Obfuscation-Resilient Code Recognition in Android Apps

Johannes Feichtner; Christof Rabensteiner

doi:10.1145/3339252.3339260

Obfuscation-Resilient Code Recognition in Android Apps

Johannes Feichtner, Christof Rabensteiner

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

Many Android developers take advantage of third-party libraries and code snippets from public sources to add functionality to apps. Besides making development more productive, external code can also be harmful, introduce vulnerabilities, or raise critical privacy issues that threaten the security of sensitive user data and amplify an app's attack surface. Reliably recognizing such code fragments in Android applications is challenging due to the widespread use of obfuscation techniques and a variety of ways, how developers can express semantically similar program statements.

We propose a code recognition technique that is resilient against common code transformations and that excels in identifying code fragments and libraries in Android applications. Our method relies on obfuscation-resilient features from the Abstract Syntax Tree of methods and uses them in combination with invariant attributes from method signatures to derive well-characterizing fingerprints. To identify similar code, we elaborate an effective scoring metric that reliably compares fingerprints at method, class, and package level. We investigate how well our solution tackles obfuscated, shrunken, and optimized code by applying our technique to real-world applications. We thoroughly evaluate our solution and demonstrate its practical ability to fingerprint and recognize code with high precision and recall.

Originalsprache	englisch
Titel	14th International Conference on Availability, Reliability and Security (ARES 2019)
Erscheinungsort	New York
Herausgeber (Verlag)	Association of Computing Machinery
Seitenumfang	10
ISBN (Print)	978-1-4503-7164-3/19/08
DOIs	https://doi.org/10.1145/3339252.3339260
Publikationsstatus	Veröffentlicht - 2019
Veranstaltung	14th International Conference on Availability, Reliability and Security: ARES 2019 - University of Kent, Canterbury, Großbritannien / Vereinigtes Königreich Dauer: 26 Aug. 2019 → 29 Aug. 2019 https://www.ares-conference.eu/

Konferenz

Konferenz	14th International Conference on Availability, Reliability and Security
Kurztitel	ARES 2019
Land/Gebiet	Großbritannien / Vereinigtes Königreich
Ort	Canterbury
Zeitraum	26/08/19 → 29/08/19
Internetadresse	https://www.ares-conference.eu/

Zugriff auf Dokument

10.1145/3339252.3339260

mainEndgültige, publizierte Fassung, 823 KB

A-SIT - Zentrum für sichere Informationstechnologie Austria
Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.
21/05/99 → 6/08/20
Projekt: Arbeitsgebiet

Dieses zitieren

Feichtner, J & Rabensteiner, C 2019, Obfuscation-Resilient Code Recognition in Android Apps. in 14th International Conference on Availability, Reliability and Security (ARES 2019). Association of Computing Machinery, New York, 14th International Conference on Availability, Reliability and Security, Canterbury, Großbritannien / Vereinigtes Königreich, 26/08/19. https://doi.org/10.1145/3339252.3339260

@inproceedings{59b71c16ae464a39a7e4507a51a67875,

title = "Obfuscation-Resilient Code Recognition in Android Apps",

abstract = "Many Android developers take advantage of third-party libraries and code snippets from public sources to add functionality to apps. Besides making development more productive, external code can also be harmful, introduce vulnerabilities, or raise critical privacy issues that threaten the security of sensitive user data and amplify an app's attack surface. Reliably recognizing such code fragments in Android applications is challenging due to the widespread use of obfuscation techniques and a variety of ways, how developers can express semantically similar program statements.We propose a code recognition technique that is resilient against common code transformations and that excels in identifying code fragments and libraries in Android applications. Our method relies on obfuscation-resilient features from the Abstract Syntax Tree of methods and uses them in combination with invariant attributes from method signatures to derive well-characterizing fingerprints. To identify similar code, we elaborate an effective scoring metric that reliably compares fingerprints at method, class, and package level. We investigate how well our solution tackles obfuscated, shrunken, and optimized code by applying our technique to real-world applications. We thoroughly evaluate our solution and demonstrate its practical ability to fingerprint and recognize code with high precision and recall.",

keywords = "Android, Abstract Syntax Tree, Fingerprinting, Library Detection, Code Similarity, Code Recognition, Obfuscation",

author = "Johannes Feichtner and Christof Rabensteiner",

year = "2019",

doi = "10.1145/3339252.3339260",

language = "English",

isbn = "978-1-4503-7164-3/19/08",

booktitle = "14th International Conference on Availability, Reliability and Security (ARES 2019)",

publisher = "Association of Computing Machinery",

address = "United States",

note = "14th International Conference on Availability, Reliability and Security : ARES 2019, ARES 2019 ; Conference date: 26-08-2019 Through 29-08-2019",

url = "https://www.ares-conference.eu/",

}

TY - GEN

T1 - Obfuscation-Resilient Code Recognition in Android Apps

AU - Feichtner, Johannes

AU - Rabensteiner, Christof

PY - 2019

Y1 - 2019

N2 - Many Android developers take advantage of third-party libraries and code snippets from public sources to add functionality to apps. Besides making development more productive, external code can also be harmful, introduce vulnerabilities, or raise critical privacy issues that threaten the security of sensitive user data and amplify an app's attack surface. Reliably recognizing such code fragments in Android applications is challenging due to the widespread use of obfuscation techniques and a variety of ways, how developers can express semantically similar program statements.We propose a code recognition technique that is resilient against common code transformations and that excels in identifying code fragments and libraries in Android applications. Our method relies on obfuscation-resilient features from the Abstract Syntax Tree of methods and uses them in combination with invariant attributes from method signatures to derive well-characterizing fingerprints. To identify similar code, we elaborate an effective scoring metric that reliably compares fingerprints at method, class, and package level. We investigate how well our solution tackles obfuscated, shrunken, and optimized code by applying our technique to real-world applications. We thoroughly evaluate our solution and demonstrate its practical ability to fingerprint and recognize code with high precision and recall.

AB - Many Android developers take advantage of third-party libraries and code snippets from public sources to add functionality to apps. Besides making development more productive, external code can also be harmful, introduce vulnerabilities, or raise critical privacy issues that threaten the security of sensitive user data and amplify an app's attack surface. Reliably recognizing such code fragments in Android applications is challenging due to the widespread use of obfuscation techniques and a variety of ways, how developers can express semantically similar program statements.We propose a code recognition technique that is resilient against common code transformations and that excels in identifying code fragments and libraries in Android applications. Our method relies on obfuscation-resilient features from the Abstract Syntax Tree of methods and uses them in combination with invariant attributes from method signatures to derive well-characterizing fingerprints. To identify similar code, we elaborate an effective scoring metric that reliably compares fingerprints at method, class, and package level. We investigate how well our solution tackles obfuscated, shrunken, and optimized code by applying our technique to real-world applications. We thoroughly evaluate our solution and demonstrate its practical ability to fingerprint and recognize code with high precision and recall.

KW - Android

KW - Abstract Syntax Tree

KW - Fingerprinting

KW - Library Detection

KW - Code Similarity

KW - Code Recognition

KW - Obfuscation

U2 - 10.1145/3339252.3339260

DO - 10.1145/3339252.3339260

M3 - Conference paper

SN - 978-1-4503-7164-3/19/08

BT - 14th International Conference on Availability, Reliability and Security (ARES 2019)

PB - Association of Computing Machinery

CY - New York

T2 - 14th International Conference on Availability, Reliability and Security

Y2 - 26 August 2019 through 29 August 2019

ER -

Obfuscation-Resilient Code Recognition in Android Apps

Abstract

Konferenz

Zugriff auf Dokument

Fingerprint

Projekte

A-SIT - Zentrum für sichere Informationstechnologie Austria

Dieses zitieren