| 王浩宇,郭耀,马子昂,陈向群.大规模移动应用第三方库自动检测和分类方法.软件学报,2017,28(6):1373-1388 |
| 大规模移动应用第三方库自动检测和分类方法 |
| Automated Detection and Classification of Third-Party Libraries in Large Scale Android Apps |
| 投稿时间:2016-05-08 修订日期:2016-09-09 |
| DOI:10.13328/j.cnki.jos.005221 |
| 中文关键词: Android 第三方库 广告库 移动应用 机器学习 |
| 英文关键词:Android third-party library advertisement library mobile apps machine learning |
| 基金项目:国家自然科学基金(61421061,61421091);国家高技术研究发展计划(863)(2015AA017202) |
|
| 摘要点击次数: 2123 |
| 全文下载次数: 1945 |
| 中文摘要: |
| 移动应用中,广泛使用第三方库来帮助开发和增强应用功能.很多关于移动应用分析以及访问控制的研究工作,需要在分析之前对第三方库进行检测、过滤或者对其进行功能分类.当前,大部分研究工作都以使用白名单的方式来检测第三方库或者对其功能进行分类.然而,通过白名单检测第三方库不完善且不准确,其原因包括:(1)第三方库的种类和数量很大;(2)常见的代码混淆或者第三方库伪装等技术使得白名单方法不能准确地识别第三方库.提出一种第三方库自动检测和分类方法,包括基于多级聚类技术准确识别第三方库以及基于机器学习对第三方库的功能进行准确分类.实验对超过130 000个Android应用进行分析,验证所提出方法的有效性.实验总共检测到4 916个不同的第三方库.在人工标记的数据集上,通过十折交叉验证,对第三方库分类的准确率达到84.28%.将训练好的分类器应用于全部4 916个检测到的第三方库,人工进行抽样验证的准确率达到75%. |
| 英文摘要: |
| Third-Party libraries are widely used in mobile applications such as Android apps. Much research on app analysis or access control needs to detect or classify third-party libraries first in order to provide accurate results. Most previous studies use a whitelist to identify third-party libraries and manually categorize them. However, it is impossible to build a complete whitelist of third-party libraries and classify them because:(1) there are too many of them; and (2) common techniques such as library obfuscation and library masquerading cannot be handled with a whitelist. In this paper, an automated approach is proposed to detect and classify frequently-used third-party libraries in Android apps. A multi-level clustering based method is presented to identify third-party libraries, and a machine learning based technique is applied to classify the libraries. Experiments on more than 130 000 apps show that 4 916 third-party libraries can be detected without prior knowledge. The classification result of 10-folds cross validation on sampled libraries is 84.28%. With the trained classifier, the proposed approach is able to classify more than 75% of the 4 916 libraries into six categories with an accuracy of 75%. |
|
HTML 下载PDF全文 查看/发表评论 下载PDF阅读器 |
