作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程

• 安全技术 • 上一篇    下一篇

基于函数调用图的Android重打包应用检测

吴兴茹,何永忠   

  1. (北京交通大学 计算机与信息技术学院,北京 100044)
  • 收稿日期:2016-08-31 出版日期:2017-11-15 发布日期:2017-11-15
  • 作者简介:吴兴茹(1992—),女,硕士研究生,主研方向为移动安全、信息系统安全;何永忠,副教授、博士。
  • 基金资助:
    国家自然科学基金(61402035)。

Android Repackaged Application Detection Based on Function Call Graph

WU Xingru,HE Yongzhong   

  1. (School of Computer and Information Technology,Beijing Jiaotong University,Beijing 100044,China)
  • Received:2016-08-31 Online:2017-11-15 Published:2017-11-15

摘要: 针对Android第三方市场中重打包应用日益增多的现象,提出一种利用函数调用图检测Android重打包应用的方法。对应用进行反编译,提取并分析Smali代码生成函数调用图,同时将函数中的操作码作为结点的属性对函数调用图进行处理,实现第三方库过滤并保留与界面相关的应用程序接口。在此基础上,用Motif子图结构表示函数调用图,根据子图的相似度计算应用的相似度,从而判断是否为重打包应用。通过对市场中1 630个应用的检测结果表明,该方法具有较高的准确性和良好的可扩展性。

关键词: Android系统, 重打包应用, 函数调用图, 相似度, 子图

Abstract: Aiming at the phenomenon that there is an increasing number of repackaged applications in the Android third-party application market,this paper proposes a method of detecting Android repackaged applications by using function call graph.It decompiles the application to gain the Smali code,analyzes the Smali code to generate a function call graph,processes the function call graph by using theoperationcode as the attribute of the node,filters the third-party library,and saves the Application Program Interface(API) associated with the interface.On this basis,it uses the Motifs’ substructure to representthe function call graph.According to the similarity of the subgraph,it computes the similarity of the application,so as to determine whether it is a repackaged application.Detection results in 1 630 applications in the market show that the proposed method has higher accuracy and better expansibility.

Key words: Android system, repackaged application, function call graph, similarity, subgraph

中图分类号: