Á¤º¸°úÇÐȸ ÄÄÇ»ÆÃÀÇ ½ÇÁ¦ ³í¹®Áö (KIISE Transactions on Computing Practices)
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
³µ¶ÈµÈ ¿ÀǼҽº ¾Èµå·ÎÀÌµå ¾ÛÀ» ŽÁöÇÏ´Â ±â¹ý ±¸Çö |
| ¿µ¹®Á¦¸ñ(English Title) |
Implementing a Technique for Detecting Obfuscated Open-Source Android Apps |
| ÀúÀÚ(Author) |
ÀÓ°æȯ
±èº´Ã¶
Á¶¼ºÁ¦
Kyeonghwan Lim
Byoungchir Kim
Seong-je Cho
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 25 NO. 02 PP. 0106 ~ 0112 (2019. 02) |
Çѱ۳»¿ë
(Korean Abstract) |
ÃÖ±Ù ¿ÀǼҽº ¼ÒÇÁÆ®¿þ¾î(Open-Source Software, OSS)°¡ ³Î¸® »ç¿ëµÊ¿¡ µû¶ó, OSS ¶óÀ̼±½º À§¹Ý »ç·Ê°¡ ¸¹ÀÌ ¹ß»ýÇÏ°í ÀÖ´Ù. ÇÑÆí OpenSSL, WebView µî ´ëÇ¥ÀûÀÎ OSS¿¡¼ º¸¾È Ãë¾àÁ¡ÀÌ ¹ß°ßµÇ°í ÀÖÀ¸¸ç ÀÌ·Î ÀÎÇÑ º¸¾È À§Çùµµ Áõ´ëµÇ°í ÀÖ´Ù. ÀÌ¿¡ OSS¸¦ ŽÁöÇϱâ À§ÇÑ ¿¬±¸°¡ ÁøÇàµÇ°í ÀÖÀ¸³ª, ÄÚµå ³µ¶È(code obfuscation)¸¦ °í·ÁÇÑ ¿¬±¸´Â °ÅÀÇ ¼öÇàµÇÁö ¾Ê¾Ò´Ù. º» ³í¹®¿¡¼´Â ³µ¶ÈµÈ ¾Èµå·ÎÀÌµå ¾ÛÀÌ OSS·ÎºÎÅÍ »ý¼ºµÇ¾ú´ÂÁö¸¦ ½Äº°ÇÏ´Â ±â¹ýÀ» Á¦¾ÈÇÏ°í ½ÇÇèÀ» ÅëÇØ Á¦¾È ±â¹ýÀ» °ËÁõÇÑ´Ù. Á¦¾È ±â¹ýÀº ½ÇÇàÄÚµåÀÇ Å¬·¡½º °èÃþ±¸Á¶ Á¤º¸(Class Hierarchy Information: CHI) ±â¹ÝÀ¸·Î ¿ÀǼҽº ¾ÛÀ» ŽÁöÇÑ´Ù. ¸ÕÀú, ³µ¶ÈµÇÁö ¾ÊÀº ¾Èµå·ÎÀÌµå ¾ÛµéÀ» ´ë»óÀ¸·Î CHI ±â¹Ý Ư¡Á¤º¸µéÀ» DB·Î ±¸ÃàÇÑ ÈÄ, ³µ¶ÈµÈ ¾ÛÀ¸·ÎºÎÅÍ CHI ±â¹Ý Ư¡Á¤º¸¸¦ ÃßÃâÇÏ¿© DBÀÇ Æ¯Â¡Á¤º¸¿Í ºñ±³ÇÏ¿© ÀÏÄ¡Çϸé OSS·Î ŽÁöÇÑ´Ù. µÎ ¹ø° ½ÇÇè¿¡¼´Â, ³µ¶ÈµÈ ¾ÛÀ» ¿ª³µ¶È(de-obfuscation)ÇÏ¿© º¹¿øÇÑ ÈÄ, ¿ª³µ¶ÈµÈ ¾ÛÀ¸·ÎºÎÅÍ CHI ±â¹Ý Ư¡Á¤º¸¸¦ ÃßÃâÇÏ¿© DBÀÇ Æ¯Â¡Á¤º¸¿Í ºñ±³ÇÏ¿© ¿ÀÇ ¼Ò½º ¿©ºÎ¸¦ ŽÁöÇÑ´Ù. ½ÇÇè °á°ú, CHI ±â¹Ý Ư¡Á¤º¸°¡ Á¦¾îÈ帧 ³µ¶È³ª º¯¼ö ¸í ³µ¶È¿¡´Â °ÀÎÇϳª Ŭ·¡½º ¸í ³µ¶È¿¡´Â À¯È¿ÇÏÁö ¾Ê¾Ò´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
With the widespread use of open-source software (OSS) in recent years, the number of violating OSS licenses has been increased. On the other hand, there have been increases in security threats and vulnerabilities found in representative OSS such as OpenSSL and WebView. Therefore, a lot of research has been conducted to detect various OSS modules. However, there has been little research on OSS detection considering the effect of code obfuscation. In this paper, we propose a technique for determining whether obfuscated Android apps are generated from specific open-source app(s) and verifying the proposed method through two experiments. The proposed technique detects open source Android apps based on de-obfuscation as well as Class Hierarchy Information (CHI) of executable code. In the first experiment, after constructing DB with the CHI-based feature information for non-obfuscated Android apps, our technique extracts the CHI-based feature from an obfuscated app, individually compares it with each feature of the DB, and identifies the obfuscated apps as OSS if two features match. In the second experiment, we restore an obfuscated app by de-obfuscation, extract CHI-based feature from the restored app and compare the feature with each feature of the DB. Experimental results show that while the CHI-based feature is robust against control flow and variable renaming obfuscations, it is not effective in class renaming obfuscation.
|
| Å°¿öµå(Keyword) |
¿ÀǼҽº ¼ÒÇÁÆ®¿þ¾î(OSS)
¾Èµå·ÎÀÌµå ¾Û
ÄÚµå ³µ¶È
¿ª³µ¶È
Ŭ·¡½º °èÃþ±¸Á¶
open-source software (OSS)
Android app
code obfuscation
de-obfuscation
class hierarchy
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
