Identify and Inspect Libraries in Android Applications
Abstract Libraries may become a liability for users security. Existing studies show that libraries can be exploited to propagate malware. Hackers utilize fake or modified libraries to execute malicious behaviours. Vetting library instances in applications are desirable. However, it is impeded by the...
Ausführliche Beschreibung
Autor*in: |
Han, Hongmu [verfasserIn] |
---|
Format: |
Artikel |
---|---|
Sprache: |
Englisch |
Erschienen: |
2018 |
---|
Schlagwörter: |
---|
Anmerkung: |
© Springer Science+Business Media, LLC, part of Springer Nature 2018 |
---|
Übergeordnetes Werk: |
Enthalten in: Wireless personal communications - Springer US, 1994, 103(2018), 1 vom: 08. Feb., Seite 491-503 |
---|---|
Übergeordnetes Werk: |
volume:103 ; year:2018 ; number:1 ; day:08 ; month:02 ; pages:491-503 |
Links: |
---|
DOI / URN: |
10.1007/s11277-018-5456-4 |
---|
Katalog-ID: |
OLC2053822627 |
---|
LEADER | 01000caa a22002652 4500 | ||
---|---|---|---|
001 | OLC2053822627 | ||
003 | DE-627 | ||
005 | 20230504080130.0 | ||
007 | tu | ||
008 | 200819s2018 xx ||||| 00| ||eng c | ||
024 | 7 | |a 10.1007/s11277-018-5456-4 |2 doi | |
035 | |a (DE-627)OLC2053822627 | ||
035 | |a (DE-He213)s11277-018-5456-4-p | ||
040 | |a DE-627 |b ger |c DE-627 |e rakwb | ||
041 | |a eng | ||
082 | 0 | 4 | |a 620 |q VZ |
100 | 1 | |a Han, Hongmu |e verfasserin |0 (orcid)0000-0002-6909-5242 |4 aut | |
245 | 1 | 0 | |a Identify and Inspect Libraries in Android Applications |
264 | 1 | |c 2018 | |
336 | |a Text |b txt |2 rdacontent | ||
337 | |a ohne Hilfsmittel zu benutzen |b n |2 rdamedia | ||
338 | |a Band |b nc |2 rdacarrier | ||
500 | |a © Springer Science+Business Media, LLC, part of Springer Nature 2018 | ||
520 | |a Abstract Libraries may become a liability for users security. Existing studies show that libraries can be exploited to propagate malware. Hackers utilize fake or modified libraries to execute malicious behaviours. Vetting library instances in applications are desirable. However, it is impeded by the absence of robust library detection method and library vetting method. This paper proposes a hybrid library detection method that it combines name-based method and feature-based method to identify library instances in applications. It can resist simple identifier renaming. Furthermore, this paper proposes an abnormal library detection method that it utilizes frequent pattern to measure the normal degree of library instances. Comparing with existing methods, the abnormal library detection method can not rely on original library files. A ground truth dataset that it consists of 177 malicious applications with abnormal library instance and 81,317 benign apps is used to demonstrate the effectiveness of proposed approaches. Experimental results show that the approaches can precisely detect library instances and effectively reduce the cost of abnormal library detection. | ||
650 | 4 | |a Android apps | |
650 | 4 | |a Library detection | |
650 | 4 | |a Frequent pattern | |
650 | 4 | |a Abnormal library | |
650 | 4 | |a Malware | |
700 | 1 | |a Li, Ruixuan |4 aut | |
700 | 1 | |a Tang, Junwei |4 aut | |
773 | 0 | 8 | |i Enthalten in |t Wireless personal communications |d Springer US, 1994 |g 103(2018), 1 vom: 08. Feb., Seite 491-503 |w (DE-627)188950273 |w (DE-600)1287489-9 |w (DE-576)049958909 |x 0929-6212 |7 nnns |
773 | 1 | 8 | |g volume:103 |g year:2018 |g number:1 |g day:08 |g month:02 |g pages:491-503 |
856 | 4 | 1 | |u https://doi.org/10.1007/s11277-018-5456-4 |z lizenzpflichtig |3 Volltext |
912 | |a GBV_USEFLAG_A | ||
912 | |a SYSFLAG_A | ||
912 | |a GBV_OLC | ||
912 | |a SSG-OLC-MKW | ||
912 | |a GBV_ILN_70 | ||
951 | |a AR | ||
952 | |d 103 |j 2018 |e 1 |b 08 |c 02 |h 491-503 |
author_variant |
h h hh r l rl j t jt |
---|---|
matchkey_str |
article:09296212:2018----::dniynisetirreiadod |
hierarchy_sort_str |
2018 |
publishDate |
2018 |
allfields |
10.1007/s11277-018-5456-4 doi (DE-627)OLC2053822627 (DE-He213)s11277-018-5456-4-p DE-627 ger DE-627 rakwb eng 620 VZ Han, Hongmu verfasserin (orcid)0000-0002-6909-5242 aut Identify and Inspect Libraries in Android Applications 2018 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier © Springer Science+Business Media, LLC, part of Springer Nature 2018 Abstract Libraries may become a liability for users security. Existing studies show that libraries can be exploited to propagate malware. Hackers utilize fake or modified libraries to execute malicious behaviours. Vetting library instances in applications are desirable. However, it is impeded by the absence of robust library detection method and library vetting method. This paper proposes a hybrid library detection method that it combines name-based method and feature-based method to identify library instances in applications. It can resist simple identifier renaming. Furthermore, this paper proposes an abnormal library detection method that it utilizes frequent pattern to measure the normal degree of library instances. Comparing with existing methods, the abnormal library detection method can not rely on original library files. A ground truth dataset that it consists of 177 malicious applications with abnormal library instance and 81,317 benign apps is used to demonstrate the effectiveness of proposed approaches. Experimental results show that the approaches can precisely detect library instances and effectively reduce the cost of abnormal library detection. Android apps Library detection Frequent pattern Abnormal library Malware Li, Ruixuan aut Tang, Junwei aut Enthalten in Wireless personal communications Springer US, 1994 103(2018), 1 vom: 08. Feb., Seite 491-503 (DE-627)188950273 (DE-600)1287489-9 (DE-576)049958909 0929-6212 nnns volume:103 year:2018 number:1 day:08 month:02 pages:491-503 https://doi.org/10.1007/s11277-018-5456-4 lizenzpflichtig Volltext GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-MKW GBV_ILN_70 AR 103 2018 1 08 02 491-503 |
spelling |
10.1007/s11277-018-5456-4 doi (DE-627)OLC2053822627 (DE-He213)s11277-018-5456-4-p DE-627 ger DE-627 rakwb eng 620 VZ Han, Hongmu verfasserin (orcid)0000-0002-6909-5242 aut Identify and Inspect Libraries in Android Applications 2018 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier © Springer Science+Business Media, LLC, part of Springer Nature 2018 Abstract Libraries may become a liability for users security. Existing studies show that libraries can be exploited to propagate malware. Hackers utilize fake or modified libraries to execute malicious behaviours. Vetting library instances in applications are desirable. However, it is impeded by the absence of robust library detection method and library vetting method. This paper proposes a hybrid library detection method that it combines name-based method and feature-based method to identify library instances in applications. It can resist simple identifier renaming. Furthermore, this paper proposes an abnormal library detection method that it utilizes frequent pattern to measure the normal degree of library instances. Comparing with existing methods, the abnormal library detection method can not rely on original library files. A ground truth dataset that it consists of 177 malicious applications with abnormal library instance and 81,317 benign apps is used to demonstrate the effectiveness of proposed approaches. Experimental results show that the approaches can precisely detect library instances and effectively reduce the cost of abnormal library detection. Android apps Library detection Frequent pattern Abnormal library Malware Li, Ruixuan aut Tang, Junwei aut Enthalten in Wireless personal communications Springer US, 1994 103(2018), 1 vom: 08. Feb., Seite 491-503 (DE-627)188950273 (DE-600)1287489-9 (DE-576)049958909 0929-6212 nnns volume:103 year:2018 number:1 day:08 month:02 pages:491-503 https://doi.org/10.1007/s11277-018-5456-4 lizenzpflichtig Volltext GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-MKW GBV_ILN_70 AR 103 2018 1 08 02 491-503 |
allfields_unstemmed |
10.1007/s11277-018-5456-4 doi (DE-627)OLC2053822627 (DE-He213)s11277-018-5456-4-p DE-627 ger DE-627 rakwb eng 620 VZ Han, Hongmu verfasserin (orcid)0000-0002-6909-5242 aut Identify and Inspect Libraries in Android Applications 2018 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier © Springer Science+Business Media, LLC, part of Springer Nature 2018 Abstract Libraries may become a liability for users security. Existing studies show that libraries can be exploited to propagate malware. Hackers utilize fake or modified libraries to execute malicious behaviours. Vetting library instances in applications are desirable. However, it is impeded by the absence of robust library detection method and library vetting method. This paper proposes a hybrid library detection method that it combines name-based method and feature-based method to identify library instances in applications. It can resist simple identifier renaming. Furthermore, this paper proposes an abnormal library detection method that it utilizes frequent pattern to measure the normal degree of library instances. Comparing with existing methods, the abnormal library detection method can not rely on original library files. A ground truth dataset that it consists of 177 malicious applications with abnormal library instance and 81,317 benign apps is used to demonstrate the effectiveness of proposed approaches. Experimental results show that the approaches can precisely detect library instances and effectively reduce the cost of abnormal library detection. Android apps Library detection Frequent pattern Abnormal library Malware Li, Ruixuan aut Tang, Junwei aut Enthalten in Wireless personal communications Springer US, 1994 103(2018), 1 vom: 08. Feb., Seite 491-503 (DE-627)188950273 (DE-600)1287489-9 (DE-576)049958909 0929-6212 nnns volume:103 year:2018 number:1 day:08 month:02 pages:491-503 https://doi.org/10.1007/s11277-018-5456-4 lizenzpflichtig Volltext GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-MKW GBV_ILN_70 AR 103 2018 1 08 02 491-503 |
allfieldsGer |
10.1007/s11277-018-5456-4 doi (DE-627)OLC2053822627 (DE-He213)s11277-018-5456-4-p DE-627 ger DE-627 rakwb eng 620 VZ Han, Hongmu verfasserin (orcid)0000-0002-6909-5242 aut Identify and Inspect Libraries in Android Applications 2018 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier © Springer Science+Business Media, LLC, part of Springer Nature 2018 Abstract Libraries may become a liability for users security. Existing studies show that libraries can be exploited to propagate malware. Hackers utilize fake or modified libraries to execute malicious behaviours. Vetting library instances in applications are desirable. However, it is impeded by the absence of robust library detection method and library vetting method. This paper proposes a hybrid library detection method that it combines name-based method and feature-based method to identify library instances in applications. It can resist simple identifier renaming. Furthermore, this paper proposes an abnormal library detection method that it utilizes frequent pattern to measure the normal degree of library instances. Comparing with existing methods, the abnormal library detection method can not rely on original library files. A ground truth dataset that it consists of 177 malicious applications with abnormal library instance and 81,317 benign apps is used to demonstrate the effectiveness of proposed approaches. Experimental results show that the approaches can precisely detect library instances and effectively reduce the cost of abnormal library detection. Android apps Library detection Frequent pattern Abnormal library Malware Li, Ruixuan aut Tang, Junwei aut Enthalten in Wireless personal communications Springer US, 1994 103(2018), 1 vom: 08. Feb., Seite 491-503 (DE-627)188950273 (DE-600)1287489-9 (DE-576)049958909 0929-6212 nnns volume:103 year:2018 number:1 day:08 month:02 pages:491-503 https://doi.org/10.1007/s11277-018-5456-4 lizenzpflichtig Volltext GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-MKW GBV_ILN_70 AR 103 2018 1 08 02 491-503 |
allfieldsSound |
10.1007/s11277-018-5456-4 doi (DE-627)OLC2053822627 (DE-He213)s11277-018-5456-4-p DE-627 ger DE-627 rakwb eng 620 VZ Han, Hongmu verfasserin (orcid)0000-0002-6909-5242 aut Identify and Inspect Libraries in Android Applications 2018 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier © Springer Science+Business Media, LLC, part of Springer Nature 2018 Abstract Libraries may become a liability for users security. Existing studies show that libraries can be exploited to propagate malware. Hackers utilize fake or modified libraries to execute malicious behaviours. Vetting library instances in applications are desirable. However, it is impeded by the absence of robust library detection method and library vetting method. This paper proposes a hybrid library detection method that it combines name-based method and feature-based method to identify library instances in applications. It can resist simple identifier renaming. Furthermore, this paper proposes an abnormal library detection method that it utilizes frequent pattern to measure the normal degree of library instances. Comparing with existing methods, the abnormal library detection method can not rely on original library files. A ground truth dataset that it consists of 177 malicious applications with abnormal library instance and 81,317 benign apps is used to demonstrate the effectiveness of proposed approaches. Experimental results show that the approaches can precisely detect library instances and effectively reduce the cost of abnormal library detection. Android apps Library detection Frequent pattern Abnormal library Malware Li, Ruixuan aut Tang, Junwei aut Enthalten in Wireless personal communications Springer US, 1994 103(2018), 1 vom: 08. Feb., Seite 491-503 (DE-627)188950273 (DE-600)1287489-9 (DE-576)049958909 0929-6212 nnns volume:103 year:2018 number:1 day:08 month:02 pages:491-503 https://doi.org/10.1007/s11277-018-5456-4 lizenzpflichtig Volltext GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-MKW GBV_ILN_70 AR 103 2018 1 08 02 491-503 |
language |
English |
source |
Enthalten in Wireless personal communications 103(2018), 1 vom: 08. Feb., Seite 491-503 volume:103 year:2018 number:1 day:08 month:02 pages:491-503 |
sourceStr |
Enthalten in Wireless personal communications 103(2018), 1 vom: 08. Feb., Seite 491-503 volume:103 year:2018 number:1 day:08 month:02 pages:491-503 |
format_phy_str_mv |
Article |
institution |
findex.gbv.de |
topic_facet |
Android apps Library detection Frequent pattern Abnormal library Malware |
dewey-raw |
620 |
isfreeaccess_bool |
false |
container_title |
Wireless personal communications |
authorswithroles_txt_mv |
Han, Hongmu @@aut@@ Li, Ruixuan @@aut@@ Tang, Junwei @@aut@@ |
publishDateDaySort_date |
2018-02-08T00:00:00Z |
hierarchy_top_id |
188950273 |
dewey-sort |
3620 |
id |
OLC2053822627 |
language_de |
englisch |
fullrecord |
<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01000caa a22002652 4500</leader><controlfield tag="001">OLC2053822627</controlfield><controlfield tag="003">DE-627</controlfield><controlfield tag="005">20230504080130.0</controlfield><controlfield tag="007">tu</controlfield><controlfield tag="008">200819s2018 xx ||||| 00| ||eng c</controlfield><datafield tag="024" ind1="7" ind2=" "><subfield code="a">10.1007/s11277-018-5456-4</subfield><subfield code="2">doi</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627)OLC2053822627</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-He213)s11277-018-5456-4-p</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="082" ind1="0" ind2="4"><subfield code="a">620</subfield><subfield code="q">VZ</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Han, Hongmu</subfield><subfield code="e">verfasserin</subfield><subfield code="0">(orcid)0000-0002-6909-5242</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Identify and Inspect Libraries in Android Applications</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2018</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">ohne Hilfsmittel zu benutzen</subfield><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Band</subfield><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">© Springer Science+Business Media, LLC, part of Springer Nature 2018</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Abstract Libraries may become a liability for users security. Existing studies show that libraries can be exploited to propagate malware. Hackers utilize fake or modified libraries to execute malicious behaviours. Vetting library instances in applications are desirable. However, it is impeded by the absence of robust library detection method and library vetting method. This paper proposes a hybrid library detection method that it combines name-based method and feature-based method to identify library instances in applications. It can resist simple identifier renaming. Furthermore, this paper proposes an abnormal library detection method that it utilizes frequent pattern to measure the normal degree of library instances. Comparing with existing methods, the abnormal library detection method can not rely on original library files. A ground truth dataset that it consists of 177 malicious applications with abnormal library instance and 81,317 benign apps is used to demonstrate the effectiveness of proposed approaches. Experimental results show that the approaches can precisely detect library instances and effectively reduce the cost of abnormal library detection.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Android apps</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Library detection</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Frequent pattern</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Abnormal library</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Malware</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Li, Ruixuan</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Tang, Junwei</subfield><subfield code="4">aut</subfield></datafield><datafield tag="773" ind1="0" ind2="8"><subfield code="i">Enthalten in</subfield><subfield code="t">Wireless personal communications</subfield><subfield code="d">Springer US, 1994</subfield><subfield code="g">103(2018), 1 vom: 08. Feb., Seite 491-503</subfield><subfield code="w">(DE-627)188950273</subfield><subfield code="w">(DE-600)1287489-9</subfield><subfield code="w">(DE-576)049958909</subfield><subfield code="x">0929-6212</subfield><subfield code="7">nnns</subfield></datafield><datafield tag="773" ind1="1" ind2="8"><subfield code="g">volume:103</subfield><subfield code="g">year:2018</subfield><subfield code="g">number:1</subfield><subfield code="g">day:08</subfield><subfield code="g">month:02</subfield><subfield code="g">pages:491-503</subfield></datafield><datafield tag="856" ind1="4" ind2="1"><subfield code="u">https://doi.org/10.1007/s11277-018-5456-4</subfield><subfield code="z">lizenzpflichtig</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_USEFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SYSFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_OLC</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SSG-OLC-MKW</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_70</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">AR</subfield></datafield><datafield tag="952" ind1=" " ind2=" "><subfield code="d">103</subfield><subfield code="j">2018</subfield><subfield code="e">1</subfield><subfield code="b">08</subfield><subfield code="c">02</subfield><subfield code="h">491-503</subfield></datafield></record></collection>
|
author |
Han, Hongmu |
spellingShingle |
Han, Hongmu ddc 620 misc Android apps misc Library detection misc Frequent pattern misc Abnormal library misc Malware Identify and Inspect Libraries in Android Applications |
authorStr |
Han, Hongmu |
ppnlink_with_tag_str_mv |
@@773@@(DE-627)188950273 |
format |
Article |
dewey-ones |
620 - Engineering & allied operations |
delete_txt_mv |
keep |
author_role |
aut aut aut |
collection |
OLC |
remote_str |
false |
illustrated |
Not Illustrated |
issn |
0929-6212 |
topic_title |
620 VZ Identify and Inspect Libraries in Android Applications Android apps Library detection Frequent pattern Abnormal library Malware |
topic |
ddc 620 misc Android apps misc Library detection misc Frequent pattern misc Abnormal library misc Malware |
topic_unstemmed |
ddc 620 misc Android apps misc Library detection misc Frequent pattern misc Abnormal library misc Malware |
topic_browse |
ddc 620 misc Android apps misc Library detection misc Frequent pattern misc Abnormal library misc Malware |
format_facet |
Aufsätze Gedruckte Aufsätze |
format_main_str_mv |
Text Zeitschrift/Artikel |
carriertype_str_mv |
nc |
hierarchy_parent_title |
Wireless personal communications |
hierarchy_parent_id |
188950273 |
dewey-tens |
620 - Engineering |
hierarchy_top_title |
Wireless personal communications |
isfreeaccess_txt |
false |
familylinks_str_mv |
(DE-627)188950273 (DE-600)1287489-9 (DE-576)049958909 |
title |
Identify and Inspect Libraries in Android Applications |
ctrlnum |
(DE-627)OLC2053822627 (DE-He213)s11277-018-5456-4-p |
title_full |
Identify and Inspect Libraries in Android Applications |
author_sort |
Han, Hongmu |
journal |
Wireless personal communications |
journalStr |
Wireless personal communications |
lang_code |
eng |
isOA_bool |
false |
dewey-hundreds |
600 - Technology |
recordtype |
marc |
publishDateSort |
2018 |
contenttype_str_mv |
txt |
container_start_page |
491 |
author_browse |
Han, Hongmu Li, Ruixuan Tang, Junwei |
container_volume |
103 |
class |
620 VZ |
format_se |
Aufsätze |
author-letter |
Han, Hongmu |
doi_str_mv |
10.1007/s11277-018-5456-4 |
normlink |
(ORCID)0000-0002-6909-5242 |
normlink_prefix_str_mv |
(orcid)0000-0002-6909-5242 |
dewey-full |
620 |
title_sort |
identify and inspect libraries in android applications |
title_auth |
Identify and Inspect Libraries in Android Applications |
abstract |
Abstract Libraries may become a liability for users security. Existing studies show that libraries can be exploited to propagate malware. Hackers utilize fake or modified libraries to execute malicious behaviours. Vetting library instances in applications are desirable. However, it is impeded by the absence of robust library detection method and library vetting method. This paper proposes a hybrid library detection method that it combines name-based method and feature-based method to identify library instances in applications. It can resist simple identifier renaming. Furthermore, this paper proposes an abnormal library detection method that it utilizes frequent pattern to measure the normal degree of library instances. Comparing with existing methods, the abnormal library detection method can not rely on original library files. A ground truth dataset that it consists of 177 malicious applications with abnormal library instance and 81,317 benign apps is used to demonstrate the effectiveness of proposed approaches. Experimental results show that the approaches can precisely detect library instances and effectively reduce the cost of abnormal library detection. © Springer Science+Business Media, LLC, part of Springer Nature 2018 |
abstractGer |
Abstract Libraries may become a liability for users security. Existing studies show that libraries can be exploited to propagate malware. Hackers utilize fake or modified libraries to execute malicious behaviours. Vetting library instances in applications are desirable. However, it is impeded by the absence of robust library detection method and library vetting method. This paper proposes a hybrid library detection method that it combines name-based method and feature-based method to identify library instances in applications. It can resist simple identifier renaming. Furthermore, this paper proposes an abnormal library detection method that it utilizes frequent pattern to measure the normal degree of library instances. Comparing with existing methods, the abnormal library detection method can not rely on original library files. A ground truth dataset that it consists of 177 malicious applications with abnormal library instance and 81,317 benign apps is used to demonstrate the effectiveness of proposed approaches. Experimental results show that the approaches can precisely detect library instances and effectively reduce the cost of abnormal library detection. © Springer Science+Business Media, LLC, part of Springer Nature 2018 |
abstract_unstemmed |
Abstract Libraries may become a liability for users security. Existing studies show that libraries can be exploited to propagate malware. Hackers utilize fake or modified libraries to execute malicious behaviours. Vetting library instances in applications are desirable. However, it is impeded by the absence of robust library detection method and library vetting method. This paper proposes a hybrid library detection method that it combines name-based method and feature-based method to identify library instances in applications. It can resist simple identifier renaming. Furthermore, this paper proposes an abnormal library detection method that it utilizes frequent pattern to measure the normal degree of library instances. Comparing with existing methods, the abnormal library detection method can not rely on original library files. A ground truth dataset that it consists of 177 malicious applications with abnormal library instance and 81,317 benign apps is used to demonstrate the effectiveness of proposed approaches. Experimental results show that the approaches can precisely detect library instances and effectively reduce the cost of abnormal library detection. © Springer Science+Business Media, LLC, part of Springer Nature 2018 |
collection_details |
GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-MKW GBV_ILN_70 |
container_issue |
1 |
title_short |
Identify and Inspect Libraries in Android Applications |
url |
https://doi.org/10.1007/s11277-018-5456-4 |
remote_bool |
false |
author2 |
Li, Ruixuan Tang, Junwei |
author2Str |
Li, Ruixuan Tang, Junwei |
ppnlink |
188950273 |
mediatype_str_mv |
n |
isOA_txt |
false |
hochschulschrift_bool |
false |
doi_str |
10.1007/s11277-018-5456-4 |
up_date |
2024-07-03T20:47:06.578Z |
_version_ |
1803592271479701504 |
fullrecord_marcxml |
<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01000caa a22002652 4500</leader><controlfield tag="001">OLC2053822627</controlfield><controlfield tag="003">DE-627</controlfield><controlfield tag="005">20230504080130.0</controlfield><controlfield tag="007">tu</controlfield><controlfield tag="008">200819s2018 xx ||||| 00| ||eng c</controlfield><datafield tag="024" ind1="7" ind2=" "><subfield code="a">10.1007/s11277-018-5456-4</subfield><subfield code="2">doi</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627)OLC2053822627</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-He213)s11277-018-5456-4-p</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="082" ind1="0" ind2="4"><subfield code="a">620</subfield><subfield code="q">VZ</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Han, Hongmu</subfield><subfield code="e">verfasserin</subfield><subfield code="0">(orcid)0000-0002-6909-5242</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Identify and Inspect Libraries in Android Applications</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2018</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">ohne Hilfsmittel zu benutzen</subfield><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Band</subfield><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">© Springer Science+Business Media, LLC, part of Springer Nature 2018</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Abstract Libraries may become a liability for users security. Existing studies show that libraries can be exploited to propagate malware. Hackers utilize fake or modified libraries to execute malicious behaviours. Vetting library instances in applications are desirable. However, it is impeded by the absence of robust library detection method and library vetting method. This paper proposes a hybrid library detection method that it combines name-based method and feature-based method to identify library instances in applications. It can resist simple identifier renaming. Furthermore, this paper proposes an abnormal library detection method that it utilizes frequent pattern to measure the normal degree of library instances. Comparing with existing methods, the abnormal library detection method can not rely on original library files. A ground truth dataset that it consists of 177 malicious applications with abnormal library instance and 81,317 benign apps is used to demonstrate the effectiveness of proposed approaches. Experimental results show that the approaches can precisely detect library instances and effectively reduce the cost of abnormal library detection.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Android apps</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Library detection</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Frequent pattern</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Abnormal library</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Malware</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Li, Ruixuan</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Tang, Junwei</subfield><subfield code="4">aut</subfield></datafield><datafield tag="773" ind1="0" ind2="8"><subfield code="i">Enthalten in</subfield><subfield code="t">Wireless personal communications</subfield><subfield code="d">Springer US, 1994</subfield><subfield code="g">103(2018), 1 vom: 08. Feb., Seite 491-503</subfield><subfield code="w">(DE-627)188950273</subfield><subfield code="w">(DE-600)1287489-9</subfield><subfield code="w">(DE-576)049958909</subfield><subfield code="x">0929-6212</subfield><subfield code="7">nnns</subfield></datafield><datafield tag="773" ind1="1" ind2="8"><subfield code="g">volume:103</subfield><subfield code="g">year:2018</subfield><subfield code="g">number:1</subfield><subfield code="g">day:08</subfield><subfield code="g">month:02</subfield><subfield code="g">pages:491-503</subfield></datafield><datafield tag="856" ind1="4" ind2="1"><subfield code="u">https://doi.org/10.1007/s11277-018-5456-4</subfield><subfield code="z">lizenzpflichtig</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_USEFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SYSFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_OLC</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SSG-OLC-MKW</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_70</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">AR</subfield></datafield><datafield tag="952" ind1=" " ind2=" "><subfield code="d">103</subfield><subfield code="j">2018</subfield><subfield code="e">1</subfield><subfield code="b">08</subfield><subfield code="c">02</subfield><subfield code="h">491-503</subfield></datafield></record></collection>
|
score |
7.3985043 |