%A YE Yi-lin, WU Li-fa and YAN Hui-ying %T Two-layer Semantics-based Security Detection Approach for Android Native Libraries %0 Journal Article %D 2017 %J Computer Science %R 10.11896/j.issn.1002-137X.2017.06.027 %P 161-167 %V 44 %N 6 %U {https://www.jsjkx.com/CN/abstract/article_718.shtml} %8 2018-11-13 %X Native code has been widely used in Android applications,providing a new attack vector for attackers,which raises increasing security concerns.Existing Android malware detection approaches mainly focus on the analysis of Java code or the Dalvik code compiled from Java code,ignoring the native code used in Android applications.To combat this emerging threat,this paper proposed a novel two-layer semantics-based security detection method for Android native libraries.To begin with,on the base of native method call paths,the semantics of native method in Java layer is extracted by analyzing the data dependence between native methods and Java methods and the type of the entry points of native method call paths.For semantics of native code in native layer,five kinds of suspicious behaviors are defined,including data uploading,data downloading,reading or writing in sensitive system paths,sensitive strings,suspicious calling of Java methods.More specifically,IDA Pro and IDA Python are utilized to analyze the behaviors of native code mentioned above.Experiments are evaluated using the open source machine learning tool Weka with 5336 benign Android applications and 3426 Android malware,the results of which show that the best accuracy achieves 92.4%.It proves that our method can effectively detect the security of native libraries used in Android applications.