Dynamic Loading Vulnerability Detection for Android Applications Through Ensemble Learning

Valid authentication and security protection measures are not provided for external code and resources executed by dynamic loading technology during the runtime in Android. In this paper, a new method of detecting vulnerabilities related to dynamic loading technology is proposed. Two phases are included in the detection process. Static analysis phase determines the location information of the loading point and extracts the feature vector for each loading procedure. Identification phase classifies the extracted feature vector by means of constructed multilabel classification ensemble learning algorithm. According to the examination result on 4464 Android applications, 37.8% of all applications use the dynamic loading technology, and more than 12% of total test applications are detected with related security deficiencies. Experimental result shows that the detection method can detect vulnerabilities of dynamic loading effectively and is more comprehensive.