| With the rapid development of mobile Internet and the popularization of smartphone in life,the number of mobile application is rapidly increasing.At the same time,the number of malicious application and pirated application shows explosive growth.In order to reap unscrupulous profit,black-product practitioners illegally modify official genuine applications.They repackage applications and submit to APP store,inducing uninformed users to download and install,leading to information disclosure and other issues occur frequently.Finally they undermine the interests of user,developer and APP store.From regulatory,developer and app store's perspectives,the need for relevance between applications,especially repackaging,plagiarism incidents is urgent to solve.And it needs in-depth analysis of security issues derived from related applications.Based on the above analysis,this paper has carried on the research and the design of the mobile Internet related application security analysis technology.The main work of this paper is as follows:(1)This paper proposes an Anti-obfuscation Android Application Similarity Detection Method Based on API Call.Currently,Android applications use confusion mechanisms to protect the code.Judging directly from the bytecode level exist a big bias in similarity detection.At the same time,extracting sequence of behavior from bytecode will result in higher complexity of the algorithm.The practical value is not high and it is difficult to complete high-volume task.To this end,this paper presents an Anti-obfuscation Android Application Similarity Detection Method Based on API Call.Firstly,extract referenced API set from DEX.Then count the number of referenced API after decompiling the application to build feature vector.Finally,calculate the application similarity through feature vector.Referenced API set is not interfered by code obfuscation technique so this method can resist code confusion.In addition,this method has higher detection efficiency than behavioral similarity detection due to the simpler extraction of API set.(2)This paper proposes Android related application security analysis technology based on behavior analysis.Based on the similarity detection of Android applications,this paper further contrasts the behavioral characteristics of the related applications.Compare the detection result to identify security issue and the type of infringement of the applications.This work can help developers gather evidence,protect their rights according to law.This work can auxiliary regulatory applications off the shelf,hold the relevant parties legal responsibility.(3)This paper develops an Android related application security analysis system.To verify the effectiveness of this method,this paper designs and implements an Android related application security analysis system.The technical solutions and overall design of the system are described in detail.It has carried on the detailed description to the design and the realization of each function module of the system.At last,start from similarity detection and security analysis to verify the availability and efficiency of the system.In the code obfuscation condition,the system test repackaged applications.Experimental result shows that this method can effectively improve the accuracy and detection efficiency of Android application similarity detection.System can effectively identify security issues and the type of infringement. |
PDF Full Text Request