Dynamic Loading Vulnerability Detection for Android Applications Through Ensemble Learning

YANG Tianchang; CUI Haoliang; NIU Shaozhang

doi:10.1049/cje.2017.07.001

Volume 26 Issue 5

Turn off MathJax

Article Contents

Article Navigation > Chinese Journal of Electronics > 2017 > 26(5): 960-965

YANG Tianchang, CUI Haoliang, NIU Shaozhang. Dynamic Loading Vulnerability Detection for Android Applications Through Ensemble Learning[J]. Chinese Journal of Electronics, 2017, 26(5): 960-965. doi: 10.1049/cje.2017.07.001

Citation:

YANG Tianchang, CUI Haoliang, NIU Shaozhang. Dynamic Loading Vulnerability Detection for Android Applications Through Ensemble Learning[J]. Chinese Journal of Electronics, 2017, 26(5): 960-965. doi: 10.1049/cje.2017.07.001

Citation:

PDF( 322 KB)

Dynamic Loading Vulnerability Detection for Android Applications Through Ensemble Learning

doi: 10.1049/cje.2017.07.001

Beijing Key Lab of Intelligent Telecommunication Software and Multimedia, Beijing University of Posts and Telecommunications, Beijing 100876, China

Funds: This work is supported by The National Natural Science Foundation of China (No.61370195, No.U1536121).

More Information

Corresponding author: NIU Shaozhang (corresponding author) was born in 1963, he is a professor of School of Computer Science, Beijing University of Posts and Telecommunications, Beijing, China. His research interests include steganography, digital forensics and information security. (Email:szniu@bupt.edu.cn)
Received Date: 2017-01-09
Rev Recd Date: 2017-01-26
Publish Date: 2017-09-10

Abstract

Abstract

Valid authentication and security protection measures are not provided for external code and resources executed by dynamic loading technology during the runtime in Android. In this paper, a new method of detecting vulnerabilities related to dynamic loading technology is proposed. Two phases are included in the detection process. Static analysis phase determines the location information of the loading point and extracts the feature vector for each loading procedure. Identification phase classifies the extracted feature vector by means of constructed multilabel classification ensemble learning algorithm. According to the examination result on 4464 Android applications, 37.8% of all applications use the dynamic loading technology, and more than 12% of total test applications are detected with related security deficiencies. Experimental result shows that the detection method can detect vulnerabilities of dynamic loading effectively and is more comprehensive.
- Dynamic loading,
- Android application,
- Vulnerability,
- Ensemble learning

FullText(HTML)

References(17)

References

D. Maier, M. Protsenko and T. Müller, "A game of Droid and Mouse:The threat of split-personality malware on Android", Computers & Security, Vol.54, pp.2-15, 2015.

S. Poeplau, Y. Fratantonio, A. Bianchi, et al., "Execute this! Analyzing unsafe and malicious dynamic code loading in android applications", Proceedings 2014 Network and Distributed System Security Symposium, San Diego, California, USA, pp.23-26, 2014.

M. Grace, Y. Zhou, Q. Zhang, et al., "RiskRanker:Scalable and accurate zero-day android malware detection", MobiSys'12 Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, Ambleside, UK, pp.281-294, 2012.

L. Batyuk, M. Herpich, S.A. Camtepe, et al., "Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications", MALWARE'11 Proceedings of the 20116th International Conference on Malicious and Unwanted Software, pp.66-72, 2011.

W. Enck, P. Gilbert, S. Han, et al., "TaintDroid:An information-flow tracking system for realtime privacy monitoring on smartphones", ACM Transactions on Computer Systems, Vol.32, No.2, pp.393-407, 2014.

J. Sahs and L. Khan, "A machine learning approach to android malware detection", 2012 European Intelligence and Security Informatics Conference, Odense, Denmark, pp.141-147, 2012.

Min Zhao, Fangbin Ge, Tao Zhang, et al., "AntiMalDroid:An efficient SVM-based malware detection framework for android", Information Computing and Applications, Vol.243, pp.158-166, 2011.

M.C. Grace, W. Zhou, X. Jiang, et al., "Unsafe exposure analysis of mobile in-app advertisements", ACM Conference on Security and Privacy in Wireless and Mobile Networks, Tucson, Arizona, USA, pp.101-112, 2012.

T. Kwon and Z. Su, "Automatic detection of unsafe dynamic component loadings", IEEE Transactions on Software Engineering, Vol.38, No.2, pp.293-313, 2012.

W. Hu, D. Octeau, P.D. Mcdaniel, et al., "Duet:library integrity verification for android applications", ACM Conference on Security and Privacy in Wireless & Mobile Networks, Oxford, UK, pp.141-152, 2014.

B. Min and V. Varadharajan, "Secure dynamic software loading and execution using cross component verification", IEEE/IFIP International Conference on Dependable Systems and Networks, Rio de Janeiro, Brazil, pp.113-124, 2015.

T. Luo, H. Hao, W. Du, et al., "Attacks on WebView in the android system", Twenty-Seventh Computer Security Applications Conference, Orlando, USA, pp.343-352, 2011.

W. Zheng, C. Wang, Z. Liu, et al., "A multi-label classification algorithm based on random walk model", Chinese Journal of Computers, Vol.33, No.8, pp.1418-1426, 2010.

G. Tsoumakas and I. Katakis, "Multi-label classification:An overview", International Journal of Data Warehousing & Mining, Vol.3, No.3, pp.1-13, 2009.

Fu Zhongliang, "Cost-sensitive ensemble learning algorithm for multi-label classification problems", Acta Automatica Sinica, Vol.40, No.6, pp.1075-1085, 2011. (in Chinese)

Anthony Desnos, "androguard", https://github.com/androguard/androguard/, 2015-6-12.

Technische Universität Braunschweig, "The drebin dataset", https://www.sec.cs.tu-bs.de/~danarp/drebin/index.html, 2015-3-9.

Relative Articles

Supplements(0)

Cited By

Proportional views