Evaluation of Resource-based App Repackaging Detection in Android

Gadyatskaya, Olga; Lezza, A.-L.; Zhauniarovich, Y.

doi:10.1007/978-3-319-47560-8_9

Request a copy

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Evaluation of Resource-based App Repackaging Detection in Android

Gadyatskaya, Olga; Lezza, A.-L.; Zhauniarovich, Y.

2016 • In Proc. of NordSec

Peer reviewed

Permalink
https://hdl.handle.net/10993/29223

DOI
10.1007/978-3-319-47560-8_9

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

NordSec-2016-CR.pdf

Author postprint (322.02 kB)

Request a copy

The original publication is available at http://link.springer.com/chapter/10.1007%2F978-3-319-47560-8_9

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Android; repackaging detection; app resources

Abstract :

[en] Android app repackaging threatens the health of application markets, as repackaged apps, besides stealing revenue for honest developers, are also a source of malware distribution. Techniques that rely on visual similarity of Android apps recently emerged as a way to tackle the repackaging detection problem, as code-based detection techniques often fail in terms of effi ciency, and e ffectiveness when obfuscation is applied [19,21]. Among such techniques, the resource-based repackaging detection approach that compares sets of files included in apks has arguably the best performance [20,17,10]. Yet, this approach has not been previously validated on a dataset of repackaged apps. In this paper we report on our evaluation of the approach, and present substantial improvements to it. Our experiments show that the state-of-art tools applying this technique rely on too restrictive thresholds. Indeed, we demonstrate that a very low proportion of identical resource files in two apps is a reliable evidence for repackaging. Furthermore, we have shown that the Overlap similarity score performs better than the Jaccard similarity coe fficient used in previous works. By applying machine learning techniques, we give evidence that considering separately the included resource fi le types signi cantly improves the detection accuracy of the method. Experimenting with a balanced dataset of more than 2700 app pairs, we show that with our enhancements it is possible to achieve the F-measure of 0.9919.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust - SnT

Disciplines :

Computer science

Author, co-author :

Gadyatskaya, Olga ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Lezza, A.-L.

Zhauniarovich, Y.

External co-authors :

yes

Language :

English

Title :

Evaluation of Resource-based App Repackaging Detection in Android

Publication date :

2016

Event name :

The 21st Nordic Conference on Secure IT Systems (NordSec)

Event place :

Oulu, Finland

Event date :

from 02-11-2016 to 04-11-2016

Audience :

International

Main work title :

Proc. of NordSec

Publisher :

Springer

Collection name :

LNCS 10014

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

FnR Project :

FNR10404933 - Combating Context-sensitive Mobile Malware, 2015 (01/04/2016-31/03/2019) - Olga Gadyatskaya

Name of the research project :

COMMA

Funders :

FNR - Fonds National de la Recherche [LU]

Available on ORBilu :

since 02 January 2017

Statistics

Number of views

112 (6 by Unilu)

Number of downloads

1 (0 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

Bibliography

Chen, K., Liu, P., Zhang, Y.: Achieving accuracy and scalability simultaneously in detecting application clones on Android markets. In: Proceedings of ICSE. IEEE/ACM (2014)
Chen, K., Wang, P., Lee, Y., Wang, X., Zhang, N., Huang, H., Zou, W., Liu, P.: Finding unknown malice in 10 s: mass vetting for new threats at the Google-Play scale. In: Proceedings of USENIX Security Symposium (2015)
Crussell, J., Gibler, C., Chen, H.: Attack of the clones: detecting cloned applications on Android markets. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 37–54. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33167-1_3
Crussell, J., Gibler, C., Chen, H.: Scalable semantics-based detection of similar Android applications. In: Proceedings of ESORICS (2013)
Desnos, A.: Android: static analysis using similarity distance. In: Proceedings of HICSS 2012, pp. 5394–5403 (2012)
Gadyatskaya, O., Massacci, F., Zhauniarovich, Y.: Security in the Firefox OS and Tizen mobile platforms. IEEE Comput. 47(6), 57–63 (2014)
Gonzalez, H., Kadir, A., Stackanova, N., Alzahrani, A., Ghorbani, A.: Exploring reverse engineering symptoms in Android apps. In: Proceedings of EuroSec. ACM (2015)
Guan, Q., Huang, H., Luo, W., Zhu, S.: Semantics-based repackaging detection for mobile apps. In: Caballero, J., Bodden, E., Athanasopoulos, E. (eds.) ESSoS 2016. LNCS, vol. 9639, pp. 89–105. Springer, Heidelberg (2016). doi:10.1007/978-3-319-30806-7_6
Hanna, S., Huang, L., Wu, E., Li, S., Chen, C., Song, D.: Juxtapp: a scalable system for detecting code reuse among Android applications. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 62–81. Springer, Heidelberg (2013). doi:10.1007/978-3-642-37300-8_4
Ishii, Y., Watanabe, T., Akiyama, M., Mori, T.: Clone or relative? Understanding the originals of similar Android apps. In: Proceedings of IWSPA. ACM (2016)
Li, L., Li, D., Bissyandé, T.F., Lo, D., Klein, J., Le Traon, Y.: Ungrafting malicious code from piggybacked Android apps. Technical report, SnT, University of Luxembourg (2016)
Lindorfer, M., Volanis, S., Sisto, A., Neugschwandtner, M., Athanasopoulos, E., Maggi, F., Platzer, C., Zanero, S., Ioannidis, S.: AndRadar: fast discovery of Android applications in alternative markets. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 51–71. Springer, Heidelberg (2014). doi:10.1007/978-3-319-08509-8_4
Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., Duchesnay, E.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)
Saeys, Y., Inza, I., Larrañaga, P.: A review of feature selection techniques in bioinformatics. Bioinformatics 23(19), 2507–2517 (2007)
Shao, Y., Luo, X., Qian, C., Zhu, P., Zhang, L.: Towards a scalable resourcedriven approach for detecting repackaged Android applications. In: Proceedings of ACSAC. ACM (2014)
Sun, M., Li, M., Lui, J.: DroidEagle: seamless detection of visually similar Android apps. In: Proceedings of WiSec. ACM (2015)
Viennot, N., Garcia, E., Nieh, J.: A measurement study of Google Play. In: Proceedings of SIGMETRICS. ACM (2014)
Wang, H., Guo, Y., Ma, Z., Chen, X.: WuKong: a scalable and accurate two-phase approach to Android app clone detection. In: Proceedings of ISSTA. ACM (2015)
Zhang, F., Huang, H., Zhu, S., Wu, D., Liu, P.: ViewDroid: towards obfuscationresilient mobile application repackaging detection. In: Proceedings of WiSec. ACM (2014)
Zhauniarovich, Y., Gadyatskaya, O., Crispo, B., La Spina, F., Moser, E.: FSquaDRA: fast detection of repackaged applications. In: Atluri, V., Pernul, G. (eds.) DBSec 2014. LNCS, vol. 8566, pp. 130–145. Springer, Heidelberg (2014). doi:10.1007/978-3-662-43936-4_9
Zhauniarovich, Y., Ahmad, M., Gadyatskaya, O., Crispo, B., Massacci, F.: Sta- DynA: addressing the problem of dynamic code updates in the security analysis of Android applications. In: Proceedings of CODASPY (2015)
Zhauniarovich, Y., Gadyatskaya, O.: Small changes, big changes: an updated view on the Android permission system. In: Monrose, F., Dacier, M., Blanc, G., Garcia- Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 346–367. Springer International Publishing, Switzerland (2016). doi:10.1007/978-3-319-45719-2_16
Zhauniarovich, Y., Gadyatskaya, O., Crispo, B.: Demo: enabling trusted stores for Android. In: Proceedings of CCS, pp. 1345–1348. ACM (2013)
Zhauniarovich, Y., Philippov, A., Gadyatskaya, O., Crispo, B., Massacci, F.: Towards black box testing of Android apps. In: Proceedings of Software Assurance Workshop at ARES, pp. 501–510 (2015)
Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of CODASPY (2012)
Zhou, Y., Jiang, X.: Dissecting Android malware: characterization and evolution. In: Proceedings of S& P. IEEE (2012)