Securing Android applications via edge assistant third-party library detection
Third-party library (TPL) detection in Android has been a hot topic to security researchers for a long time. A precise yet scalable detection of TPLs in applications can greatly facilitate other security activities such as TPL integrity checking, malware detection, and privacy leakage detection. Sin...
Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/150736 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-150736 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1507362021-06-08T04:25:43Z Securing Android applications via edge assistant third-party library detection Tang, Zhushou Xue, Minhui Meng, Guozhu Ying, Chengguo Liu, Yugeng He, Jianan Zhu, Haojin Liu, Yang School of Computer Science and Engineering Engineering::Computer science and engineering Third-party Library Detection Edge Computing Third-party library (TPL) detection in Android has been a hot topic to security researchers for a long time. A precise yet scalable detection of TPLs in applications can greatly facilitate other security activities such as TPL integrity checking, malware detection, and privacy leakage detection. Since TPLs of specific versions may exhibit their own security issues, the identification of TPL as well as its concrete version, can help assess the security of Android APPs. However in reality, existing approaches of TPL detection suffer from low efficiency for their detection algorithm to impracticable and low accuracy due to insufficient analysis data, inappropriate features, or the disturbance from code obfuscation, shrinkage, and optimization. In this paper, we present an automated approach, named PanGuard, to detect TPLs from an enormous number of Android APPs. We propose a novel combination of features including both structural and content information for packages in APPs to characterize TPLs. In order to address the difficulties caused by code obfuscation, shrinkage, and optimization, we identify the invariants that are unchanged during mutation, separate TPLs from the primary code in APPs, and use these invariants to determine the contained TPLs as well as their versions. The extensive experiments show that PanGuard achieves a high accuracy and scalability simultaneously in TPL detection. In order to accommodate to optimized TPL detection, which has not been mentioned by previous work, we adopt set analysis, which speed up the detection as a side effect. PanGuard is implemented and applied on an industrial edge computing platform, and powers the identification of TPL. Beside fast detection algorithm, the edge computing deployment architecture make the detection scalable to real-time detection on a large volume of emerging APPs. Based on the detection results from millions of Android APPs, we successfully identify over 800 TPLs with 12 versions on average. By investigating the differences amongst these versions, we identify over 10 security issues in TPLs, and shed light on the significance of TPL detection with the caused harmful impacts on the Android ecosystem. 2021-06-08T04:25:42Z 2021-06-08T04:25:42Z 2019 Journal Article Tang, Z., Xue, M., Meng, G., Ying, C., Liu, Y., He, J., Zhu, H. & Liu, Y. (2019). Securing Android applications via edge assistant third-party library detection. Computers & Security, 80, 257-272. https://dx.doi.org/10.1016/j.cose.2018.07.024 0167-4048 0000-0001-6388-2571 0000-0001-5079-4556 https://hdl.handle.net/10356/150736 10.1016/j.cose.2018.07.024 2-s2.0-85055197338 80 257 272 en Computers & Security © 2018 Elsevier Ltd. All rights reserved. |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering Third-party Library Detection Edge Computing |
| spellingShingle |
Engineering::Computer science and engineering Third-party Library Detection Edge Computing Tang, Zhushou Xue, Minhui Meng, Guozhu Ying, Chengguo Liu, Yugeng He, Jianan Zhu, Haojin Liu, Yang Securing Android applications via edge assistant third-party library detection |
| description |
Third-party library (TPL) detection in Android has been a hot topic to security researchers for a long time. A precise yet scalable detection of TPLs in applications can greatly facilitate other security activities such as TPL integrity checking, malware detection, and privacy leakage detection. Since TPLs of specific versions may exhibit their own security issues, the identification of TPL as well as its concrete version, can help assess the security of Android APPs. However in reality, existing approaches of TPL detection suffer from low efficiency for their detection algorithm to impracticable and low accuracy due to insufficient analysis data, inappropriate features, or the disturbance from code obfuscation, shrinkage, and optimization. In this paper, we present an automated approach, named PanGuard, to detect TPLs from an enormous number of Android APPs. We propose a novel combination of features including both structural and content information for packages in APPs to characterize TPLs. In order to address the difficulties caused by code obfuscation, shrinkage, and optimization, we identify the invariants that are unchanged during mutation, separate TPLs from the primary code in APPs, and use these invariants to determine the contained TPLs as well as their versions. The extensive experiments show that PanGuard achieves a high accuracy and scalability simultaneously in TPL detection. In order to accommodate to optimized TPL detection, which has not been mentioned by previous work, we adopt set analysis, which speed up the detection as a side effect. PanGuard is implemented and applied on an industrial edge computing platform, and powers the identification of TPL. Beside fast detection algorithm, the edge computing deployment architecture make the detection scalable to real-time detection on a large volume of emerging APPs. Based on the detection results from millions of Android APPs, we successfully identify over 800 TPLs with 12 versions on average. By investigating the differences amongst these versions, we identify over 10 security issues in TPLs, and shed light on the significance of TPL detection with the caused harmful impacts on the Android ecosystem. |
| author2 |
School of Computer Science and Engineering |
| author_facet |
School of Computer Science and Engineering Tang, Zhushou Xue, Minhui Meng, Guozhu Ying, Chengguo Liu, Yugeng He, Jianan Zhu, Haojin Liu, Yang |
| format |
Article |
| author |
Tang, Zhushou Xue, Minhui Meng, Guozhu Ying, Chengguo Liu, Yugeng He, Jianan Zhu, Haojin Liu, Yang |
| author_sort |
Tang, Zhushou |
| title |
Securing Android applications via edge assistant third-party library detection |
| title_short |
Securing Android applications via edge assistant third-party library detection |
| title_full |
Securing Android applications via edge assistant third-party library detection |
| title_fullStr |
Securing Android applications via edge assistant third-party library detection |
| title_full_unstemmed |
Securing Android applications via edge assistant third-party library detection |
| title_sort |
securing android applications via edge assistant third-party library detection |
| publishDate |
2021 |
| url |
https://hdl.handle.net/10356/150736 |
| _version_ |
1702431214093205504 |