| With the rapid development of mobile Internet,the use of mobile phones in people's lives is increasing,and the application of mobile phones is exploding.At the same time,there are a lot of counterfeit applications that are repackaged.For personal gain,malicious developers repackage applications,insert codes into legitimate applications,modify content and upload them to application stores,induce users to download and use them without knowing it,in order to steal users'advertising traffic and privacy information.Repackaged applications are prevalent in various application stores,which seriously threaten the security of users'mobile phones and privacy.Applying the repackaging detection technology to detect whether the application is repackaged or not,the code similarity outside the third-party library is removed by comparing the two applications.However,there are several problems in the existing repackaging detection technology.One is that the third party library is not removed enough,which leads to the low accuracy of repackaging detection.The other is that no specific analysis is made on the behavior of rep ac kaging.Based on the above problems,this paper studies and designs the behavior analysis system of Android re-packaged application,and implements the system development.The specific work of this paper is as follows:1.An Android third-party library identification method based on domain name extension information is proposed.Aiming at the problem that the existing identification methods of Android third-party libraries have insufficient ability to identify third-party libraries,this paper proposes an identification method of Android third-party libraries based on domain name extension information.Methods The domain name information of the third party library code was used as the identification feature of the third party library,and the domain name information was searched by search engine to enlarge and complete the domain name features.Methods The training classifier was used to classify the text of domain name extension information to realize the recognition of Android third-party library.Compared with the existing third-party library identification methods,the Android third-party library identification method based on domain name extension information has higher accuracy and recall rate,and can identify the third-party library with less use.2.An analysis method of Android repackaging behavior is proposed.Existing methods do not automatically analyze the type of repackaging behavior of the results of repackaging test.In this paper,a behavior analysis method of repackaging application is proposed.Methods The location of code modification was analyzed,including resource files,core codes and third party libraries,and whether sensitive privileges were added through code modification was automatically analyzed.3.Design and develop an Android Repackaged Application Analysis System.Aiming at the problem of time-consuming in large-scale application of existing detection methods,a new method of re-packaging detection for large-scale application is proposed.Firstly,a part of UI information is used to screen a large number of applications,and then the possible re-packaged application pairs are screened out in a coarse-grained way.Then,API calls are used to detect the preliminary screening results in a fine-grained way.Compared with traditional methods,this method has higher detection efficiency.In order to implement the proposed behavior analysis scheme for Android re-packaging,this paper designs and develops an application analysis system for Android re-packaging,and describes the technology and process of each module in detail.Finally,the feasibility,accuracy and efficiency of the system are verified by experiments.It verifies that the system can identify the third party library comprehensively,detect the behavior of repackaging efficiently,and analyze the intention of the behavior of repackaging. |
PDF Full Text Request