摘要
代码混淆作为一种知识产权的保护手段,经常被开发者用于保护应用程序的代码资源。然而,随着Android市场份额的不断扩大,越来越多的恶意软件也开始使用代码混淆来隐藏其真实意图,对抗常见的检测工具。针对Android系统常见的标识符重命名、字符串加密、Java反射以及应用加壳4种代码混淆手段,在Android软件数据集上进行了调研和分析。分析结果表明,Android恶意软件对代码混淆的使用情况与普通软件差异较大,能够辅助安全工程师对恶意软件进行识别与检测。
As a means of protecting intellectual property,code obfuscation is often used by developers to protect code resources of applications.However,as Android takes bigger and bigger market shares,more and more malware developers start to use code obfuscation to hide their true intentions and counter common detection tools.Aiming at the four common code obfuscation methods in the Android system:identifier renaming,string encryption,Java reflection,and application packing,this paper conducts research and analysis on the Android software dataset.The analysis results indicate that the use of code obfuscation by Android malware is quite different from that of ordinary software,which can be leveraged by analysts to do Android malware recognition and detection.
作者
徐玄骥
董帅克
张智斌
XU Xuanji;DONG Shuaike;ZHANG Zhibin(Kunming University of Science and Technology,Kunming Yunnan 650600,China;Ant Financial Services Group Co.,Ltd.,Hangzhou Zhejiang 310000,China)
出处
《通信技术》
2021年第6期1486-1491,共6页
Communications Technology
关键词
安卓
恶意应用
代码混淆
程序分析
Android
malicious application
code obfuscation
program analysis
