FSquaDRA: Fast detection of repackaged applications

Yury Zhauniarovich; Olga Gadyatskaya; Bruno Crispo; Francesco La Spina; Ermanno Moser

doi:10.1007/978-3-662-43936-4_9

FSquaDRA: Fast detection of repackaged applications

Yury Zhauniarovich, Olga Gadyatskaya, Bruno Crispo, Francesco La Spina, Ermanno Moser

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

22 Citations (Scopus)

Abstract

The ease of Android applications repackaging and proliferation of application clones in Google Play and other markets call for new effective techniques to detect repackaged code and combat distribution of cloned applications. Today all existing techniques for repackaging detection are based on code similarity or feature (e.g., permission set) similarity evaluation. We propose a new approach to detect repackaging based on the resource files available in application packages. Our tool called FSquaDRA performs a quick pairwise application comparison (full pairwise comparison for 55,000 applications in just 80 hours on a laptop), as it measures how many identical resources are present inside both packages under analysis. The intuition behind our approach is that malicious repackaged applications still need to maintain the "look and feel" of the originals by including the same images and other resource files, even though they might have additional code included or some of the original code removed. To evaluate the reliability of our approach we perform a comparison of the FSquaDRA similarity scores with the code-based similarity scores of AndroGuard for a dataset of randomly selected application pairs, and our results demonstrate strong positive correlation of the FSquaDRA resource-based score with the code-based similarity score.

Original language	English
Title of host publication	Data and Applications Security and Privacy XXVIII - 28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Proceedings
Publisher	Springer Verlag
Pages	130-145
Number of pages	16
ISBN (Print)	9783662439357
DOIs	https://doi.org/10.1007/978-3-662-43936-4_9
Publication status	Published - 1 Jan 2014
Externally published	Yes
Event	28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, DBSEC 2014 - Vienna, Austria Duration: 14 Jul 2014 → 16 Jul 2014

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	8566 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, DBSEC 2014
Country	Austria
City	Vienna
Period	14/7/14 → 16/7/14

Fingerprint

Keywords

Mobile applications
Repackaging
Smartphones

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Cite this

Zhauniarovich, Y., Gadyatskaya, O., Crispo, B., La Spina, F., & Moser, E. (2014). FSquaDRA: Fast detection of repackaged applications. In Data and Applications Security and Privacy XXVIII - 28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Proceedings (pp. 130-145). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8566 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-662-43936-4_9

FSquaDRA : Fast detection of repackaged applications. / Zhauniarovich, Yury; Gadyatskaya, Olga; Crispo, Bruno; La Spina, Francesco; Moser, Ermanno.

Data and Applications Security and Privacy XXVIII - 28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Proceedings. Springer Verlag, 2014. p. 130-145 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8566 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Zhauniarovich, Y, Gadyatskaya, O, Crispo, B, La Spina, F & Moser, E 2014, FSquaDRA: Fast detection of repackaged applications. in Data and Applications Security and Privacy XXVIII - 28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8566 LNCS, Springer Verlag, pp. 130-145, 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, DBSEC 2014, Vienna, Austria, 14/7/14. https://doi.org/10.1007/978-3-662-43936-4_9

Zhauniarovich Y, Gadyatskaya O, Crispo B, La Spina F, Moser E. FSquaDRA: Fast detection of repackaged applications. In Data and Applications Security and Privacy XXVIII - 28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Proceedings. Springer Verlag. 2014. p. 130-145. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-662-43936-4_9

Zhauniarovich, Yury ; Gadyatskaya, Olga ; Crispo, Bruno ; La Spina, Francesco ; Moser, Ermanno. / FSquaDRA : Fast detection of repackaged applications. Data and Applications Security and Privacy XXVIII - 28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Proceedings. Springer Verlag, 2014. pp. 130-145 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{a65b7264559240ae8706fdfa52fa955c,

title = "FSquaDRA: Fast detection of repackaged applications",

abstract = "The ease of Android applications repackaging and proliferation of application clones in Google Play and other markets call for new effective techniques to detect repackaged code and combat distribution of cloned applications. Today all existing techniques for repackaging detection are based on code similarity or feature (e.g., permission set) similarity evaluation. We propose a new approach to detect repackaging based on the resource files available in application packages. Our tool called FSquaDRA performs a quick pairwise application comparison (full pairwise comparison for 55,000 applications in just 80 hours on a laptop), as it measures how many identical resources are present inside both packages under analysis. The intuition behind our approach is that malicious repackaged applications still need to maintain the {"}look and feel{"} of the originals by including the same images and other resource files, even though they might have additional code included or some of the original code removed. To evaluate the reliability of our approach we perform a comparison of the FSquaDRA similarity scores with the code-based similarity scores of AndroGuard for a dataset of randomly selected application pairs, and our results demonstrate strong positive correlation of the FSquaDRA resource-based score with the code-based similarity score.",

keywords = "Mobile applications, Repackaging, Smartphones",

author = "Yury Zhauniarovich and Olga Gadyatskaya and Bruno Crispo and {La Spina}, Francesco and Ermanno Moser",

year = "2014",

month = jan

day = "1",

doi = "10.1007/978-3-662-43936-4_9",

language = "English",

isbn = "9783662439357",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "130--145",

booktitle = "Data and Applications Security and Privacy XXVIII - 28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Proceedings",

note = "28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, DBSEC 2014 ; Conference date: 14-07-2014 Through 16-07-2014",

}

TY - GEN

T1 - FSquaDRA

T2 - 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, DBSEC 2014

AU - Zhauniarovich, Yury

AU - Gadyatskaya, Olga

AU - Crispo, Bruno

AU - La Spina, Francesco

AU - Moser, Ermanno

PY - 2014/1/1

Y1 - 2014/1/1

N2 - The ease of Android applications repackaging and proliferation of application clones in Google Play and other markets call for new effective techniques to detect repackaged code and combat distribution of cloned applications. Today all existing techniques for repackaging detection are based on code similarity or feature (e.g., permission set) similarity evaluation. We propose a new approach to detect repackaging based on the resource files available in application packages. Our tool called FSquaDRA performs a quick pairwise application comparison (full pairwise comparison for 55,000 applications in just 80 hours on a laptop), as it measures how many identical resources are present inside both packages under analysis. The intuition behind our approach is that malicious repackaged applications still need to maintain the "look and feel" of the originals by including the same images and other resource files, even though they might have additional code included or some of the original code removed. To evaluate the reliability of our approach we perform a comparison of the FSquaDRA similarity scores with the code-based similarity scores of AndroGuard for a dataset of randomly selected application pairs, and our results demonstrate strong positive correlation of the FSquaDRA resource-based score with the code-based similarity score.

AB - The ease of Android applications repackaging and proliferation of application clones in Google Play and other markets call for new effective techniques to detect repackaged code and combat distribution of cloned applications. Today all existing techniques for repackaging detection are based on code similarity or feature (e.g., permission set) similarity evaluation. We propose a new approach to detect repackaging based on the resource files available in application packages. Our tool called FSquaDRA performs a quick pairwise application comparison (full pairwise comparison for 55,000 applications in just 80 hours on a laptop), as it measures how many identical resources are present inside both packages under analysis. The intuition behind our approach is that malicious repackaged applications still need to maintain the "look and feel" of the originals by including the same images and other resource files, even though they might have additional code included or some of the original code removed. To evaluate the reliability of our approach we perform a comparison of the FSquaDRA similarity scores with the code-based similarity scores of AndroGuard for a dataset of randomly selected application pairs, and our results demonstrate strong positive correlation of the FSquaDRA resource-based score with the code-based similarity score.

KW - Mobile applications

KW - Repackaging

KW - Smartphones

UR - http://www.scopus.com/inward/record.url?scp=84958537460&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84958537460&partnerID=8YFLogxK

U2 - 10.1007/978-3-662-43936-4_9

DO - 10.1007/978-3-662-43936-4_9

M3 - Conference contribution

AN - SCOPUS:84958537460

SN - 9783662439357

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 130

EP - 145

BT - Data and Applications Security and Privacy XXVIII - 28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Proceedings

PB - Springer Verlag

Y2 - 14 July 2014 through 16 July 2014

ER -

Access to Document

10.1007/978-3-662-43936-4_9