Identify and Inspect Libraries in Android Applications

Libraries may become a liability for users security. Existing studies show that libraries can be exploited to propagate malware. Hackers utilize fake or modified libraries to execute malicious behaviours. Vetting library instances in applications are desirable. However, it is impeded by the absence of robust library detection method and library vetting method. This paper proposes a hybrid library detection method that it combines name-based method and feature-based method to identify library instances in applications. It can resist simple identifier renaming. Furthermore, this paper proposes an abnormal library detection method that it utilizes frequent pattern to measure the normal degree of library instances. Comparing with existing methods, the abnormal library detection method can not rely on original library files. A ground truth dataset that it consists of 177 malicious applications with abnormal library instance and 81,317 benign apps is used to demonstrate the effectiveness of proposed approaches. Experimental results show that the approaches can precisely detect library instances and effectively reduce the cost of abnormal library detection.

[1]  Haoyu Wang,et al.  WuKong: a scalable and accurate two-phase approach to Android app clone detection , 2015, ISSTA.

[2]  Ninghui Li,et al.  Android permissions: a perspective combining risks and benefits , 2012, SACMAT '12.

[3]  Erik Derr,et al.  Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android , 2017, CCS.

[4]  Haoyu Wang,et al.  LibRadar: Fast and Accurate Detection of Third-Party Libraries in Android Apps , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering Companion (ICSE-C).

[5]  Carl A. Gunter,et al.  Free for All! Assessing User Data Exposure to Advertising Libraries on Android , 2016, NDSS.

[6]  Xiaofeng Wang,et al.  UIPicker: User-Input Privacy Identification in Mobile Applications , 2015, USENIX Security Symposium.

[7]  Jian Liu,et al.  LibD: Scalable and Precise Third-Party Library Detection in Android Markets , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE).

[8]  Erik Derr,et al.  Reliable Third-Party Library Detection in Android and its Security Applications , 2016, CCS.

[9]  Jianhua Wu,et al.  An Improved Method of Outlier Detection Based on Frequent Pattern , 2010, 2010 WASE International Conference on Information Engineering.

[10]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[11]  Hongxia Jin,et al.  Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps , 2015, MobiSys.

[12]  Jacques Klein,et al.  Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting , 2017, IEEE Transactions on Information Forensics and Security.

[13]  Feng Li,et al.  Android Smartphone Third Party Advertising Library Data Leak Analysis , 2014, 2014 IEEE 11th International Conference on Mobile Ad Hoc and Sensor Systems.

[14]  Muttukrishnan Rajarajan,et al.  Android Security: A Survey of Issues, Malware Penetration, and Defenses , 2015, IEEE Communications Surveys & Tutorials.

[15]  Zengyou He,et al.  FP-outlier: Frequent pattern based outlier detection , 2005, Comput. Sci. Inf. Syst..

[16]  Peng Liu,et al.  Duet: library integrity verification for android applications , 2014, WiSec '14.

[17]  Kai Wang,et al.  Stay in Your Cage! A Sound Sandbox for Third-Party Libraries on Android , 2016, ESORICS.