Security Analysis for Android Applications Using Sensitive Path Identification
Author:
Affiliation:

Clc Number:

Fund Project:

National Basic Research Program of China (973) (2014CB340702); National Natural Science Foundation of China (61272080, 91418202, 61403187)

  • Article
  • |
  • Figures
  • |
  • Metrics
  • |
  • Reference
  • |
  • Related
  • |
  • Cited by
  • |
  • Materials
  • |
  • Comments
    Abstract:

    Android system dominates the mobile operating systems at present. Compared with iOS system, Android system is more open and has lots of third-party markets with loose audit mechanism. Therefore, there are more malwares in Android platform. In this paper, an Android security analysis based on sensitive path identification, which includes the static analysis and machine learning methods, is presented. Firstly, since malicious behaviors in malwares have their trigger conditions, the definition of sensitive path is provided. Secondly, a method is proposed to generate the inter-component call graph based on APK files base in the fact that there are a lot of inter-component call relations in Android applications. Thirdly, since the sensitive paths cannot be directly used as features, a method is designed to abstract the sensitive paths. Finally, 493 applications APK files are collected from Android markets and the existing data sets, such as Google Play, Wandoujia and Drebin, to construct a benchmark. Experiments indicate that the proposed method has higher accuracy (97.97%) than the method based on API-feature (90.47%), and its precision, recall and F-measure are also better than API-feature method. Furthermore, the scale of the APK file has influence to the experiment results, especially in analyzing time (when the APK files are within 0-4MB, the average analyzing time is 89 seconds; and when the files become larger, the time increases significantly).

    Reference
    Related
    Cited by
Get Citation

缪小川,汪睿,许蕾,张卫丰,徐宝文.使用敏感路径识别方法分析安卓应用安全性.软件学报,2017,28(9):2248-2263

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:July 13,2016
  • Revised:November 10,2016
  • Adopted:
  • Online: September 02,2017
  • Published:
You are the firstVisitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063