SPRD：基于应用UI和程序依赖图的Android重打包应用快速检测方法

doi:10.11959/j.issn.1000-436x.2018045

通信学报 ›› 2018, Vol. 39 ›› Issue (3): 159-171.doi: 10.11959/j.issn.1000-436x.2018045

SPRD：基于应用UI和程序依赖图的Android重打包应用快速检测方法

汪润^1,^2,³,王丽娜^1,^2,³,唐奔宵^1,^2,³,赵磊^1,^2,³

¹ 武汉大学空天信息安全与可信计算教育部重点实验室，湖北武汉 430072
² 武汉大学计算机学院，湖北武汉 430072
³ 武汉大学国家网络安全学院，湖北武汉 430072

修回日期:2017-12-21 出版日期:2018-03-01 发布日期:2018-04-02
作者简介:汪润（1991-），男，安徽安庆人，武汉大学博士生，主要研究方向为 Android 安全与隐私、系统安全等。|王丽娜（1964-），女，辽宁营口人，博士，武汉大学教授、博士生导师，主要研究方向为系统安全、网络安全、信息隐藏等。|唐奔宵（1991-），男，湖北黄石人，武汉大学博士生，主要研究方向为移动安全与隐私、系统安全等。|赵磊（1985-），男，山东菏泽人，博士，武汉大学副教授、硕士生导师，主要研究方向为软件安全、系统安全等。
基金资助:
国家自然科学基金资助项目(U1536204);国家自然科学基金资助项目(61672394);国家自然科学基金资助项目(61373169);国家自然科学基金资助项目(61672393);国家高技术研究发展计划（“863”计划）基金资助项目(2015AA016004)

SPRD:fast application repackaging detection approach in Android based on application’s UI and program dependency graph

Run WANG^1,^2,³,Li’na WANG^1,^2,³,Benxiao TANG^1,^2,³,Lei ZHAO^1,^2,³

¹ Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education,Wuhan University,Wuhan 430072,China
² School of Computer,Wuhan University,Wuhan 430072,China
³ School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,China

Revised:2017-12-21 Online:2018-03-01 Published:2018-04-02
Supported by:
The National Natural Science Foundation of China(U1536204);The National Natural Science Foundation of China(61672394);The National Natural Science Foundation of China(61373169);The National Natural Science Foundation of China(61672393);The National High Technology Research and Development Program of China (863 Program)(2015AA016004)

摘要/Abstract

摘要：

研究发现重打包应用通常不修改应用用户交互界面（UI,user interface）的结构，提出一种基于应用 UI和程序代码的两阶段检测方法。首先，设计了一种基于UI抽象表示的散列快速相似性检测方法，识别UI相似的可疑重打包应用；然后，使用程序依赖图作为应用特征表示，实现细粒度、精准的代码克隆检测。基于所提方法实现了一种原型系统——SPRD（scalable and precise repacking detection），实验验证所提方法具有良好的可扩展性和准确性，可以有效地应用于百万级应用和亿万级代码的大规模应用市场。

关键词: 重打包, 代码克隆, 用户界面, 程序依赖图, 安全与隐私

Abstract:

A two stage detection approach which combine application’s UI and program code based on the observation that repackaging applications merely modify the structure of their user interface was proposed.Firstly,a fast hash similarity detection technique based on an abstracted representation of UI to identify the potential visual-similar repackaging applications was designed.Secondly,program dependency graph is used to represent as the feature of app to achieve fine-grained and precise code clone detection.A prototype system,SPRD,was implemented based on the proposed approach.Experimental results show that the proposed approach achieves a good performance in both scalability and accuracy,and can be effectively applied in millions of applications and billions of code detection.

Key words: repackaging, code clone, user interface, program dependency graph, security and privacy

中图分类号:

TP309.1

汪润,王丽娜,唐奔宵,赵磊. SPRD：基于应用UI和程序依赖图的Android重打包应用快速检测方法[J]. 通信学报, 2018, 39(3): 159-171.

Run WANG,Li’na WANG,Benxiao TANG,Lei ZHAO. SPRD:fast application repackaging detection approach in Android based on application’s UI and program dependency graph[J]. Journal on Communications, 2018, 39(3): 159-171.

图/表 14

图1

图2

表1

图3

图4

图5

表2

图6

图7

图8

图9

表3

表4

表5

参考文献 41

[1]	ZHOU Y , JIANG X . Dissecting Android malware:characterization and evolution[C]// IEEE Symposium on Security and Privacy (SP). 2012: 95-109.
[2]	ACAR Y , BACKES M , BUGIEL S ,et al. Sok:lessons learned from Android security research for appified software platforms[C]// 2016 IEEE Symposium on Security and Privacy (SP). 2016: 433-451.
[3]	XU M , SONG C , JI Y ,et al. Toward engineering a secure Android ecosystem:a survey of existing techniques[J]. ACM Computing Surveys (CSUR), 2016,49(2): 38.
[4]	ZHOU W , ZHOU Y , JIANG X ,et al. Detecting repackaged smartphone applications in third-party Android marketplaces[C]// The second ACM conference on Data and Application Security and Privacy. 2012: 317-326.
[5]	HANNA S , HUANG L , WU E ,et al. Juxtapp:a scalable system for detecting code reuse among Android applications[C]// International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment. 2012: 62-81.
[6]	CRUSSELL J , GIBLER C , CHEN H . Attack of the clones:detecting cloned applications on Android markets[C]// European Symposium on Research in Computer Security. 2012: 37-54.
[7]	WANG H , GUO Y , MA Z ,et al. Wukong:a scalable and accurate two-phase approach to Android app clone detection[C]// The 2015 International Symposium on Software Testing and Analysis. 2015: 71-82.
[8]	王浩宇, 王仲禹, 郭耀 ,等. 基于代码克隆检测技术的 Android 应用重打包检测[J]. 中国科学:信息科学, 2014,44(1): 142-157.
	WANG H Y , WANG Z Y , GUO Y ,et al. Detecting repackaged Android applications based on code clone detection technique[J]. Science China Information Sciences, 2014,44(1): 142-157.
[9]	ZHANG F , HUANG H , ZHU S ,et al. ViewDroid:towards obfuscation-resilient mobile application repackaging detection[C]// The 2014 ACM Conference on Security and Privacy in Wireless ＆ Mobile Networks. 2014: 25-36.
[10]	SUN M , LI M , LUI J . Droideagle:seamless detection of visually similar Android apps[C]// The 8th ACM Conference on Security ＆Privacy in Wireless and Mobile Networks. 2015:9.
[11]	焦四辈, 应凌云, 杨轶 ,等. 一种抗混淆的大规模 Android 应用相似性检测方法[J]. 计算机研究与发展, 2014,51(7): 1446-1457.
	JIAO S B , YING L Y , YANG Y ,et al. An anti-obfuscation method for detecting similarity among Android applications in large scale[J]. Journal of Computer Research and Development, 2014,51(7): 1446-1457.
[12]	卿斯汉 . Android 安全研究进展[J]. 软件学报, 2016,27(1): 45-71.
	QING S H . Research progress on Android security[J]. Journal of Software, 2016,27(1): 45-71.
[13]	文伟平, 梅瑞, 宁戈 ,等. Android 恶意软件检测技术分析和应用研究[J]. 通信学报, 2014,35(8): 78-86.
	WEN W P , MEI R , NING G ,et al. Malware detection technology analysis and applied research of Android platform[J]. Journal on Communications, 2014,35(8): 78-86.
[14]	张玉清, 王凯, 杨欢 ,等. Android 安全综述[J]. 计算机研究与发展, 2014,51(7): 1385-1396.
	ZHANG Y Q , WANG K , YANG H ,et al. Survey of Android OS security[J]. Journal of Computer Research and Development, 2014,51(7): 1385-1396.
[15]	李挺, 董航, 袁春阳 ,等. 基于 Dalvik 指令的 Android恶意代码特征描述及验证[J]. 计算机研究与发展, 2014,51(7): 1458-1466.
	LI T , DONG H , YUAN C Y ,et al. Description of Android malware feature based on Dalvik instructions[J]. Journal of Computer Research and Development, 2014,51(7): 1458-1466.
[16]	张玉清, 方喆君, 王凯 ,等. Android 安全漏洞挖掘技术综述[J]. 计算机研究与发展, 2015,52(10): 2167-2177.
	ZHANG Y Q , FANG Z J , WANG K ,et al. Survey of Android vulnerability detection[J]. Journal of Computer Research and Development, 2015,52(10): 2167-2177.
[17]	杨威, 肖旭生, 李邓锋 ,等. 移动应用安全解析学:成果与挑战[J]. 信息安全学报, 2016,1(2): 1-14.
	YANG W , XIAO X S , LI D F ,et al. Security analytics for mobile apps:achievements and challenges[J]. Journal of Cyber Security, 2016,1(2): 1-14.
[18]	刘新宇, 翁健, 张悦 ,等. 基于 APK 签名信息反馈的 Android 恶意应用检测[J]. 通信学报, 2017,38(5): 190-198.
	LIU X Y , WENG J , ZHANG Y ,et al. Android malware detection based on APK signature information feedback[J]. Journal on Communications, 2017,38(5): 190-198.
[19]	FAN M , LIU J , WANG W ,et al. DAPASA:detecting Android piggybacked apps through sensitive subgraph analysis[J]. IEEE Transactions on Information Forensics and Security, 2017,12(8): 1772-1785.
[20]	杨欢, 张玉清, 胡予濮 ,等. 基于多类特征的 Android 应用恶意行为检测系统[J]. 计算机学报, 2014,37(1): 15-27.
	YANG H , ZHANG Y Q , HU Y P ,et al. A malware behavior detection system of Android applications based on multi-class features[J]. Chinese Journal of Computers, 2014,37(1): 15-27.
[21]	ARP D , SPREITZENBARTH M , HUBNER M ,et al. DREBIN:effective and explainable detection of Android malware in your pocket[C]// NDSS. 2014.
[22]	YAN L K , YIN H . DroidScope:seamlessly reconstructing the os and dalvik semantic views for dynamic Android malware analysis[C]// USENIX Security Symposium. 2012: 569-584.
[23]	ARZT S , RASTHOFER S , FRITZ C ,et al. Flowdroid:precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for Android apps[J]. ACM Sigplan Notices, 2014,49(6): 259-269.
[24]	ENCK W , GILBERT P , HAN S ,et al. TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones[J]. ACM Transactions on Computer Systems (TOCS), 2014,32(2): 5.
[25]	许艳萍, 马兆丰, 王中华 ,等. Android 智能终端安全综述[J]. 通信学报, 2016,37(6): 169-174.
	XU Y P , MA Z F , WANG Z H ,et al. Survey of security for Android smart terminal[J]. Journal on Communications, 2016,37(6): 169-174.
[26]	LI L , LI D , BISSYANDE T F ,et al. Understanding Android App piggybacking[C]// The 39th International Conference on Software Engineering Companion. 2017: 359-361.
[27]	REAVES B , BOWERS J , GORSKI III S A ,et al. Android:assessment and evaluation of Android application analysis tools[J]. ACM Computing Surveys (CSUR), 2016,49(3): 55.
[28]	GONZALEZ H , STAKHANOVA N , GHORBANI A A . Droidkin:lightweight detection of Android apps similarity[C]// International Conference on Security and Privacy in Communication Systems. 2014: 436-453.
[29]	KIM D , GOKHALE A , GANAPATHY V ,et al. Detecting plagiarized mobile apps using API birthmarks[J]. Automated Software Engineering, 2016,23(4): 591-618.
[30]	CHEN K , LIU P , ZHANG Y . Achieving accuracy and scalability simultaneously in detecting application clones on Android markets[C]// The 36th International Conference on Software Engineering. 2014: 175-186.
[31]	CHEN K , WANG P , LEE Y ,et al. Finding unknown malice in 10 seconds:mass vetting for new threats at the Google-Play Scale[C]// USENIX Security. 2015:15.
[32]	ZHOU W , ZHOU Y , GRACE M ,et al. Fast,scalable detection of piggybacked mobile applications[C]// The Third ACM Conference on Data and Application Security and Privacy. 2013: 185-196.
[33]	CRUSSELL J , GIBLER C , CHEN H . Andarwin:scalable detection of semantically similar Android applications[C]// European Symposium on Research in Computer Security. 2013: 182-199.
[34]	SHAO Y , LUO X , QIAN C ,et al. Towards a scalable resource-driven approach for detecting repackaged Android applications[C]// The 30th Annual Computer Security Applications Conference. 2014: 56-65.
[35]	GADYATSKAYA O , LEZZA A L , ZHAUNIAROVICH Y . Evaluation of resource-based App repackaging detection in Android[C]// Nordic Conference on Secure IT Systems. 2016: 135-151.
[36]	SOH C , TAN H B K , ARNATOVICH Y L ,et al. Detecting clones in Android applications through analyzing user interfaces[C]// The 2015 IEEE 23rd International Conference on Program Comprehension. 2015: 163-173.
[37]	CORDELLA L P , FOGGIA P , SANSONE C ,et al. A (sub) graph isomorphism algorithm for matching large graphs[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2004,26(10): 1367-1372.
[38]	LI M , WANG W , WANG P ,et al. Libd:scalable and precise third-party library detection in Android markets[C]// The 39th International Conference on Software Engineering. 2017: 335-346.
[39]	LIU C , CHEN C , HAN J ,et al. GPLAG:detection of software plagiarism by program dependence graph analysis[C]// The 12th ACM SIGKDD International Conference On Knowledge Discovery And Data Mining. 2006: 872-881.
[40]	LI L , BISSYANDé T F , KLEIN J ,et al. An investigation into the use of common libraries in Android apps[C]// 2016 IEEE 23rd International Conference on Software Analysis,Evolution,and Reengineering (SANER). 2016: 403-414.
[41]	LAM P , BODDEN E , LHOTAK O ,et al. The soot framework for Java program analysis:a retrospective[C]// Cetus Users and Compiler Infrastructure Workshop (CETUS 2011). 2011.

ID	层次	父节点	节点抽象表示
a	1	#	linearlayout
b	2	a	relativelayout
c	3	b	imageview
d	3	b	linearlayout
e	3	b	relativelayout
f	3	b	textview
g	4	d	linearlayout
h	4	e	button
i	4	e	progressbar
j	5	g	textview
k	5	g	textview
l	5	g	textview

应用市场	应用数量	比例
Google Play	279 888	27.7%
Baidu	163 756	16.2%
Anzhi	147 578	14.6%
Pandaapp	228 760	22.7%
Opera	189 422	18.8%
总计	1 009 404	100%

预测值	真实值为Y	真实值为N
Y	TP	FP
N	FN	TN

应用市场	重打包应用比例	国家
Google Play	5.23%	美国
Baidu	2.10%	中国
Anzhi	18.90%	中国
Pandaapp	15.20%	美国
Opera	3.70%	欧洲

重打包应用检测方法	检测速度	检测准确率	计算资源开销
基于代码克隆检测	慢	高	大
基于资源文件检测	快	低	中
本文方法	快	高	小

SPRD：基于应用UI和程序依赖图的Android重打包应用快速检测方法

SPRD:fast application repackaging detection approach in Android based on application’s UI and program dependency graph

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 14

参考文献 41

相关文章 3

Metrics

推荐阅读 0

[1]	汪润,唐奔宵,王丽娜. DeepRD：基于Siamese LSTM网络的Android重打包应用检测方法[J]. 通信学报, 2018, 39(8): 69-82.
[2]	罗军舟,金嘉晖,宋爱波,东方. 云计算：体系架构与关键技术[J]. 通信学报, 2011, 32(7): 3-21.
[3]	冯仕红,鹿旭东,万建成. 基于模型的多设备用户界面设计[J]. 通信学报, 2006, 27(11): 55-59.