung-Yu Kao, ”Look! Ransomware is there: Large Scale Ransomware Detection with Naked Eye,” Ruxcon Security Conference,
Melbourne, Australia, 2017.
[64] TonTon H.-D. Huang, ”Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks,” AI Village, Defcon 26, Las Vegas, Nevada, 2018.
論文全文使用權限
  • 同意授權校內瀏覽/列印電子全文服務,於2021-06-03起公開。
  • 同意授權校外瀏覽/列印電子全文服務,於2021-06-03起公開。


  • 如您有疑問,請聯絡圖書館
    聯絡電話:(06)2757575#65773
    聯絡E-mail:etds@email.ncku.edu.tw