Ordol: Obfuscation-Resilient Detection of Libraries in Android Applications

被引：6

作者：

Titze, Dennis ^{[1
]}

Lux, Michael ^{[1
]}

Schuette, Julian ^{[1
]}

机构：

[1] Fraunhofer Inst Appl & Integrated Secur AISEC, Garching, Germany

来源：

2017 16TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS / 11TH IEEE INTERNATIONAL CONFERENCE ON BIG DATA SCIENCE AND ENGINEERING / 14TH IEEE INTERNATIONAL CONFERENCE ON EMBEDDED SOFTWARE AND SYSTEMS | 2017年

关键词：

D O I：

10.1109/Trustcom/BigDataSE/ICESS.2017.292

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Android apps often include libraries supporting certain features, or allowing rapid app development. Due to Android's system design, libraries are not easily distinguishable from the app's core code. But detecting libraries in apps is needed especially in app analysis, e.g., to determine if functionality is executed in the app, or in the code of the library. Previous approaches detected libraries in ways which are susceptible to code obfuscation. For some approaches, even simple obfuscation will cause unrecognised libraries. Our approach - Ordol - builds upon approaches from plagiarism detection to detect a specific library version inside an app in an obfuscation-resilient manner. We show that Ordol can cope well with obfuscated code and can be easily applied to real life apps.

引用

页码：618 / 625

页数：8

共 17 条

[1]

AppTornado, 2017, APPBRAIN ANDR LIB ST

[2] Reliable Third-Party Library Detection in Android and its Security Applications [J].

Backes, Michael ;

Bugiel, Sven ;

Derr, Erik .

CCS'16: PROCEEDINGS OF THE 2016 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2016, :356-367

[3]

Book T., 2013, CORR, Vabs/1303.0857

[4]

Crussell J., 2012, ATTACK CLONES DETECT, P37

[5]

Duan R., 2012, P 23 ANN ACM SIAM S, P1413, DOI DOI 10.1137/1.9781611973099.111

[6]

Grace M. C., 2012, 5 ACM C SEC PRIV WIR, P101

[7]

Hanna Steve, 2013, Detection of Intrusions and Malware, and Vulnerability Assessment. 9th International Conference, DIMVA 2012. Revised Selected Papers, P62, DOI 10.1007/978-3-642-37300-8_4

[8]

HaoyuWang Yao Guo, 2015, P 2015 INT S SOFTW T, P71, DOI 10.1145/2771783.2771795

[9] A method for detecting the theft of Java']Java programs through analysis of the control flow information [J].

Lim, Hyun-il ;

Park, Heewan ;

Choi, Seokwoo ;

Han, Taisook .

INFORMATION AND SOFTWARE TECHNOLOGY, 2009, 51 (09) :1338-1350

[10]

Ma Z., 2017, TOP LIB

← 1 2 →