摘要
公用代码库的正确分类与过滤可有效提高Android重打包应用的检测成功率。但现有公用库检测方法使用的分类特征及规则会导致检测效率不高,无法满足大规模应用市场的需求。针对此问题,提出一种基于结构相似性的Android公用代码库检测方法,依靠PDG(program dependency graph)解析反编译后的应用程序安装包,提取弱关联子包,使用包结构相似度与代码文件调用信息作为特征,通过粗细2级粒度的包过滤操作实现公用库分类。基于现实应用市场数据集的实验结果证明,该方法在保证公用代码库检出率与误报率的同时可提高分析速度,具有较高的可伸缩性。
The correct classifying and filtering of common libraries in Android applications can effectively improve the accuracy of repackaged application detection.However,the existing common library detection methods barely meet the requirement of large-scale app markets due to the low detection speed caused by their classification rules.Aiming at this problem,a structural similarity based common library detection method for Android is presented.The sub-packages with weak association to main package are extracted as common library candidates from the decompiled APK(Android application package)by using PDG(program dependency graph)method.With package structures and API calls being used as features,the classifying of those candidates is accomplished through coarse and fine-grained filtering.The experimental results by using real-world applications as dataset show that the detection speed of the present method is higher while the accuracy and false positive rate are both ensured.The method is proved to be efficient and precise.
作者
慕志颖
李智虎
李晓宇
MU Zhiying;LI Zhihu;LI Xiaoyu(School of Gyberseusity, Northwestern Polytechnical University, Xi′an 710072, China;China Electric Power Research Institute Co., Ltd, Beijing 100192, China)
出处
《西北工业大学学报》
EI
CAS
CSCD
北大核心
2021年第2期448-453,共6页
Journal of Northwestern Polytechnical University
基金
国家自然科学基金(61672433,62074131)
国家密码发展基金(MMJJ20170210)资助。
关键词
安卓
恶意应用
重打包
公用库
Android
malware
piggybacked
common library
