Identify and Inspect Libraries in Android Applications

Libraries may become a liability for users security. Existing studies show that libraries can be exploited to propagate malware. Hackers utilize fake or modified libraries to execute malicious behaviours. Vetting library instances in applications are desirable. However, it is impeded by the absence of robust library detection method and library vetting method. This paper proposes a hybrid library detection method that it combines name-based method and feature-based method to identify library instances in applications. It can resist simple identifier renaming. Furthermore, this paper proposes an abnormal library detection method that it utilizes frequent pattern to measure the normal degree of library instances. Comparing with existing methods, the abnormal library detection method can not rely on original library files. A ground truth dataset that it consists of 177 malicious applications with abnormal library instance and 81,317 benign apps is used to demonstrate the effectiveness of proposed approaches. Experimental results show that the approaches can precisely detect library instances and effectively reduce the cost of abnormal library detection.