Open AccessDynamic Loading Vulnerability Detection for Android Applications Through Ensemble Learning
Author(s) -
Yang Tianchang,
Cui Haoliang,
Niu Shaozhang
Publication year - 2017
Publication title -
chinese journal of electronics
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.267
H-Index - 25
eISSN - 2075-5597
pISSN - 1022-4653
DOI - 10.1049/cje.2017.07.001
Subject(s) - computer science , android (operating system) , vulnerability (computing) , ensemble learning , artificial intelligence , computer security , operating system
Valid authentication and security protection measures are not provided for external code and resources executed by dynamic loading technology during the runtime in Android. In this paper, a new method of detecting vulnerabilities related to dynamic loading technology is proposed. Two phases are included in the detection process. Static analysis phase determines the location information of the loading point and extracts the feature vector for each loading procedure. Identification phase classifies the extracted feature vector by means of constructed multilabel classification ensemble learning algorithm. According to the examination result on 4464 Android applications, 37.8% of all applications use the dynamic loading technology, and more than 12% of total test applications are detected with related security deficiencies. Experimental result shows that the detection method can detect vulnerabilities of dynamic loading effectively and is more comprehensive.