Abstract
The ease of Android applications repackaging and proliferation of application clones in Google Play and other markets call for new effective techniques to detect repackaged code and combat distribution of cloned applications. Today all existing techniques for repackaging detection are based on code similarity or feature (e.g., permission set) similarity evaluation. We propose a new approach to detect repackaging based on the resource files available in application packages. Our tool called FSquaDRA performs a quick pairwise application comparison (full pairwise comparison for 55,000 applications in just 80 hours on a laptop), as it measures how many identical resources are present inside both packages under analysis. The intuition behind our approach is that malicious repackaged applications still need to maintain the "look and feel" of the originals by including the same images and other resource files, even though they might have additional code included or some of the original code removed. To evaluate the reliability of our approach we perform a comparison of the FSquaDRA similarity scores with the code-based similarity scores of AndroGuard for a dataset of randomly selected application pairs, and our results demonstrate strong positive correlation of the FSquaDRA resource-based score with the code-based similarity score.
Original language | English |
---|---|
Title of host publication | Data and Applications Security and Privacy XXVIII - 28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Proceedings |
Publisher | Springer Verlag |
Pages | 130-145 |
Number of pages | 16 |
ISBN (Print) | 9783662439357 |
DOIs | |
Publication status | Published - 1 Jan 2014 |
Externally published | Yes |
Event | 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, DBSEC 2014 - Vienna, Austria Duration: 14 Jul 2014 → 16 Jul 2014 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 8566 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Other
Other | 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, DBSEC 2014 |
---|---|
Country | Austria |
City | Vienna |
Period | 14/7/14 → 16/7/14 |
Fingerprint
Keywords
- Mobile applications
- Repackaging
- Smartphones
ASJC Scopus subject areas
- Theoretical Computer Science
- Computer Science(all)
Cite this
FSquaDRA : Fast detection of repackaged applications. / Zhauniarovich, Yury; Gadyatskaya, Olga; Crispo, Bruno; La Spina, Francesco; Moser, Ermanno.
Data and Applications Security and Privacy XXVIII - 28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Proceedings. Springer Verlag, 2014. p. 130-145 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8566 LNCS).Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - FSquaDRA
T2 - Fast detection of repackaged applications
AU - Zhauniarovich, Yury
AU - Gadyatskaya, Olga
AU - Crispo, Bruno
AU - La Spina, Francesco
AU - Moser, Ermanno
PY - 2014/1/1
Y1 - 2014/1/1
N2 - The ease of Android applications repackaging and proliferation of application clones in Google Play and other markets call for new effective techniques to detect repackaged code and combat distribution of cloned applications. Today all existing techniques for repackaging detection are based on code similarity or feature (e.g., permission set) similarity evaluation. We propose a new approach to detect repackaging based on the resource files available in application packages. Our tool called FSquaDRA performs a quick pairwise application comparison (full pairwise comparison for 55,000 applications in just 80 hours on a laptop), as it measures how many identical resources are present inside both packages under analysis. The intuition behind our approach is that malicious repackaged applications still need to maintain the "look and feel" of the originals by including the same images and other resource files, even though they might have additional code included or some of the original code removed. To evaluate the reliability of our approach we perform a comparison of the FSquaDRA similarity scores with the code-based similarity scores of AndroGuard for a dataset of randomly selected application pairs, and our results demonstrate strong positive correlation of the FSquaDRA resource-based score with the code-based similarity score.
AB - The ease of Android applications repackaging and proliferation of application clones in Google Play and other markets call for new effective techniques to detect repackaged code and combat distribution of cloned applications. Today all existing techniques for repackaging detection are based on code similarity or feature (e.g., permission set) similarity evaluation. We propose a new approach to detect repackaging based on the resource files available in application packages. Our tool called FSquaDRA performs a quick pairwise application comparison (full pairwise comparison for 55,000 applications in just 80 hours on a laptop), as it measures how many identical resources are present inside both packages under analysis. The intuition behind our approach is that malicious repackaged applications still need to maintain the "look and feel" of the originals by including the same images and other resource files, even though they might have additional code included or some of the original code removed. To evaluate the reliability of our approach we perform a comparison of the FSquaDRA similarity scores with the code-based similarity scores of AndroGuard for a dataset of randomly selected application pairs, and our results demonstrate strong positive correlation of the FSquaDRA resource-based score with the code-based similarity score.
KW - Mobile applications
KW - Repackaging
KW - Smartphones
UR - http://www.scopus.com/inward/record.url?scp=84958537460&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84958537460&partnerID=8YFLogxK
U2 - 10.1007/978-3-662-43936-4_9
DO - 10.1007/978-3-662-43936-4_9
M3 - Conference contribution
AN - SCOPUS:84958537460
SN - 9783662439357
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 130
EP - 145
BT - Data and Applications Security and Privacy XXVIII - 28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Proceedings
PB - Springer Verlag
ER -