Volume 39, Number 2, April 2021
|Page(s)||448 - 453|
|Published online||09 June 2021|
Structural similarity based common library detection method for Android
School of Gyberseusity, Northwestern Polytechnical University, Xi'an 710072, China
2 China Electric Power Research Institute Co., Ltd, Beijing 100192, China
The correct classifying and filtering of common libraries in Android applications can effectively improve the accuracy of repackaged application detection. However, the existing common library detection methods barely meet the requirement of large-scale app markets due to the low detection speed caused by their classification rules. Aiming at this problem, a structural similarity based common library detection method for Android is presented. The sub-packages with weak association to main package are extracted as common library candidates from the decompiled APK (Android application package) by using PDG (program dependency graph) method. With package structures and API calls being used as features, the classifying of those candidates is accomplished through coarse and fine-grained filtering. The experimental results by using real-world applications as dataset show that the detection speed of the present method is higher while the accuracy and false positive rate are both ensured. The method is proved to be efficient and precise.
公用代码库的正确分类与过滤可有效提高Android重打包应用的检测成功率。但现有公用库检测方法使用的分类特征及规则会导致检测效率不高，无法满足大规模应用市场的需求。针对此问题，提出一种基于结构相似性的Android公用代码库检测方法，依靠PDG（program dependency graph）解析反编译后的应用程序安装包，提取弱关联子包，使用包结构相似度与代码文件调用信息作为特征，通过粗细2级粒度的包过滤操作实现公用库分类。基于现实应用市场数据集的实验结果证明，该方法在保证公用代码库检出率与误报率的同时可提高分析速度，具有较高的可伸缩性。
Key words: Android / malware / piggybacked / common library
关键字 : 安卓 / 恶意应用 / 重打包 / 公用库
© 2021 Journal of Northwestern Polytechnical University. All rights reserved.
This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.
Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.
Initial download of the metrics may take a while.