面向Android支付破解应用的检测方法

Android破解应用存在侵犯合法软件权益和传播恶意代码的风险.为有效检测Android平台上的支付破解应用，提出一种基于机器学习的检测方法.针对反汇编的字节码文件构建了支付语义信息调用控制流和支付数据库操作函数集，通过n-gram和重复代码子块长度统计方法构造相应特征集，最后构建带决策机制的多分类器检测模型以识别Android应用中不同的支付破解行为.实验结果表明，所提检测方法的模型检测精确率为85.24%，AUC值为0.87，与同类方法相比，对支付破解类应用的检测率有显著提高，有效解决了支付破解应用的检测问题.

Detection Method for Android Payment Cracked Application

Android cracked applications have the risks of infringing on legitimate software rights and spreading malicious code. To detect the payment cracked applications on Android platform, we propose a detection method based on machine learning. Based on the disassembled bytecode file, the call control flow of payment semantic information and the payment database operation function set are constructed. We use a n-gram statistical method and a repeated code sub-block length statistical method to construct the corresponding feature set, and build a multi-classifier detection model with a decision-making mechanism to identify different payment cracked behaviors in Android applications. The experimental results show that the detection accuracy rate of this model is 85.24%, and the area under curve (AUC) value is 0.87. Compared with the baseline methods, the detection rate of payment cracked applications is significantly improved, which effectively solves the detection problem of payment cracked applications.