Android: Static Analysis Using Similarity Distance
暂无分享,去创建一个
As Android applications become increasingly ubiquitous, we need algorithms and tools to protect applications from product tampering and piracy, while facilitating valid product updates. Since it is easy to derive Java source code from Android byte code, Android applications are particularly vulnerable to tampering. This paper presents an algorithm, based on a customized similarity distance, which returns a value between 0 and 1, which can serve as a change indicator. Potential applications of the algorithm include 1) to determine if obfuscators, applied by developers, are protecting their code from piracy, 2) to determine if an Android application is infected with malware, facilitating the automatic extraction of the injected malware, and 3) to identify valid code updates and releases as part of the code release cycle.
[1] Yang Xiang,et al. Classification of malware using structured control flow , 2010 .
[2] Paul M. B. Vitányi,et al. Clustering by compression , 2003, IEEE Transactions on Information Theory.
[3] Laurie J. Hendren,et al. Programmer-friendly Decompiled Java , 2006, 14th IEEE International Conference on Program Comprehension (ICPC'06).