FSquaDRA: Fast Detection of Repackaged Applications

Zhauniarovich, Yury; GADYATSKAYA, Olga; Crispo, Bruno; La Spina, Francesco; Moser, Ermanno

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

FSquaDRA: Fast Detection of Repackaged Applications

Zhauniarovich, Yury; GADYATSKAYA, Olga; Crispo, Bruno et al.

2014 • In Data and Applications Security and Privacy XXVIII

Peer reviewed

Permalink
https://hdl.handle.net/10993/19891

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

Fsquadra_Zhauniarovich2014.pdf

Author postprint (753.29 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Android; security; repackaging

Abstract :

[en] The ease of Android applications repackaging and proliferation of application clones in Google Play and other markets call for new effective techniques to detect repackaged code and combat distribution of cloned applications. Today all existing techniques for repackaging detection are based on code similarity or feature (e.g., permission set) similarity evaluation. We propose a new approach to detect repackaging based on the resource files available in application packages. Our tool called FSquaDRA performs a quick pairwise application comparison (full pairwise comparison for 55,000 applications in just 80 hours on a laptop), as it measures how many identical resources are present inside both packages under analysis. The intuition behind our approach is that malicious repackaged applications still need to maintain the “look and feel” of the originals by including the same images and other resource files, even though they might have additional code included or some of the original code removed. To evaluate the reliability of our approach we perform a comparison of the FSquaDRA similarity scores with the code-based similarity scores of AndroGuard for a dataset of randomly selected application pairs, and our results demonstrate strong positive correlation of the FSquaDRA resource-based score with the code-based similarity score.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust (SnT)

Disciplines :

Computer science

Author, co-author :

Zhauniarovich, Yury; University of Trento

GADYATSKAYA, Olga ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) ; CSC/FSTC

Crispo, Bruno; University of Trento

La Spina, Francesco; University of Trento

Moser, Ermanno; University of Trento

External co-authors :

yes

Language :

English

Title :

FSquaDRA: Fast Detection of Repackaged Applications

Publication date :

July 2014

Event name :

28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2014)

Event date :

14-16 July 2014

Audience :

International

Main work title :

Data and Applications Security and Privacy XXVIII

Publisher :

Springer

Collection name :

Lecture Notes in Computer Science Volume 8566

Pages :

130-145

Peer reviewed :

Peer reviewed

Available on ORBilu :

since 02 February 2015

Statistics

Number of views

123 (3 by Unilu)

Number of downloads

657 (9 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

WoS citations^™

Bibliography

ActionBarSherlock, http://actionbarsherlock.com/
AndroGuard: Reverse engineering, Malware and goodware analysis of Android applications, https://code.google.com/p/androguard/
Android-apktool: A tool for reverse engineering Android apk files, https://code. google.com/p/android-apktool/
Smali: An assembler/disassembler for Android's dex format, https://code.google.com/p/smali/
Cilibrasi, R., Vit́anyi, P.M.B.: Clustering by compression. IEEE Transactions on Information Theory 51, 1523-1545 (2005)
Crussell, J., Gibler, C., Chen, H.: Attack of the clones: Detecting cloned applications on android markets. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 37-54. Springer, Heidelberg (2012)
Crussell, J., Gibler, C., Chen, H.: Scalable semantics-based detection of similar android applications. In: Proc. of Esorics 2013 (2013)
Desnos, A.: Android: Static analysis using similarity distance. In: Proc. of HICSS 2012, pp. 5394-5403 (2012)
Gibler, C., Stevens, R., Crussell, J., Chen, H., Zang, H., Choi, H.: Adrob: examining the landscape and impact of android application plagiarism. In: Proc. of MobiSys 2013, pp. 431-444 (2013)
Hanna, S., Huang, L., Wu, E., Li, S., Chen, C., Song, D.: Juxtapp: A scalable system for detecting code reuse among android applications. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 62-81. Springer, Heidelberg (2013)
Huang, H., Zhu, S., Liu, P., Wu, D.: A framework for evaluating mobile app repack-aging detection algorithms. In: Huth, M., Asokan, N., Capkun, S., Flechais, I., Coles-Kemp, L. (eds.) TRUST 2013. LNCS, vol. 7904, pp. 169-186. Springer, Heidelberg (2013)
Potharaju, R., Newell, A., Nita-Rotaru, C., Zhang, X.: Plagiarizing smartphone applications: attack strategies and defense techniques. In: Barthe, G., Livshits, B., Scandariato, R. (eds.) ESSoS 2012. LNCS, vol. 7159, pp. 106-120. Springer, Heidelberg (2012)
Protalinski, E.: Warning: New Android malware tricks users with real Opera Mini (July 2012), http://www.zdnet.com/warning-new-android-malware-tricks- users-with-real-opera-mini-7000001586/
Vidas, T., Christin, N.: Sweetening android lemon markets: measuring and combating malware in application marketplaces. In: Proc. of CODASPY 2013, pp. 197-208 (2013)
Zhou, W., Zhou, Y., Grace, M., Jiang, X., Zou, S.: Fast, scalable detection of "pig-gybacked" mobile applications. In: Proc. of CODASPY 2013, pp. 185-196 (2013)
Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting repackaged smartphone applications in third-party android marketplaces. In: Proc. of CODASPY 2012, pp. 317-326 (2012)