Abstract
Nowadays the security issues of Android applications (apps) are more and more serious. One of the main security threats come from repackaged apps. There already are some researches detecting repackaged apps using similarity measurement. However, so far, all the existing techniques for repackaging detection are based on code similarity or feature (e.g., permission set) similarity evaluation. In this paper, we propose a novel approach called ImageStruct that applies image similarity technique to locate and detect the changes coming from repackaging effectively. ImageStruct performs a quick repackaging detection by considering the similarity of images in target apps. The intuition behind our approach is that the repackaged apps still need to maintain the ”look and feel” of the original apps by including the original images, even they might have their additional code included or some of the original code removed. To prove the effectiveness and evaluate the reliability of our approach, we carry out the compare experiments between ImageStruct and the code based similarity scores of AndroGuard. The results demonstrate that ImageStruct is not only with good performance and scalability, but also able to resistant to code obfuscation.
An erratum for this chapter can be found at http://dx.doi.org/10.1007/978-3-319-17533-1_39
An erratum to this chapter can be found at http://dx.doi.org/10.1007/978-3-319-17533-1_39
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Strategy Analytics. Strategy analytics: 85% of phones shipped last quarter run android (2014), http://bgr.com/2014/07/31/android-vs-ios-vs-windows-phone-vs-blackberry/
anthony.desnos@gmail.com. Androguard: Reverse engineering, malware and goodware analysis of android applications (2013), https://code.google.com/p/androguard/
AppBrain. Number of android applications (2014), http://www.appbrain.com/stats/number-of-android-apps
Cilibrasi, R., Vitanyi, P.M.B.: Clustering by compression. IEEE Transactions on Information Theory 51(4), 1523–1545 (2005)
Crussell, J., Gibler, C., Chen, H.: Attack of the clones: Detecting cloned applications on android markets. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 37–54. Springer, Heidelberg (2012), http://dx.doi.org/10.1007/978-3-642-33167-1_3
Desnos, A.: Android: Static analysis using similarity distance. In: 2012 45th Hawaii International Conference on System Science (HICSS), pp. 5394–5403 (January 2012)
Evan, K., David, S.: Phash (2014), http://www.phash.org/
Hanna, S., Huang, L., Wu, E., Li, S., Chen, C., Song, D.: Juxtapp: A scalable system for detecting code reuse among android applications. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 62–81. Springer, Heidelberg (2013), http://dx.doi.org/10.1007/978-3-642-37300-8_4
Hu, W., Tao, J., Ma, X., Zhou, W., Zhao, S., Han, T.: Migdroid: Detecting app-repackaging android malware via method invocation graph. In: 2014 23rd International Conference on Computer Communication and Networks (ICCCN), pp. 1–7 (August 2014)
Huang, H., Zhu, S., Liu, P., Wu, D.: A framework for evaluating mobile app repackaging detection algorithms. In: Huth, M., Asokan, N., Čapkun, S., Flechais, I., Coles-Kemp, L. (eds.) TRUST 2013. LNCS, vol. 7904, pp. 169–186. Springer, Heidelberg (2013)
Google Inc. Android dvelopment guide: Signing your applications (2014), http://developer.android.com/guide/publishing/app-signing.html
Oracle Inc. Mysql (2014), http://www.mysql.com/
Symantec Inc. Android threats getting steamy (May 7 (2011), http://www.symantec.com/connect/blogs/android-threats-getting-steamy
J. Craig Venter Institute. Sift (2014), http://sift.jcvi.org/
Li, S.: Juxtapp and DStruct: Detection of Similarity Among Android Applications. PhD thesis, EECS Department, University of California, Berkeley (2012)
Oberheide, J.: Dissecting the android bouncer (2012), https://jon.oberheide.org/files/summercon12-bouncer.pdf
Sanfilippo, S.: Redis (2014), http://redis.io/topics/sponsors
Studios, H.: Fruit ninja (2013), http://halfbrick.com/
Ulrich, B., Paolo, M.C., Clemens, H., Christopher, K., Engin, K.: Scalable, behavior-based malware clustering. In: Proceedings of Network and Distributed System Security Symposium 2009. Citeseer (2009)
Wikipedia. Color histogram (2014), http://en.wikipedia.org/wiki/Color_histogram
Zhou, W., Zhou, Y., Grace, M., Jiang, X., Zou, S.: Fast, scalable detection of “piggybacked” mobile applications. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, pp. 185–196. ACM (2013)
Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy, pp. 317–326. ACM (2012)
Zhou, Y., Jiang, X.: Dissecting android malware: Characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95–109 (May 2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Jiao, S., Cheng, Y., Ying, L., Su, P., Feng, D. (2015). A Rapid and Scalable Method for Android Application Repackaging Detection. In: Lopez, J., Wu, Y. (eds) Information Security Practice and Experience. ISPEC 2015. Lecture Notes in Computer Science(), vol 9065. Springer, Cham. https://doi.org/10.1007/978-3-319-17533-1_24
Download citation
DOI: https://doi.org/10.1007/978-3-319-17533-1_24
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17532-4
Online ISBN: 978-3-319-17533-1
eBook Packages: Computer ScienceComputer Science (R0)