Obfuscation-Resilient Code Recognition in Android Apps

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

Many Android developers take advantage of third-party libraries and code snippets from public sources to add functionality to apps. Besides making development more productive, external code can also be harmful, introduce vulnerabilities, or raise critical privacy issues that threaten the security of sensitive user data and amplify an app's attack surface. Reliably recognizing such code fragments in Android applications is challenging due to the widespread use of obfuscation techniques and a variety of ways, how developers can express semantically similar program statements.

We propose a code recognition technique that is resilient against common code transformations and that excels in identifying code fragments and libraries in Android applications. Our method relies on obfuscation-resilient features from the Abstract Syntax Tree of methods and uses them in combination with invariant attributes from method signatures to derive well-characterizing fingerprints. To identify similar code, we elaborate an effective scoring metric that reliably compares fingerprints at method, class, and package level. We investigate how well our solution tackles obfuscated, shrunken, and optimized code by applying our technique to real-world applications. We thoroughly evaluate our solution and demonstrate its practical ability to fingerprint and recognize code with high precision and recall.
Originalspracheenglisch
Titel14th International Conference on Availability, Reliability and Security (ARES 2019)
ErscheinungsortNew York
Herausgeber (Verlag)Association of Computing Machinery
Seitenumfang10
ISBN (Print)978-1-4503-7164-3/19/08
DOIs
PublikationsstatusVeröffentlicht - 2019
VeranstaltungInternational Conference on Availability, Reliability and Security - University of Kent, Canterbury, Großbritannien / Vereinigtes Königreich
Dauer: 26 Aug 201929 Aug 2019
https://www.ares-conference.eu/

Konferenz

KonferenzInternational Conference on Availability, Reliability and Security
KurztitelARES 2019
LandGroßbritannien / Vereinigtes Königreich
OrtCanterbury
Zeitraum26/08/1929/08/19
Internetadresse

Fingerprint

Application programs
Android (operating system)

Schlagwörter

    Dies zitieren

    Feichtner, J., & Rabensteiner, C. (2019). Obfuscation-Resilient Code Recognition in Android Apps. in 14th International Conference on Availability, Reliability and Security (ARES 2019) New York: Association of Computing Machinery. https://doi.org/10.1145/3339252.3339260

    Obfuscation-Resilient Code Recognition in Android Apps. / Feichtner, Johannes; Rabensteiner, Christof.

    14th International Conference on Availability, Reliability and Security (ARES 2019). New York : Association of Computing Machinery, 2019.

    Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

    Feichtner, J & Rabensteiner, C 2019, Obfuscation-Resilient Code Recognition in Android Apps. in 14th International Conference on Availability, Reliability and Security (ARES 2019). Association of Computing Machinery, New York, Canterbury, Großbritannien / Vereinigtes Königreich, 26/08/19. https://doi.org/10.1145/3339252.3339260
    Feichtner J, Rabensteiner C. Obfuscation-Resilient Code Recognition in Android Apps. in 14th International Conference on Availability, Reliability and Security (ARES 2019). New York: Association of Computing Machinery. 2019 https://doi.org/10.1145/3339252.3339260
    Feichtner, Johannes ; Rabensteiner, Christof. / Obfuscation-Resilient Code Recognition in Android Apps. 14th International Conference on Availability, Reliability and Security (ARES 2019). New York : Association of Computing Machinery, 2019.
    @inproceedings{59b71c16ae464a39a7e4507a51a67875,
    title = "Obfuscation-Resilient Code Recognition in Android Apps",
    abstract = "Many Android developers take advantage of third-party libraries and code snippets from public sources to add functionality to apps. Besides making development more productive, external code can also be harmful, introduce vulnerabilities, or raise critical privacy issues that threaten the security of sensitive user data and amplify an app's attack surface. Reliably recognizing such code fragments in Android applications is challenging due to the widespread use of obfuscation techniques and a variety of ways, how developers can express semantically similar program statements.We propose a code recognition technique that is resilient against common code transformations and that excels in identifying code fragments and libraries in Android applications. Our method relies on obfuscation-resilient features from the Abstract Syntax Tree of methods and uses them in combination with invariant attributes from method signatures to derive well-characterizing fingerprints. To identify similar code, we elaborate an effective scoring metric that reliably compares fingerprints at method, class, and package level. We investigate how well our solution tackles obfuscated, shrunken, and optimized code by applying our technique to real-world applications. We thoroughly evaluate our solution and demonstrate its practical ability to fingerprint and recognize code with high precision and recall.",
    keywords = "Android, Abstract Syntax Tree, Fingerprinting, Library Detection, Code Similarity, Code Recognition, Obfuscation",
    author = "Johannes Feichtner and Christof Rabensteiner",
    year = "2019",
    doi = "10.1145/3339252.3339260",
    language = "English",
    isbn = "978-1-4503-7164-3/19/08",
    booktitle = "14th International Conference on Availability, Reliability and Security (ARES 2019)",
    publisher = "Association of Computing Machinery",
    address = "United States",

    }

    TY - GEN

    T1 - Obfuscation-Resilient Code Recognition in Android Apps

    AU - Feichtner, Johannes

    AU - Rabensteiner, Christof

    PY - 2019

    Y1 - 2019

    N2 - Many Android developers take advantage of third-party libraries and code snippets from public sources to add functionality to apps. Besides making development more productive, external code can also be harmful, introduce vulnerabilities, or raise critical privacy issues that threaten the security of sensitive user data and amplify an app's attack surface. Reliably recognizing such code fragments in Android applications is challenging due to the widespread use of obfuscation techniques and a variety of ways, how developers can express semantically similar program statements.We propose a code recognition technique that is resilient against common code transformations and that excels in identifying code fragments and libraries in Android applications. Our method relies on obfuscation-resilient features from the Abstract Syntax Tree of methods and uses them in combination with invariant attributes from method signatures to derive well-characterizing fingerprints. To identify similar code, we elaborate an effective scoring metric that reliably compares fingerprints at method, class, and package level. We investigate how well our solution tackles obfuscated, shrunken, and optimized code by applying our technique to real-world applications. We thoroughly evaluate our solution and demonstrate its practical ability to fingerprint and recognize code with high precision and recall.

    AB - Many Android developers take advantage of third-party libraries and code snippets from public sources to add functionality to apps. Besides making development more productive, external code can also be harmful, introduce vulnerabilities, or raise critical privacy issues that threaten the security of sensitive user data and amplify an app's attack surface. Reliably recognizing such code fragments in Android applications is challenging due to the widespread use of obfuscation techniques and a variety of ways, how developers can express semantically similar program statements.We propose a code recognition technique that is resilient against common code transformations and that excels in identifying code fragments and libraries in Android applications. Our method relies on obfuscation-resilient features from the Abstract Syntax Tree of methods and uses them in combination with invariant attributes from method signatures to derive well-characterizing fingerprints. To identify similar code, we elaborate an effective scoring metric that reliably compares fingerprints at method, class, and package level. We investigate how well our solution tackles obfuscated, shrunken, and optimized code by applying our technique to real-world applications. We thoroughly evaluate our solution and demonstrate its practical ability to fingerprint and recognize code with high precision and recall.

    KW - Android

    KW - Abstract Syntax Tree

    KW - Fingerprinting

    KW - Library Detection

    KW - Code Similarity

    KW - Code Recognition

    KW - Obfuscation

    U2 - 10.1145/3339252.3339260

    DO - 10.1145/3339252.3339260

    M3 - Conference contribution

    SN - 978-1-4503-7164-3/19/08

    BT - 14th International Conference on Availability, Reliability and Security (ARES 2019)

    PB - Association of Computing Machinery

    CY - New York

    ER -