Reference : FSquaDRA: Fast Detection of Repackaged Applications
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/19891
FSquaDRA: Fast Detection of Repackaged Applications
English
Zhauniarovich, Yury [University of Trento]
Gadyatskaya, Olga mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > > ; > CSC/FSTC]
Crispo, Bruno [University of Trento]
La Spina, Francesco [University of Trento]
Moser, Ermanno [University of Trento]
Jul-2014
Data and Applications Security and Privacy XXVIII
Springer
Lecture Notes in Computer Science Volume 8566
130-145
Yes
No
International
28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2014)
14-16 July 2014
[en] Android ; security ; repackaging
[en] The ease of Android applications repackaging and proliferation of application clones in Google Play and other markets call for new effective techniques to detect repackaged code and combat distribution of cloned applications. Today all existing techniques for repackaging detection are based on code similarity or feature (e.g., permission set) similarity evaluation. We propose a new approach to detect repackaging based on the resource files available in application packages. Our tool called FSquaDRA performs a quick pairwise application comparison (full pairwise comparison for 55,000 applications in just 80 hours on a laptop), as it measures how many identical resources are present inside both packages under analysis. The intuition behind our approach is that malicious repackaged applications still need to maintain the “look and feel” of the originals by including the same images and other resource files, even though they might have additional code included or some of the original code removed.
To evaluate the reliability of our approach we perform a comparison of the FSquaDRA similarity scores with the code-based similarity scores of AndroGuard for a dataset of randomly selected application pairs, and our results demonstrate strong positive correlation of the FSquaDRA resource-based score with the code-based similarity score.
Interdisciplinary Centre for Security, Reliability and Trust (SnT)
http://hdl.handle.net/10993/19891

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
Fsquadra_Zhauniarovich2014.pdfAuthor postprint735.63 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.