计算机科学

计算机科学 ›› 2019, Vol. 46 ›› Issue (5): 83-91.doi: 10.11896/j.issn.1002-137X.2019.05.013

• 信息安全 • 上一篇    下一篇

面向Android第三方库的共谋行为检测

张婧, 李瑞轩, 汤俊伟, 韩洪木, 辜希武   

  1. (华中科技大学计算机科学与技术学院 武汉430074)
  • 收稿日期:2018-10-01 修回日期:2018-12-02 发布日期:2019-05-15
  • 作者简介:张 婧(1994-),女,硕士生,主要研究方向为移动安全,E-mail:zhangjing94@hust.edu.cn;李瑞轩(1974-),男,博士,教授,CCF杰出会员,主要研究方向为移动安全、系统安全、区块链,E-mail:rxli@hust.edu.cn(通信作者);汤俊伟(1990-),男,博士生,主要研究方向为移动安全;韩洪木(1980-),男,博士生,主要研究方向为移动安全;辜希武(1967-),男,硕士生,主要研究方向为移动安全。
  • 基金资助:
    国家重点研发计划(2016YFB0800402,2016QY01W0202),国家自然科学基金项目(U1836204,61572221,61433006,U1401258,61502185),国家社科基金重大项目(16ZDA0092),广西高等学校高水平创新团队-数字东盟云大数据安全与挖掘技术创新团队资助。

Collusion Behavior Detection Towards Android Third-party Libraries

ZHANG Jing, LI Rui-xuan, TANG Jun-wei, HAN Hong-mu, GU Xi-wu   

  1. (School of Computer Science and Technology,Huazhong University of Science and Technology,Wuhan 430074,China)
  • Received:2018-10-01 Revised:2018-12-02 Published:2019-05-15

PDF (PC)

1081

摘要: 第三方库是安卓应用重要的组成部分,应用开发者往往会引入一些具有特定功能的第三方库进行快速开发。针对Android第三方库中存在的共谋风险,提出了面向Android第三方库的共谋行为检测的研究。Android第三方库与应用属于不同的利益体,隐藏在第三方库中的通信行为可以视为应用共谋的一种特殊情况,同样会引发权限提升、组件劫持、性能消耗等恶意行为,这些行为可以引起过多的系统消耗,甚至是引发安全威胁。文中对近些年来国内外学者在该研究领域取得的成果进行了系统总结,给出了研究的共谋定义,并对Android第三方库共谋行为可能产生的风险威胁进行了分析。然后详细介绍了安卓第三方库共谋行为检测的设计方案。针对测试集中的29个第三方库的实验表明,所提设计方案的精确率达到了100%,召回率为89.66%,F-measure值为0.945;同时,本实验还对下载的1207个第三方库进行了分析,对41个国内著名的第三方库非敏感信息共谋行为导致的资源消耗情况进行了验证。最后,对工作进行了总结,并对未来研究进行了展望。

关键词: 安卓第三方库, 敏感路径, 应用共谋, 组件通信

Abstract: Third-party library is an important part of Android applications.Application developers often introduce some third-party libraries with specific functions forrapid development.Concerning the risk of collusion in Android third-party libraries,this paper studied the collusion of Android third-party libraries.Android third-party libraries and applications belong to different interests.Communication behaviors hidden in third-party libraries can be considered as a special case of application collusion,and it will also lead to privilege escalation and component hijacking.Furthermore,these behaviors can cause excessive system consumption,and even trigger security threats.This paper presented a systematic survey of existing research achievements of the domestic and foreign researchers in recent years.First,this paper gave the definition of collusion,and analyzed the risks of the collusion behavior in Android third-party libraries.Then,it pre-sented the design of the Android third-party library collusion behavior detection system in detail.For the 29 third-party libraries in the test set,the experiment shows that the accuracy of this design is 100%,the recall rate is 89.66%,and the F-measure value is 0.945.At the same time,the downloaded 1207 third-party libraries were analyzed.The experiments also verify the resource consumption caused by non-sensitive information collusion behavior of 41 domestic famous third-party libraries.Finally,this paper concluded the work and gave a perspective of the future work.

Key words: Android third-party library, Application collusion, Inter-component communication, Sensitive path

中图分类号: 

  • TP309
[1]China Internet Development Statistics Report[OL].[2018-01-31].http://www.cac.gov.cn/2018-01/31/c_1122347026.htm.
[2]VIENNOT N,GARCIA E,NIEH J.A measurement study of google play[C]∥Proceedings of the 2014 ACM International Conference on Measurement and Modeling of Computer Systems.New York:ACM,2014:221-233.
[3]SEO J,KIM D,CHO D,et al.FLEXDROID:Enforcing In-App Privilege Separation in Android[C]∥Proceedings of the 23th Annual Network & Distributed System Security Symposium.Reston,Virginia:ISOC,2016:1-15.
[4]LI Q,CLARK G.Mobile Security:A Look Ahead[J].IEEE Security & Privacy,2013,11(1):78-81.
[5]ZHANG Z W,LEI L G,WANG Y W.Studying the Implementation and Security of the Permission Mechanism in Android[J].Netinfo Security,2012(8):3-6.(in Chinese)张中文,雷灵光,王跃武.Android Permission机制的实现与安全分析[J].信息网络安全,2012(8):3-6.
[6]BHANDARI S,JABALLAH W B,JAIN V,et al.Android App Collusion Threat and Mitigation Techniques[OL].[2018-05-27].https://arxiv.org/pdf/1611.10076.
[7]LIU B,JIN H X,GOVINDAN R.Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps[C]∥Proceedings of the 13th International Conference on Mobile System,Applications,and Services.New York:ACM,2015:89-103.
[8]WANG J,WU H.Android Inter-App Communication Threats,Solutions,and Challenges[OL].[2018-05-27].https://arxiv.org/pdf/1803.05039.
[9]TAYLOR V F,BERESFORD A R,MARTINOVIC I.Intra-Library Collusion:A Potential Privacy Nightmare on Smartphones[OL].[2018-05-27].https://arxiv.org/pdf/1708.03520.
[10]LI L,ALEXANDRE B,TEGAWENDÉ F,et al.Apkcombiner:Combining multiple android apps to support inter-app analysis[C]∥Proceedings of the 30th ICT Systems Security and Privacy Protection.Berlin:Springer,2015:513-527.
[11]RAVITCH T,CRESWICKE R,TOMB A,et al.Multi-App Security Analysis with FUSE:Statically Detecting Android App Collusion[C]∥Proceedings of the 4th Program Protection and Reverse Engineering Workshop.New York:ACM,2014:1-10.
[12]ZHANG M,YANG L,ZHANG J W.FuzzerAPP:The Robustness Test of Application Component Communication in Android[J].Journal of Computer Research and Development,2017,54(2):338-347.(in Chinese)张密,杨力,张俊伟.FuzzerAPP:Android应用程序组件通信鲁棒性测试[J].计算机研究与发展,2017,54(2):338-347.
[13]BLASCO J,CHEN T M.Automated generation of colludingapps for experimental research[J].Journal of Computer Virology & Hacking Techniques,2018,14(2):127-138.
[14]ASAVOAE I M,BLASCO J,CHEN T M,et al.Towards Automated Android App Collusion Detection[C]∥Proceedings of the 1st International Workshop on Innovations in Mobile Privacy and Security.2016.
[15]WEI F G,ROY S,OU X M,et al.Amandroid:A Precise andGeneral Inter-Component Data Flow Analysis Framework for Security Vetting of Android Apps[C]∥Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security.New York:ACM,2014:1329-1341.
[16]BOSU A,LIU F,YAO D F,et al.Collusive Data Leak andMore:Large-scale Threat Analysis of Inter-app Communications[C]∥Proceedings of the 12th ACM on Asia Conference on Computer and Communications Security.New York:ACM,2017:71-85.
[17]OCTEAU D,LUCHAUPD,DERINGM,et al.Composite con-stant propagation:Application to android intercomponent communication analysis[C]∥Proceedings of the 37th International Confe-rence on Software Engineering (ICSE),2015.
[18]BUGIELS,DAVI L,DMITRIENKO A,et al.Xmandroid:Anew android evolution to mitigate privilege escalation attacks:Technical Report TR-2011-04[R].Technische Universitadt Darmstadt,2011.
[19]FENG H,FAWAZ K,SHIN K G.LinkDroid:Reducing Unregulated Aggregation of App Usage Behaviors[C]∥Proceedings of the 24th USENIX Security Symposium.Berkely,CA:USENIX,2015:769-783.
[20]BACKES M,BUGIEL S,DERR E.Reliable Third-Party LibraryDetection in Android and its Security Applications[C]∥Proceedings of the 23th ACM Conference on Computer and Communications Security.New York:ACM,2016:356-367.
[21]XU M W,MA Y,LIU X Z,et al.AppHolmes:Detecting and Characterizing App Collusion among Third-Party Android Markets[C]∥Proceedings of the 16th International Conference on World Wide Web.Holland:Elsevier,2017.
[1] 宁晗阳, 马苗, 杨波, 刘士昌.
密码学智能化研究进展与分析
Research Progress and Analysis on Intelligent Cryptology
计算机科学, 2022, 49(9): 288-296. https://doi.org/10.11896/jsjkx.220300053
[2] 汤凌韬, 王迪, 张鲁飞, 刘盛云.
基于安全多方计算和差分隐私的联邦学习方案
Federated Learning Scheme Based on Secure Multi-party Computation and Differential Privacy
计算机科学, 2022, 49(9): 297-305. https://doi.org/10.11896/jsjkx.210800108
[3] 柳杰灵, 凌晓波, 张蕾, 王博, 王之梁, 李子木, 张辉, 杨家海, 吴程楠.
基于战术关联的网络安全风险评估框架
Network Security Risk Assessment Framework Based on Tactical Correlation
计算机科学, 2022, 49(9): 306-311. https://doi.org/10.11896/jsjkx.210600171
[4] 吕由, 吴文渊.
隐私保护线性回归方案与应用
Privacy-preserving Linear Regression Scheme and Its Application
计算机科学, 2022, 49(9): 318-325. https://doi.org/10.11896/jsjkx.220300190
[5] 窦家维.
保护隐私的汉明距离与编辑距离计算及应用
Privacy-preserving Hamming and Edit Distance Computation and Applications
计算机科学, 2022, 49(9): 355-360. https://doi.org/10.11896/jsjkx.220100241
[6] 高春刚, 王永杰, 熊鑫立.
MTDCD:一种对抗网络入侵的混合防御机制
MTDCD:A Hybrid Defense Mechanism Against Network Intrusion
计算机科学, 2022, 49(7): 324-331. https://doi.org/10.11896/jsjkx.210600193
[7] 梁珍珍, 徐明.
基于海洋水声信道的密钥协商方案
Key Agreement Scheme Based on Ocean Acoustic Channel
计算机科学, 2022, 49(6): 356-362. https://doi.org/10.11896/jsjkx.210400097
[8] 杜鸿毅, 杨华, 刘艳红, 杨鸿鹏.
基于网络媒体的非线性动力学信息传播模型
Nonlinear Dynamics Information Dissemination Model Based on Network Media
计算机科学, 2022, 49(6A): 280-284. https://doi.org/10.11896/jsjkx.210500043
[9] 傅丽玉, 陆歌皓, 吴义明, 罗娅玲.
区块链技术的研究及其发展综述
Overview of Research and Development of Blockchain Technology
计算机科学, 2022, 49(6A): 447-461. https://doi.org/10.11896/jsjkx.210600214
[10] 卫宏儒, 李思月, 郭涌浩.
基于智能合约的秘密重建协议
Secret Reconstruction Protocol Based on Smart Contract
计算机科学, 2022, 49(6A): 469-473. https://doi.org/10.11896/jsjkx.210700033
[11] 梁懿雯, 杜育松.
抵御计时攻击的基于Knuth-Yao的二元离散高斯采样算法
Timing Attack Resilient Sampling Algorithms for Binary Gaussian Based on Knuth-Yao
计算机科学, 2022, 49(6A): 485-489. https://doi.org/10.11896/jsjkx.210600017
[12] 闫萌, 林英, 聂志深, 曹一凡, 皮欢, 张兰.
一种提高联邦学习模型鲁棒性的训练方法
Training Method to Improve Robustness of Federated Learning
计算机科学, 2022, 49(6A): 496-501. https://doi.org/10.11896/jsjkx.210400298
[13] 陈彦冰, 钟超然, 周超然, 薛凌妍, 黄海平.
基于医疗联盟链的跨域认证方案设计
Design of Cross-domain Authentication Scheme Based on Medical Consortium Chain
计算机科学, 2022, 49(6A): 537-543. https://doi.org/10.11896/jsjkx.220200139
[14] 周航, 姜河, 赵琰, 解相朋.
适用于各单元共识交易的电力区块链系统优化调度研究
Study on Optimal Scheduling of Power Blockchain System for Consensus Transaction ofEach Unit
计算机科学, 2022, 49(6A): 771-776. https://doi.org/10.11896/jsjkx.210600241
[15] 刘林云, 陈开颜, 李雄伟, 张阳, 谢方方.
基于卷积神经网络的旁路密码分析综述
Overview of Side Channel Analysis Based on Convolutional Neural Network
计算机科学, 2022, 49(5): 296-302. https://doi.org/10.11896/jsjkx.210300286
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发