Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

A Framework for Evaluating Mobile App Repackaging Detection Algorithms

  • Conference paper
Trust and Trustworthy Computing (Trust 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7904))

Included in the following conference series:

Abstract

Because it is not hard to reverse engineer the Dalvik bytecode used in the Dalvik virtual machine, Android application repackaging has become a serious problem. With repackaging, a plagiarist can simply steal others’ code violating the intellectual property of the developers. More seriously, after repackaging, popular apps can become the carriers of malware, adware or spy-ware for wide spreading. To maintain a healthy app market, several detection algorithms have been proposed recently, which can catch some types of repackaged apps in various markets efficiently. However, they are generally lack of valid analysis on their effectiveness. After analyzing these approaches, we find simple obfuscation techniques can potentially cause false negatives, because they change the main characteristics or features of the apps that are used for similarity detections. In practice, more sophisticated obfuscation techniques can be adopted (or have already been performed) in the context of mobile apps. We envision this obfuscation based repackaging will become a phenomenon due to the arms race between repackaging and its detection. To this end, we propose a framework to evaluate the obfuscation resilience of repackaging detection algorithms comprehensively. Our evaluation framework is able to perform a set of obfuscation algorithms in various forms on the Dalvik bytecode. Our results provide insights to help gauge both broadness and depth of algorithms’ obfuscation resilience. We applied our framework to conduct a comprehensive case study on AndroGuard, an Android repackaging detector proposed in Black-hat 2011. Our experimental results have demonstrated the effectiveness and stability of our framework.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Android Apktool: A tool for reengineering android apk files, http://code.google.com/p/android-apktool/

  2. Dalvik virtual machine: code and documentation, http://code.google.com/p/dalvik/

  3. Dasho, preemptive solutions, http://www.preemptive.com/products/dasho

  4. Dex2jar, http://code.google.com/p/dex2jar/

  5. Dexguard, http://www.saikoa.com/dexguard

  6. Dexobf, http://dexlabs.org/blog/bytecode-obfuscation

  7. Dx tool source code, http://grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android/4.1.2_r1/com/android/dx/ssa/

  8. Gartner says android to command nearly half of worldwide smartphone operating system market by year-end 2012, http://www.gartner.com/it/page.jsp?id=1622614

  9. Klassmaster, http://www.zelix.com/klassmaster/docs/index.html

  10. Oracle Virtual Machine, https://wikis.oracle.com/display/MaxineVM/Home/

  11. ProGuard, http://proguard.sourceforge.net/

  12. Smali/Baksmali, http://code.google.com/p/smali/

  13. Soot: a Java optimization framework, http://www.sable.mcgill.ca/soot/

  14. Wala, http://wala.sourceforge.net/wiki/index.php/

  15. Byte code engineering library (bcel), http://sourceforge.net/projects/javaclass/

  16. Ceccato, M., Di Penta, M., Nagra, J., Falcarin, P., Ricca, F., Torchiano, M., Tonella, P.: Towards experimental evaluation of code obfuscation techniques. In: Proceedings of the 4th ACM Workshop on Quality of Protection, QoP 2008, pp. 39–46. ACM, New York (2008), http://doi.acm.org/10.1145/1456362.1456371

    Google Scholar 

  17. Collberg, C., Myles, G., Huntwork, A.: Sandmarks a tool for software protection research. IEEE Security and Privacy 1(4), 40–49 (2003)

    Article  Google Scholar 

  18. Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical report (1997)

    Google Scholar 

  19. Crussell, J., Gibler, C., Chen, H.: Attack of the clones: Detecting cloned applications on android markets. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 37–54. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  20. Desnos, A., Gueguen, G.: Android: From reversing to decompilation. In: Black Hat 2011, Abu Dhabi (2011)

    Google Scholar 

  21. Jhi, Y.-C., Wang, X., Jia, X., Zhu, S., Liu, P., Wu, D.: Value-based program characterization and its application to software plagiarism detection. In: Proceedings of the 33rd International Conference on Software Engineering, pp. 756–765. ACM (2011)

    Google Scholar 

  22. Karnick, M., Macbride, J., Mcginnis, S., Tang, Y., Ramach, R.: A qualitative analysis of Java obfuscation

    Google Scholar 

  23. Li, S.: Juxtapp: A scalable system for detecting code reuse among android applications. Master’s thesis, EECS Department, University of California, Berkeley (May 2012), http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-111.html

  24. Octeau, D., Enck, W., McDaniel, P.: The ded Decompiler. Technical Report NAS-TR-0140-2010, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA (September 2010), http://siis.cse.psu.edu/ded/papers/NAS-TR-0140-2010.pdf

  25. Octeau, D., Jha, S., McDaniel, P.: Retargeting Android Applications to Java Bytecode. In: Proceedings of the 20th International Symposium on the Foundations of Software Engineering (November 2012), http://siis.cse.psu.edu/dare/papers/octeau-fse12.pdf

  26. Wang, X., Jhi, Y.-C., Zhu, S., Liu, P.: Detecting software theft via system call based birthmarks. In: Annual Computer Security Applications Conference, ACSAC 2009, pp. 149–158. IEEE (2009)

    Google Scholar 

  27. Xu, R., Saıdi, H., Anderson, R.: Aurasium: Practical policy enforcement for android applications. In: Proceedings of the 21st USENIX Conference on Security (2012)

    Google Scholar 

  28. You, I., Yim, K.: Malware obfuscation techniques: A brief survey. In: Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and Applications (2010)

    Google Scholar 

  29. Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of the Second ACM Conference on Data and Application Security and Privacy, CODASPY 2012, pp. 317–326. ACM, New York (2012)

    Chapter  Google Scholar 

  30. Zhou, Y., Jiang, X.: Dissecting android malware: Characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy, SP, pp. 95–109. IEEE (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The Pennsylvania State University, USA

    Heqing Huang, Sencun Zhu, Peng Liu & Dinghao Wu

Authors
  1. Heqing Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sencun Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dinghao Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Imperial College London, SW7 2AZ, London, United Kingdom

    Michael Huth

  2. Nokia Research Center, Helsinki, Finland

    N. Asokan

  3. Department of Computer Science, ETH Zurich, Switzerland

    Srdjan ÄŚapkun

  4. University of Oxford, UK

    Ivan Flechais

  5. Information Security Group, Royal Holloway University of London, TW20 0EX, Egham, Surrey, UK

    Lizzie Coles-Kemp

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Huang, H., Zhu, S., Liu, P., Wu, D. (2013). A Framework for Evaluating Mobile App Repackaging Detection Algorithms. In: Huth, M., Asokan, N., ÄŚapkun, S., Flechais, I., Coles-Kemp, L. (eds) Trust and Trustworthy Computing. Trust 2013. Lecture Notes in Computer Science, vol 7904. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38908-5_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38908-5_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38907-8

  • Online ISBN: 978-3-642-38908-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation