Towards a scalable resource-driven approach for detecting repackaged Android applications

Proceedings of the 30th Annual Computer Security Applications Conference Pub Date : 2014-12-08 DOI:10.1145/2664243.2664275

Yuru Shao, Xiapu Luo, Chenxiong Qian, Peng Fei Zhu, Lei Zhang

{"title":"Towards a scalable resource-driven approach for detecting repackaged Android applications","authors":"Yuru Shao, Xiapu Luo, Chenxiong Qian, Peng Fei Zhu, Lei Zhang","doi":"10.1145/2664243.2664275","DOIUrl":null,"url":null,"abstract":"Repackaged Android applications (or simply apps) are one of the major sources of mobile malware and also an important cause of severe revenue loss to app developers. Although a number of solutions have been proposed to detect repackaged apps, the majority of them heavily rely on code analysis, thus suffering from two limitations: (1) poor scalability due to the billion opcode problem; (2) unreliability to code obfuscation/app hardening techniques. In this paper, we explore an alternative approach that exploits core resources, which have close relationships with codes, to detect repackaged apps. More precisely, we define new features for characterizing apps, investigate two kinds of algorithms for searching similar apps, and propose a two-stage methodology to speed up the detection. We realize our approach in a system named ResDroid and conduct large scale evaluation on it. The results show that ResDroid can identify repackaged apps efficiently and effectively even if they are protected by obfuscation or hardening systems.","PeriodicalId":104443,"journal":{"name":"Proceedings of the 30th Annual Computer Security Applications Conference","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"102","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 30th Annual Computer Security Applications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2664243.2664275","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 102

Abstract

Repackaged Android applications (or simply apps) are one of the major sources of mobile malware and also an important cause of severe revenue loss to app developers. Although a number of solutions have been proposed to detect repackaged apps, the majority of them heavily rely on code analysis, thus suffering from two limitations: (1) poor scalability due to the billion opcode problem; (2) unreliability to code obfuscation/app hardening techniques. In this paper, we explore an alternative approach that exploits core resources, which have close relationships with codes, to detect repackaged apps. More precisely, we define new features for characterizing apps, investigate two kinds of algorithms for searching similar apps, and propose a two-stage methodology to speed up the detection. We realize our approach in a system named ResDroid and conduct large scale evaluation on it. The results show that ResDroid can identify repackaged apps efficiently and effectively even if they are protected by obfuscation or hardening systems.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

朝着一个可扩展的资源驱动的方法来检测重新打包的Android应用程序

重新打包的Android应用程序(或简称应用程序)是移动恶意软件的主要来源之一，也是应用程序开发商严重损失收入的重要原因。虽然已经提出了许多检测重新打包应用程序的解决方案，但大多数解决方案严重依赖于代码分析，因此受到两个限制:(1)由于十亿操作码问题而导致的可扩展性差;(2)代码混淆/应用程序加固技术的不可靠性。在本文中，我们探索了一种替代方法，利用与代码密切相关的核心资源来检测重新打包的应用程序。更准确地说，我们定义了表征应用程序的新特征，研究了两种搜索类似应用程序的算法，并提出了一种两阶段的方法来加快检测速度。我们在一个名为ResDroid的系统中实现了我们的方法，并对其进行了大规模的评估。结果表明，ResDroid可以高效地识别重新打包的应用程序，即使它们受到混淆或强化系统的保护。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings of the 30th Annual Computer Security Applications Conference

自引率

0.00%

发文量