Evaluation of resource-based app repackaging detection in android

Olga Gadyatskaya, Andra Lidia Lezza, Yury Zhauniarovich

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)

Abstract

Android app repackaging threatens the health of application markets, as repackaged apps, besides stealing revenue for honest developers, are also a source of malware distribution. Techniques that rely on visual similarity of Android apps recently emerged as a way to tackle the repackaging detection problem, as code-based detection techniques often fail in terms of efficiency, and effectiveness when obfuscation is applied [19,21]. Among such techniques, the resource-based repackaging detection approach that compares sets of files included in apks has arguably the best performance [10,17,20]. Yet, this approach has not been previously validated on a dataset of repackaged apps. In this paper we report on our evaluation of the approach, and present substantial improvements to it. Our experiments show that the stateof- art tools applying this technique rely on too restrictive thresholds. Indeed, we demonstrate that a very low proportion of identical resource files in two apps is a reliable evidence for repackaging. Furthermore, we have shown that the Overlap similarity score performs better than the Jaccard similarity coefficient used in previous works. By applying machine learning techniques, we give evidence that considering separately the included resource file types significantly improves the detection accuracy of the method. Experimenting with a balanced dataset of more than 2700 app pairs, we show that with our enhancements it is possible to achieve the F-measure of 0. 9919.

Original languageEnglish
Title of host publicationSecure IT Systems - 21st Nordic Conference, NordSec 2016, Proceedings
PublisherSpringer Verlag
Pages135-151
Number of pages17
ISBN (Print)9783319475592
DOIs
Publication statusPublished - 1 Jan 2016
Event21st Nordic Conference on Secure IT Systems, NordSec 2016 - Oulu, Finland
Duration: 2 Nov 20164 Nov 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10014 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other21st Nordic Conference on Secure IT Systems, NordSec 2016
CountryFinland
CityOulu
Period2/11/164/11/16

    Fingerprint

Keywords

  • Android security
  • Repackaging
  • Resource files

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Gadyatskaya, O., Lezza, A. L., & Zhauniarovich, Y. (2016). Evaluation of resource-based app repackaging detection in android. In Secure IT Systems - 21st Nordic Conference, NordSec 2016, Proceedings (pp. 135-151). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10014 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-47560-8_9