{"title":"基于多分区LSH的移动应用SDK版本检测与安全预警","authors":"Siyu Gao, Yu Xiao, Ye He, Jianfeng Wen","doi":"10.1109/ACCC58361.2022.00008","DOIUrl":null,"url":null,"abstract":"Android mobile applications integrate a large number of third-party libraries (SDKs) to improve the efficiency of development and enhance the functionality of mobile applications, some SDKs have security vulnerabilities and misuse of access rights, which can cause security and privacy hazards to mobile applications. SDK version detection and vulnerability detection are the basis of mobile application security analysis, this paper proposes an LSH-based SDK version identification method. The method does SDK detection based on class hierarchy, extracts SDK source code fine-grained features using multipartition box LSH, and achieves SDK version detection by multi-feature fusion. On the basis of version identification, it does vulnerability warning and recommendation for insecure SDK versions. Collected more than 70 types and 1100 different versions of popular SDK data to build SDK information database, vulnerability database and scoring database. Verified and analyzed for 453 APPs, and the detection tool is better than other tools in the same category.","PeriodicalId":285531,"journal":{"name":"2022 3rd Asia Conference on Computers and Communications (ACCC)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Mobile Application SDK Version Detection and Security Alert Based on Multi-partition LSH\",\"authors\":\"Siyu Gao, Yu Xiao, Ye He, Jianfeng Wen\",\"doi\":\"10.1109/ACCC58361.2022.00008\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Android mobile applications integrate a large number of third-party libraries (SDKs) to improve the efficiency of development and enhance the functionality of mobile applications, some SDKs have security vulnerabilities and misuse of access rights, which can cause security and privacy hazards to mobile applications. SDK version detection and vulnerability detection are the basis of mobile application security analysis, this paper proposes an LSH-based SDK version identification method. The method does SDK detection based on class hierarchy, extracts SDK source code fine-grained features using multipartition box LSH, and achieves SDK version detection by multi-feature fusion. On the basis of version identification, it does vulnerability warning and recommendation for insecure SDK versions. Collected more than 70 types and 1100 different versions of popular SDK data to build SDK information database, vulnerability database and scoring database. Verified and analyzed for 453 APPs, and the detection tool is better than other tools in the same category.\",\"PeriodicalId\":285531,\"journal\":{\"name\":\"2022 3rd Asia Conference on Computers and Communications (ACCC)\",\"volume\":\"8 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 3rd Asia Conference on Computers and Communications (ACCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ACCC58361.2022.00008\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 3rd Asia Conference on Computers and Communications (ACCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ACCC58361.2022.00008","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Mobile Application SDK Version Detection and Security Alert Based on Multi-partition LSH
Android mobile applications integrate a large number of third-party libraries (SDKs) to improve the efficiency of development and enhance the functionality of mobile applications, some SDKs have security vulnerabilities and misuse of access rights, which can cause security and privacy hazards to mobile applications. SDK version detection and vulnerability detection are the basis of mobile application security analysis, this paper proposes an LSH-based SDK version identification method. The method does SDK detection based on class hierarchy, extracts SDK source code fine-grained features using multipartition box LSH, and achieves SDK version detection by multi-feature fusion. On the basis of version identification, it does vulnerability warning and recommendation for insecure SDK versions. Collected more than 70 types and 1100 different versions of popular SDK data to build SDK information database, vulnerability database and scoring database. Verified and analyzed for 453 APPs, and the detection tool is better than other tools in the same category.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
