SPRD：基于应用UI和程序依赖图的Android重打包应用快速检测方法

doi:10.11959/j.issn.1000-436x.2018045

Abstract

Abstract:

A two stage detection approach which combine application’s UI and program code based on the observation that repackaging applications merely modify the structure of their user interface was proposed.Firstly,a fast hash similarity detection technique based on an abstracted representation of UI to identify the potential visual-similar repackaging applications was designed.Secondly,program dependency graph is used to represent as the feature of app to achieve fine-grained and precise code clone detection.A prototype system,SPRD,was implemented based on the proposed approach.Experimental results show that the proposed approach achieves a good performance in both scalability and accuracy,and can be effectively applied in millions of applications and billions of code detection.

Key words: repackaging, code clone, user interface, program dependency graph, security and privacy

CLC Number:

TP309.1

Run WANG,Li’na WANG,Benxiao TANG,Lei ZHAO. SPRD:fast application repackaging detection approach in Android based on application’s UI and program dependency graph[J]. Journal on Communications, 2018, 39(3): 159-171.

Figures/Tables 14

References 41

[1]	ZHOU Y , JIANG X . Dissecting Android malware:characterization and evolution[C]// IEEE Symposium on Security and Privacy (SP). 2012: 95-109.
[2]	ACAR Y , BACKES M , BUGIEL S ,et al. Sok:lessons learned from Android security research for appified software platforms[C]// 2016 IEEE Symposium on Security and Privacy (SP). 2016: 433-451.
[3]	XU M , SONG C , JI Y ,et al. Toward engineering a secure Android ecosystem:a survey of existing techniques[J]. ACM Computing Surveys (CSUR), 2016,49(2): 38.
[4]	ZHOU W , ZHOU Y , JIANG X ,et al. Detecting repackaged smartphone applications in third-party Android marketplaces[C]// The second ACM conference on Data and Application Security and Privacy. 2012: 317-326.
[5]	HANNA S , HUANG L , WU E ,et al. Juxtapp:a scalable system for detecting code reuse among Android applications[C]// International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment. 2012: 62-81.
[6]	CRUSSELL J , GIBLER C , CHEN H . Attack of the clones:detecting cloned applications on Android markets[C]// European Symposium on Research in Computer Security. 2012: 37-54.
[7]	WANG H , GUO Y , MA Z ,et al. Wukong:a scalable and accurate two-phase approach to Android app clone detection[C]// The 2015 International Symposium on Software Testing and Analysis. 2015: 71-82.
[8]	王浩宇, 王仲禹, 郭耀 ,等. 基于代码克隆检测技术的 Android 应用重打包检测[J]. 中国科学:信息科学, 2014,44(1): 142-157.
	WANG H Y , WANG Z Y , GUO Y ,et al. Detecting repackaged Android applications based on code clone detection technique[J]. Science China Information Sciences, 2014,44(1): 142-157.
[9]	ZHANG F , HUANG H , ZHU S ,et al. ViewDroid:towards obfuscation-resilient mobile application repackaging detection[C]// The 2014 ACM Conference on Security and Privacy in Wireless ＆ Mobile Networks. 2014: 25-36.
[10]	SUN M , LI M , LUI J . Droideagle:seamless detection of visually similar Android apps[C]// The 8th ACM Conference on Security ＆Privacy in Wireless and Mobile Networks. 2015:9.
[11]	焦四辈, 应凌云, 杨轶 ,等. 一种抗混淆的大规模 Android 应用相似性检测方法[J]. 计算机研究与发展, 2014,51(7): 1446-1457.
	JIAO S B , YING L Y , YANG Y ,et al. An anti-obfuscation method for detecting similarity among Android applications in large scale[J]. Journal of Computer Research and Development, 2014,51(7): 1446-1457.
[12]	卿斯汉 . Android 安全研究进展[J]. 软件学报, 2016,27(1): 45-71.
	QING S H . Research progress on Android security[J]. Journal of Software, 2016,27(1): 45-71.
[13]	文伟平, 梅瑞, 宁戈 ,等. Android 恶意软件检测技术分析和应用研究[J]. 通信学报, 2014,35(8): 78-86.
	WEN W P , MEI R , NING G ,et al. Malware detection technology analysis and applied research of Android platform[J]. Journal on Communications, 2014,35(8): 78-86.
[14]	张玉清, 王凯, 杨欢 ,等. Android 安全综述[J]. 计算机研究与发展, 2014,51(7): 1385-1396.
	ZHANG Y Q , WANG K , YANG H ,et al. Survey of Android OS security[J]. Journal of Computer Research and Development, 2014,51(7): 1385-1396.
[15]	李挺, 董航, 袁春阳 ,等. 基于 Dalvik 指令的 Android恶意代码特征描述及验证[J]. 计算机研究与发展, 2014,51(7): 1458-1466.
	LI T , DONG H , YUAN C Y ,et al. Description of Android malware feature based on Dalvik instructions[J]. Journal of Computer Research and Development, 2014,51(7): 1458-1466.
[16]	张玉清, 方喆君, 王凯 ,等. Android 安全漏洞挖掘技术综述[J]. 计算机研究与发展, 2015,52(10): 2167-2177.
	ZHANG Y Q , FANG Z J , WANG K ,et al. Survey of Android vulnerability detection[J]. Journal of Computer Research and Development, 2015,52(10): 2167-2177.
[17]	杨威, 肖旭生, 李邓锋 ,等. 移动应用安全解析学:成果与挑战[J]. 信息安全学报, 2016,1(2): 1-14.
	YANG W , XIAO X S , LI D F ,et al. Security analytics for mobile apps:achievements and challenges[J]. Journal of Cyber Security, 2016,1(2): 1-14.
[18]	刘新宇, 翁健, 张悦 ,等. 基于 APK 签名信息反馈的 Android 恶意应用检测[J]. 通信学报, 2017,38(5): 190-198.
	LIU X Y , WENG J , ZHANG Y ,et al. Android malware detection based on APK signature information feedback[J]. Journal on Communications, 2017,38(5): 190-198.
[19]	FAN M , LIU J , WANG W ,et al. DAPASA:detecting Android piggybacked apps through sensitive subgraph analysis[J]. IEEE Transactions on Information Forensics and Security, 2017,12(8): 1772-1785.
[20]	杨欢, 张玉清, 胡予濮 ,等. 基于多类特征的 Android 应用恶意行为检测系统[J]. 计算机学报, 2014,37(1): 15-27.
	YANG H , ZHANG Y Q , HU Y P ,et al. A malware behavior detection system of Android applications based on multi-class features[J]. Chinese Journal of Computers, 2014,37(1): 15-27.
[21]	ARP D , SPREITZENBARTH M , HUBNER M ,et al. DREBIN:effective and explainable detection of Android malware in your pocket[C]// NDSS. 2014.
[22]	YAN L K , YIN H . DroidScope:seamlessly reconstructing the os and dalvik semantic views for dynamic Android malware analysis[C]// USENIX Security Symposium. 2012: 569-584.
[23]	ARZT S , RASTHOFER S , FRITZ C ,et al. Flowdroid:precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for Android apps[J]. ACM Sigplan Notices, 2014,49(6): 259-269.
[24]	ENCK W , GILBERT P , HAN S ,et al. TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones[J]. ACM Transactions on Computer Systems (TOCS), 2014,32(2): 5.
[25]	许艳萍, 马兆丰, 王中华 ,等. Android 智能终端安全综述[J]. 通信学报, 2016,37(6): 169-174.
	XU Y P , MA Z F , WANG Z H ,et al. Survey of security for Android smart terminal[J]. Journal on Communications, 2016,37(6): 169-174.
[26]	LI L , LI D , BISSYANDE T F ,et al. Understanding Android App piggybacking[C]// The 39th International Conference on Software Engineering Companion. 2017: 359-361.
[27]	REAVES B , BOWERS J , GORSKI III S A ,et al. Android:assessment and evaluation of Android application analysis tools[J]. ACM Computing Surveys (CSUR), 2016,49(3): 55.
[28]	GONZALEZ H , STAKHANOVA N , GHORBANI A A . Droidkin:lightweight detection of Android apps similarity[C]// International Conference on Security and Privacy in Communication Systems. 2014: 436-453.
[29]	KIM D , GOKHALE A , GANAPATHY V ,et al. Detecting plagiarized mobile apps using API birthmarks[J]. Automated Software Engineering, 2016,23(4): 591-618.
[30]	CHEN K , LIU P , ZHANG Y . Achieving accuracy and scalability simultaneously in detecting application clones on Android markets[C]// The 36th International Conference on Software Engineering. 2014: 175-186.
[31]	CHEN K , WANG P , LEE Y ,et al. Finding unknown malice in 10 seconds:mass vetting for new threats at the Google-Play Scale[C]// USENIX Security. 2015:15.
[32]	ZHOU W , ZHOU Y , GRACE M ,et al. Fast,scalable detection of piggybacked mobile applications[C]// The Third ACM Conference on Data and Application Security and Privacy. 2013: 185-196.
[33]	CRUSSELL J , GIBLER C , CHEN H . Andarwin:scalable detection of semantically similar Android applications[C]// European Symposium on Research in Computer Security. 2013: 182-199.
[34]	SHAO Y , LUO X , QIAN C ,et al. Towards a scalable resource-driven approach for detecting repackaged Android applications[C]// The 30th Annual Computer Security Applications Conference. 2014: 56-65.
[35]	GADYATSKAYA O , LEZZA A L , ZHAUNIAROVICH Y . Evaluation of resource-based App repackaging detection in Android[C]// Nordic Conference on Secure IT Systems. 2016: 135-151.
[36]	SOH C , TAN H B K , ARNATOVICH Y L ,et al. Detecting clones in Android applications through analyzing user interfaces[C]// The 2015 IEEE 23rd International Conference on Program Comprehension. 2015: 163-173.
[37]	CORDELLA L P , FOGGIA P , SANSONE C ,et al. A (sub) graph isomorphism algorithm for matching large graphs[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2004,26(10): 1367-1372.
[38]	LI M , WANG W , WANG P ,et al. Libd:scalable and precise third-party library detection in Android markets[C]// The 39th International Conference on Software Engineering. 2017: 335-346.
[39]	LIU C , CHEN C , HAN J ,et al. GPLAG:detection of software plagiarism by program dependence graph analysis[C]// The 12th ACM SIGKDD International Conference On Knowledge Discovery And Data Mining. 2006: 872-881.
[40]	LI L , BISSYANDé T F , KLEIN J ,et al. An investigation into the use of common libraries in Android apps[C]// 2016 IEEE 23rd International Conference on Software Analysis,Evolution,and Reengineering (SANER). 2016: 403-414.
[41]	LAM P , BODDEN E , LHOTAK O ,et al. The soot framework for Java program analysis:a retrospective[C]// Cetus Users and Compiler Infrastructure Workshop (CETUS 2011). 2011.

Metrics

Recommended 0

No Suggested Reading articles found!

ID	层次	父节点	节点抽象表示
a	1	#	linearlayout
b	2	a	relativelayout
c	3	b	imageview
d	3	b	linearlayout
e	3	b	relativelayout
f	3	b	textview
g	4	d	linearlayout
h	4	e	button
i	4	e	progressbar
j	5	g	textview
k	5	g	textview
l	5	g	textview

应用市场	应用数量	比例
Google Play	279 888	27.7%
Baidu	163 756	16.2%
Anzhi	147 578	14.6%
Pandaapp	228 760	22.7%
Opera	189 422	18.8%
总计	1 009 404	100%

预测值	真实值为Y	真实值为N
Y	TP	FP
N	FN	TN

应用市场	重打包应用比例	国家
Google Play	5.23%	美国
Baidu	2.10%	中国
Anzhi	18.90%	中国
Pandaapp	15.20%	美国
Opera	3.70%	欧洲

重打包应用检测方法	检测速度	检测准确率	计算资源开销
基于代码克隆检测	慢	高	大
基于资源文件检测	快	低	中
本文方法	快	高	小

SPRD:fast application repackaging detection approach in Android based on application’s UI and program dependency graph

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 14

References 41

Related Articles 3

Metrics

Recommended 0

[1]	Run WANG,Benxiao TANG,Li’na WANG. DeepRD:LSTM-based Siamese network for Android repackaged applications detection [J]. Journal on Communications, 2018, 39(8): 69-82.
[2]	Jun-zhou LUO,Jia-hui JIN,Ai-bo SONG,Fang DONG. Cloud computing:architecture and key technologies [J]. Journal on Communications, 2011, 32(7): 3-21.
[3]	Shi-hong FENG,Xu-dong LU,Jian-cheng WAN. Model based multi-devices user interface design [J]. Journal on Communications, 2006, 27(11): 55-59.