|
|
论文:2021,Vol:39,Issue(2):448-453 |
|
|
引用本文: |
|
|
慕志颖, 李智虎, 李晓宇. 一种基于结构相似性的Android公用库检测方法[J]. 西北工业大学学报 |
|
|
MU Zhiying, LI Zhihu, LI Xiaoyu. Structural similarity based common library detection method for Android[J]. Northwestern polytechnical university |
|
|
|
|
|
|
|
| 一种基于结构相似性的Android公用库检测方法 |
|
| 慕志颖1, 李智虎2, 李晓宇1 |
|
1. 西北工业大学 网络安全学院, 陕西 西安 710072;
2. 中国电力科学研究院有限公司, 北京 100192 |
| 摘要: |
| 公用代码库的正确分类与过滤可有效提高Android重打包应用的检测成功率。但现有公用库检测方法使用的分类特征及规则会导致检测效率不高,无法满足大规模应用市场的需求。针对此问题,提出一种基于结构相似性的Android公用代码库检测方法,依靠PDG(program dependency graph)解析反编译后的应用程序安装包,提取弱关联子包,使用包结构相似度与代码文件调用信息作为特征,通过粗细2级粒度的包过滤操作实现公用库分类。基于现实应用市场数据集的实验结果证明,该方法在保证公用代码库检出率与误报率的同时可提高分析速度,具有较高的可伸缩性。 |
| 关键词:
安卓
恶意应用
重打包
公用库
|
|
| Structural similarity based common library detection method for Android |
|
| MU Zhiying1, LI Zhihu2, LI Xiaoyu1 |
|
1. School of Gyberseusity, Northwestern Polytechnical University, Xi'an 710072, China;
2. China Electric Power Research Institute Co., Ltd, Beijing 100192, China |
| Abstract: |
| The correct classifying and filtering of common libraries in Android applications can effectively improve the accuracy of repackaged application detection. However, the existing common library detection methods barely meet the requirement of large-scale app markets due to the low detection speed caused by their classification rules. Aiming at this problem, a structural similarity based common library detection method for Android is presented. The sub-packages with weak association to main package are extracted as common library candidates from the decompiled APK (Android application package) by using PDG (program dependency graph) method. With package structures and API calls being used as features, the classifying of those candidates is accomplished through coarse and fine-grained filtering. The experimental results by using real-world applications as dataset show that the detection speed of the present method is higher while the accuracy and false positive rate are both ensured. The method is proved to be efficient and precise. |
| Key words:
Android
malware
piggybacked
common library
|
|
| 收稿日期: 2020-04-12
修回日期:
|
| DOI: 10.1051/jnwpu/20213920448 |
| 基金项目: 国家自然科学基金(61672433,62074131)与国家密码发展基金(MMJJ20170210)资助 |
| 通讯作者: 李晓宇(1980-),西北工业大学助理研究员,主要从事网络信息安全研究。e-mail:lixiaoyu@nwpu.edu.cn
Email:lixiaoyu@nwpu.edu.cn |
| 作者简介: 慕志颖(1994-),女,西北工业大学博士研究生,主要从事网络信息安全及移动应用安全研究。
|
|
|
|
|
|
|
|
参考文献: |
|
|
[1] Android operating system share worldwide by OS version from 2013 to 2020[EB/OL]. (2020-07-06)[2020-08-23]. https://www.statista.com/statistics/271774/share-of-android-platforms-on-mobile-devices-with-android-os/
[2] ZENG Q, LUO L, QIAN Z, et al. Resilient user-side Android application repackaging and tampering detection using cryptographically obfuscated logic bombs[J]. IEEE Trans on Dependable and Secure Computing, 2019(99):1
[3] Martín I, Hernández J A. CloneSpot:fast detection of Android repackages[J]. Future Generation Computer Systems, 2019, 94:740-748
[4] HE Y, YANG X, HU B, et al. Dynamic privacy leakage analysis of Android third-party libraries[J]. Journal of Information Security and Applications, 2019, 46:259-270
[5] KO J S, JO J S, KIM D H, et al. Real time android ransomware detection by analyzed android applications[C]//2019 International Conference on Electronics, Information, and Communication, 2019
[6] LI L, LI D, BISSYANDE T F, et al. Understanding Android APP piggybacking[C]//2017 IEEE/ACM 39th International Conference on Software Engineering Companion, 2017
[7] LI L, BISSYANDE T F, KLEIN J. SimiDroid:identifying and explaining similarities in android apps[C]//2017 IEEE Trust-com/BigDataSE/ICESS, 2017
[8] LIU S, GAN G. Graph structure-based clustering algorithm for Android third-party libraries[J]. Earth and Environmental Science, 2020, 428(1):012009
[9] ZHOU W, ZHOU Y, GRACE M, et al. Fast scalable detection of piggybacked mobile applications[C]//Proceedings of the Third ACM Conference on Data and Application Security and Privacy, 2013
[10] AGRAWAL P, TRIVEDI B. Unstructured data collection from APK files for malware detection[J]. International Journal of Computer Applications, 2020, 176(28):42-45
[11] LIN P, CHEN Y. Network security situation assessment based on text sim Hash in big data environment[J]. International Journal Network Security, 2019, 21(4):699-708
[12] NG S W, LEI S L, LU J, et al. Speeding up simrank computations by polynomial preconditioners[J]. Applied Numerical Mathematics, 2020, 153:147-163 |
|
|
|
相关文献: |
|
|
1.管峻, 刘慧英, 毛保磊, 蒋煦.基于API配对的Android恶意应用检测[J]. 西北工业大学学报, 2020,38(5): 965-970 |
|
|
|
|
|
|
