Open-Source Android App Detection
considering the Effects of Code Obfuscation Minkyu
Park3, and Sangchul Han3 1Dankook
University, Yongin,
Republic of Korea {limkh120, gurukbc, sjcho}@dankook.ac.kr 2NAVER
Corp., Seongnam, Republic of Korea jungkyu.han@navercorp.com 3Konkuk
University, Chungju,
Republic of Korea {minkyup, schan}@kku.ac.kr
Abstract As open source software (Open Source Software, OSS) is becoming more and more popular, the risk of open-source license violation also increases. According to 2018 open source security and risk analysis report of Synopsys, 96% of applications (apps) include open source software and 74% of them them have licensing issues. To address this problem, many researchers have studied opensource licensing and OSS detection. However, most ones have conducted at source code level and have not considered the effects of code obfuscation. In this paper, we propose an effective technique to extract software birthmarks (i.e., features) from executable code of Android apps and find out whether the executable code is created from OSS by comparing the birthmarks of the executable code and those of known open-source apps. The proposed technique uses class hierarchy information (CHI) and control flow graphs (CFGs) as software birthmarks of Java bytecode code level. The CFG birthmark is robust against code obfuscation attacks and thus effective to detect open-source apps although their codes are obfuscated. We validate the proposed OSS detection technique through experiments on obfuscated apps. Keywords: Open Source Software, similarity,
control flow graph, class hierarchy information. +: Corresponding author: Seong-je
Cho Vol. 9, No. 3,
pp. 50-61, September 2018 [pdf] |