面向Android支付破解应用的检测方法

doi:10.13190/j.jbupt.2020-259

北京邮电大学学报 ›› 2021, Vol. 44 ›› Issue (4): 95-101.doi: 10.13190/j.jbupt.2020-259

面向Android支付破解应用的检测方法

汤永利, 李星宇, 赵宗渠, 李运峰

河南理工大学计算机科学与技术学院, 焦作 454003

收稿日期:2020-12-01 发布日期:2021-07-13
通讯作者: 赵宗渠(1974-),男,讲师,硕士生导师,E-mail:zhaozong_qu@hpu.edu.cn. E-mail:zhaozong_qu@hpu.edu.cn
作者简介:汤永利(1972-),男,教授,硕士生导师.
基金资助:
国家自然科学基金项目（61802117）；河南省高校科技创新团队项目（20IRTSTHN013）；河南理工大学创新型科研团队项目（T2018-1）

Detection Method for Android Payment Cracked Application

TANG Yong-li, LI Xing-yu, ZHAO Zong-qu, LI Yun-feng

School of Computer Science and Technology, Henan Polytechnic University, Jiaozuo 454003, China

Received:2020-12-01 Published:2021-07-13

摘要/Abstract

摘要： Android破解应用存在侵犯合法软件权益和传播恶意代码的风险.为有效检测Android平台上的支付破解应用，提出一种基于机器学习的检测方法.针对反汇编的字节码文件构建了支付语义信息调用控制流和支付数据库操作函数集，通过n-gram和重复代码子块长度统计方法构造相应特征集，最后构建带决策机制的多分类器检测模型以识别Android应用中不同的支付破解行为.实验结果表明，所提检测方法的模型检测精确率为85.24%，AUC值为0.87，与同类方法相比，对支付破解类应用的检测率有显著提高，有效解决了支付破解应用的检测问题.

关键词: Android, 支付破解, 软件安全, 特征提取, 机器学习

Abstract: Android cracked applications have the risks of infringing on legitimate software rights and spreading malicious code. To detect the payment cracked applications on Android platform, we propose a detection method based on machine learning. Based on the disassembled bytecode file, the call control flow of payment semantic information and the payment database operation function set are constructed. We use a n-gram statistical method and a repeated code sub-block length statistical method to construct the corresponding feature set, and build a multi-classifier detection model with a decision-making mechanism to identify different payment cracked behaviors in Android applications. The experimental results show that the detection accuracy rate of this model is 85.24%, and the area under curve (AUC) value is 0.87. Compared with the baseline methods, the detection rate of payment cracked applications is significantly improved, which effectively solves the detection problem of payment cracked applications.

Key words: Android, payment cracked, software security, feature extraction, machine learning

中图分类号:

TP309

汤永利, 李星宇, 赵宗渠, 李运峰. 面向Android支付破解应用的检测方法[J]. 北京邮电大学学报, 2021, 44(4): 95-101.

TANG Yong-li, LI Xing-yu, ZHAO Zong-qu, LI Yun-feng. Detection Method for Android Payment Cracked Application[J]. Journal of Beijing University of Posts and Telecommunications, 2021, 44(4): 95-101.

参考文献

[1] Peiravian N, Zhu Xingquan. Machine learning for Android malware detection using permission and API calls[C]//2013 IEEE 25th International Conference on Tools with Artificial Intelligence. Herndon:IEEE Press, 2013:300-305.
[2] Chan P P K, Song Wenkai. Static detection of Android malware by using permissions and API calls[C]//2014 International Conference on Machine Learning and Cybernetics. Lanzhou:IEEE Press, 2014:82-87.
[3] Aafer Y, Du W, Yin H. DroidAPIMiner:mining API-level features for robust malware detection in Android[C]//International Conference on Security and Privacy in Communication System. Cham:Springer, 2013:86-103.
[4] 许艳萍, 伍淳华, 侯美佳, 等. 基于改进朴素贝叶斯的Android恶意应用检测技术[J]. 北京邮电大学学报, 2016, 39(2):43-47. Xu Yanping, Wu Chunhua, Hou Meijia, et al. Android malware detection technology based on improved naive Bayesian[J]. Journal of Beijing University of Posts and Telecommunications, 2016, 39(2):43-47.
[5] Fan Ming, Liu Jun, Wang Wei, et al. DAPASA:detecting Android piggybacked apps through sensitive subgraph analysis[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(8):1772-1785.
[6] Gascon H, Yamaguchi F, Arp D, et al. Structural detection of Android malware using embedded call graphs[C]//Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security. Berlin:ACM, 2013:45-54.
[7] Zhou Wu, Zhou Yajin, Grace M, et al. Fast, scalable detection of "Piggybacked" mobile applications[C]//Proceedings of the Third ACM Conference on Data and Application Security and Privacy-CODASPY'13. San Antonio:ACM Press, 2013:185-196.
[8] Zhang Bin, Xiao Wentao, Xiao Xi, et al. Ransomware classification using patch-based CNN and self-attention network on embedded N-grams of opcodes[J]. Future Generation Computer Systems, 2020, 110:708-720.
[9] Li Dan, Zhao Lichao, Cheng Qingfeng, et al. Opcode sequence analysis of Android malware by a convolutional neural network[J]. Concurrency and Computation:Practice and Experience, 2020, 32(18):e5308.

[1]	常霄, 黄智濒, 禹旻, 杨武兵. 一种适用于航天大数据的深度决策树算法[J]. 北京邮电大学学报, 2023, 46(3): 1-6.
[2]	宋宇博高嘉振. 改进YOLOv3算法的交通多目标检测方法[J]. 北京邮电大学学报, 2022, 45(5): 103-108.
[3]	张小乾谈振王潇梁芹万黎明. 基于正交投影学习的图像特征提取算法[J]. 北京邮电大学学报, 2022, 45(5): 85-90,128.
[4]	欧阳莫微, 康桂霞, 王开亮, 王亚明. 一种放射组学分析的海马硬化自动诊断方法[J]. 北京邮电大学学报, 2022, 45(4): 51-57.
[5]	赵海英, 朱会, 侯小刚. 基于改进EMA单元的传统服饰图像语义分割[J]. 北京邮电大学学报, 2022, 45(1): 69-74.
[6]	牟晓惠, 李丽香. Dropout回声状态网络的网络流量预测[J]. 北京邮电大学学报, 2021, 44(5): 10-13,20.
[7]	彭雨荷, 陈翔, 陈双武, 杨坚. 基于迁移学习的跨域异常流量检测[J]. 北京邮电大学学报, 2021, 44(2): 33-39.
[8]	吕兴凤, 李金宝. 一种利用随机森林方法检测睡眠呼吸暂停的研究[J]. 北京邮电大学学报, 2020, 43(5): 64-70.
[9]	张德干, 陈露, 陈晨, 张婷, 崔玉亚. 一种面向边缘计算节点能量优化的QoS约束路由算法[J]. 北京邮电大学学报, 2020, 43(4): 101-105.
[10]	周怡琳, 杨璐, 鲁文睿. 尘土颗粒影响下电路板电化学迁移失效寿命建模探索[J]. 北京邮电大学学报, 2020, 43(3): 11-18,31.
[11]	仇景明, 曲桦, 赵季红. 一种鲁棒网络流量分类及新类型发现算法[J]. 北京邮电大学学报, 2020, 43(2): 40-45.
[12]	张国栋, 应欢, 杨寿国, 石志强, 李霁远. 嵌入式固件脆弱哈希函数自动识别与破解方法[J]. 北京邮电大学学报, 2020, 43(1): 46-53.
[13]	余凯祥, 陈振豪, 张四海. 一种多变量制造过程中的关键变量检测算法[J]. 北京邮电大学学报, 2019, 42(6): 98-104.
[14]	刘派, 孙岩, 任玮. 一种基于ANTLR的面向Scratch3.0的特征提取和检测系统[J]. 北京邮电大学学报, 2019, 42(6): 70-75.
[15]	孟浩, 霍如, 郭倩影, 黄韬, 刘韵洁. 基于机器学习的MEC随机任务迁移算法[J]. 北京邮电大学学报, 2019, 42(2): 25-30.

面向Android支付破解应用的检测方法

Detection Method for Android Payment Cracked Application

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价