Reference : Evaluation of Resource-based App Repackaging Detection in Android
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/29223
Evaluation of Resource-based App Repackaging Detection in Android
English
Gadyatskaya, Olga mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) >]
Lezza, A.-L. [> >]
Zhauniarovich, Y. [> >]
2016
Proc. of NordSec
Springer
LNCS 10014
Yes
No
International
The 21st Nordic Conference on Secure IT Systems (NordSec)
from 02-11-2016 to 04-11-2016
Oulu
Finland
[en] Android ; repackaging detection ; app resources
[en] Android app repackaging threatens the health of application markets, as repackaged apps, besides stealing revenue for honest developers, are also a source of malware distribution. Techniques that rely on visual similarity of Android apps recently emerged as a way to tackle the repackaging detection problem, as code-based detection techniques often fail in terms of effi ciency, and e ffectiveness when obfuscation is applied [19,21]. Among such techniques, the resource-based repackaging detection approach that compares sets of files included in apks has arguably the best performance [20,17,10]. Yet, this approach has not been previously validated on a dataset of repackaged apps.
In this paper we report on our evaluation of the approach, and present substantial improvements to it. Our experiments show that the state-of-art tools applying this technique rely on too restrictive thresholds. Indeed, we demonstrate that a very low proportion of identical resource files in two apps is a reliable evidence for repackaging. Furthermore, we have shown that the Overlap similarity score performs better than the Jaccard similarity coe fficient used in previous works. By applying machine learning techniques, we give evidence that considering separately the included resource fi le types signi cantly improves the detection accuracy of the method. Experimenting with a balanced dataset of more than 2700 app pairs, we show that with our enhancements it is possible to achieve the F-measure of 0.9919.
Interdisciplinary Centre for Security, Reliability and Trust - SnT
Fonds National de la Recherche - FnR
COMMA
Researchers ; Professionals ; Students ; General public
http://hdl.handle.net/10993/29223
10.1007/978-3-319-47560-8_9
The original publication is available at http://link.springer.com/chapter/10.1007%2F978-3-319-47560-8_9
FnR ; FNR10404933 > Olga Gadyatskaya > COMMA > Combating Context-Sensitive Mobile Malware > 01/04/2016 > 31/03/2019 > 2015

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Limited access
NordSec-2016-CR.pdfAuthor postprint314.47 kBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.