A Static Android Application Obfuscation Detection Method
Obfuscation detection technology is an important auxiliary means for Android similarity detection,malware detec-tion and third-party library detection.For software security practitioners,automatic obfuscation detection before reverse analysis can help reverse engineers to perform reverse analysis more efficiently.This paper investigates and implements a new method to iden-tify whether an Android application is obfuscated,and if so,which obfuscation tool is used.The method relies only on the Dalvik by-tecode in the Android application,and the recognition problem is equivalently replaced by a machine learning classification task based on a model of bytecode attributes(such as strings of different categories),through the classification model from relatively sim-ple code,the precise source of confusion is inferred from the features.Experiments are carried out on the constructed obfuscated ap-plication dataset,and the results show that the method achieves an F1 score of 0.94 and can accurately classify the obfuscated APKs using ProGuard,Allatori and DashO.
国家科技期刊平台
NSTL
万方数据
