SPRD：基于应用UI和程序依赖图的Android重打包应用快速检测方法

汪润; 王丽娜; 唐奔宵; 赵磊

doi:10.11959/j.issn.1000-436x.2018045

您当前的位置：

首页 >

文章列表页 >

SPRD：基于应用UI和程序依赖图的Android重打包应用快速检测方法

论文Ⅱ：学术论文 | 更新时间：2024-06-05

- SPRD：基于应用UI和程序依赖图的Android重打包应用快速检测方法
- SPRD:fast application repackaging detection approach in Android based on application’s UI and program dependency graph
- 通信学报 2018年39卷第3期页码：159-171
- 作者机构：
  
  1. 武汉大学空天信息安全与可信计算教育部重点实验室，湖北武汉 430072
  2. 武汉大学计算机学院，湖北武汉 430072
  3. 武汉大学国家网络安全学院，湖北武汉 430072
- 作者简介：
  
  [ "汪润（1991-），男，安徽安庆人，武汉大学博士生，主要研究方向为 Android 安全与隐私、系统安全等。" ]
  [ "王丽娜（1964-），女，辽宁营口人，博士，武汉大学教授、博士生导师，主要研究方向为系统安全、网络安全、信息隐藏等。" ]
  [ "唐奔宵（1991-），男，湖北黄石人，武汉大学博士生，主要研究方向为移动安全与隐私、系统安全等。" ]
  [ "赵磊（1985-），男，山东菏泽人，博士，武汉大学副教授、硕士生导师，主要研究方向为软件安全、系统安全等。" ]
- 基金信息：
  
  国家自然科学基金资助项目(U1536204);国家自然科学基金资助项目(61672394);国家自然科学基金资助项目(61373169);国家自然科学基金资助项目(61672393);国家高技术研究发展计划（“863”计划）基金资助项目(2015AA016004)
- DOI：10.11959/j.issn.1000-436x.2018045
  中图分类号： TP309.1
- 网络出版日期：2018-03，
  
  纸质出版日期：2018-03-25
- 稿件说明：
移动端阅览
汪润, 王丽娜, 唐奔宵, 等. SPRD：基于应用UI和程序依赖图的Android重打包应用快速检测方法[J]. 通信学报, 2018,39(3):159-171.

Run WANG, Li’na WANG, Benxiao TANG, et al. SPRD:fast application repackaging detection approach in Android based on application’s UI and program dependency graph[J]. Journal on communications, 2018, 39(3): 159-171.
汪润, 王丽娜, 唐奔宵, 等. SPRD：基于应用UI和程序依赖图的Android重打包应用快速检测方法[J]. 通信学报, 2018,39(3):159-171. DOI： 10.11959/j.issn.1000-436x.2018045.

Run WANG, Li’na WANG, Benxiao TANG, et al. SPRD:fast application repackaging detection approach in Android based on application’s UI and program dependency graph[J]. Journal on communications, 2018, 39(3): 159-171. DOI： 10.11959/j.issn.1000-436x.2018045.

摘要

研究发现重打包应用通常不修改应用用户交互界面（UI

user interface）的结构，提出一种基于应用 UI和程序代码的两阶段检测方法。首先，设计了一种基于UI抽象表示的散列快速相似性检测方法，识别UI相似的可疑重打包应用；然后，使用程序依赖图作为应用特征表示，实现细粒度、精准的代码克隆检测。基于所提方法实现了一种原型系统——SPRD（scalable and precise repacking detection），实验验证所提方法具有良好的可扩展性和准确性，可以有效地应用于百万级应用和亿万级代码的大规模应用市场。

Abstract

A two stage detection approach which combine application’s UI and program code based on the observation that repackaging applications merely modify the structure of their user interface was proposed.Firstly

a fast hash similarity detection technique based on an abstracted representation of UI to identify the potential visual-similar repackaging applications was designed.Secondly

program dependency graph is used to represent as the feature of app to achieve fine-grained and precise code clone detection.A prototype system

SPRD

was implemented based on the proposed approach.Experimental results show that the proposed approach achieves a good performance in both scalability and accuracy

and can be effectively applied in millions of applications and billions of code detection.

关键词

Keywords

references

ZHOU Y , JIANG X . Dissecting Android malware:characterization and evolution [C ] // IEEE Symposium on Security and Privacy (SP) . 2012 : 95 - 109 .

ACAR Y , BACKES M , BUGIEL S , et al . Sok:lessons learned from Android security research for appified software platforms [C ] // 2016 IEEE Symposium on Security and Privacy (SP) . 2016 : 433 - 451 .

XU M , SONG C , JI Y , et al . Toward engineering a secure Android ecosystem:a survey of existing techniques [J ] . ACM Computing Surveys (CSUR) , 2016 , 49 ( 2 ): 38 .

ZHOU W , ZHOU Y , JIANG X , et al . Detecting repackaged smartphone applications in third-party Android marketplaces [C ] // The second ACM conference on Data and Application Security and Privacy . 2012 : 317 - 326 .

HANNA S , HUANG L , WU E , et al . Juxtapp:a scalable system for detecting code reuse among Android applications [C ] // International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment . 2012 : 62 - 81 .

CRUSSELL J , GIBLER C , CHEN H . Attack of the clones:detecting cloned applications on Android markets [C ] // European Symposium on Research in Computer Security . 2012 : 37 - 54 .

WANG H , GUO Y , MA Z , et al . Wukong:a scalable and accurate two-phase approach to Android app clone detection [C ] // The 2015 International Symposium on Software Testing and Analysis . 2015 : 71 - 82 .

王浩宇 , 王仲禹 , 郭耀 , 等 . 基于代码克隆检测技术的 Android 应用重打包检测 [J ] . 中国科学:信息科学 , 2014 , 44 ( 1 ): 142 - 157 .

WANG H Y , WANG Z Y , GUO Y , et al . Detecting repackaged Android applications based on code clone detection technique [J ] . Science China Information Sciences , 2014 , 44 ( 1 ): 142 - 157 .

ZHANG F , HUANG H , ZHU S , et al . ViewDroid:towards obfuscation-resilient mobile application repackaging detection [C ] // The 2014 ACM Conference on Security and Privacy in Wireless ＆ Mobile Networks . 2014 : 25 - 36 .

SUN M , LI M , LUI J . Droideagle:seamless detection of visually similar Android apps [C ] // The 8th ACM Conference on Security ＆Privacy in Wireless and Mobile Networks . 2015 :9.

焦四辈 , 应凌云 , 杨轶 , 等 . 一种抗混淆的大规模 Android 应用相似性检测方法 [J ] . 计算机研究与发展 , 2014 , 51 ( 7 ): 1446 - 1457 .

JIAO S B , YING L Y , YANG Y , et al . An anti-obfuscation method for detecting similarity among Android applications in large scale [J ] . Journal of Computer Research and Development , 2014 , 51 ( 7 ): 1446 - 1457 .

卿斯汉 . Android 安全研究进展 [J ] . 软件学报 , 2016 , 27 ( 1 ): 45 - 71 .

QING S H . Research progress on Android security [J ] . Journal of Software , 2016 , 27 ( 1 ): 45 - 71 .

文伟平 , 梅瑞 , 宁戈 , 等 . Android 恶意软件检测技术分析和应用研究 [J ] . 通信学报 , 2014 , 35 ( 8 ): 78 - 86 .

WEN W P , MEI R , NING G , et al . Malware detection technology analysis and applied research of Android platform [J ] . Journal on Communications , 2014 , 35 ( 8 ): 78 - 86 .

张玉清 , 王凯 , 杨欢 , 等 . Android 安全综述 [J ] . 计算机研究与发展 , 2014 , 51 ( 7 ): 1385 - 1396 .

ZHANG Y Q , WANG K , YANG H , et al . Survey of Android OS security [J ] . Journal of Computer Research and Development , 2014 , 51 ( 7 ): 1385 - 1396 .

李挺 , 董航 , 袁春阳 , 等 . 基于 Dalvik 指令的 Android恶意代码特征描述及验证 [J ] . 计算机研究与发展 , 2014 , 51 ( 7 ): 1458 - 1466 .

LI T , DONG H , YUAN C Y , et al . Description of Android malware feature based on Dalvik instructions [J ] . Journal of Computer Research and Development , 2014 , 51 ( 7 ): 1458 - 1466 .

张玉清 , 方喆君 , 王凯 , 等 . Android 安全漏洞挖掘技术综述 [J ] . 计算机研究与发展 , 2015 , 52 ( 10 ): 2167 - 2177 .

ZHANG Y Q , FANG Z J , WANG K , et al . Survey of Android vulnerability detection [J ] . Journal of Computer Research and Development , 2015 , 52 ( 10 ): 2167 - 2177 .

杨威 , 肖旭生 , 李邓锋 , 等 . 移动应用安全解析学:成果与挑战 [J ] . 信息安全学报 , 2016 , 1 ( 2 ): 1 - 14 .

YANG W , XIAO X S , LI D F , et al . Security analytics for mobile apps:achievements and challenges [J ] . Journal of Cyber Security , 2016 , 1 ( 2 ): 1 - 14 .

刘新宇 , 翁健 , 张悦 , 等 . 基于 APK 签名信息反馈的 Android 恶意应用检测 [J ] . 通信学报 , 2017 , 38 ( 5 ): 190 - 198 .

LIU X Y , WENG J , ZHANG Y , et al . Android malware detection based on APK signature information feedback [J ] . Journal on Communications , 2017 , 38 ( 5 ): 190 - 198 .

FAN M , LIU J , WANG W , et al . DAPASA:detecting Android piggybacked apps through sensitive subgraph analysis [J ] . IEEE Transactions on Information Forensics and Security , 2017 , 12 ( 8 ): 1772 - 1785 .

杨欢 , 张玉清 , 胡予濮 , 等 . 基于多类特征的 Android 应用恶意行为检测系统 [J ] . 计算机学报 , 2014 , 37 ( 1 ): 15 - 27 .

YANG H , ZHANG Y Q , HU Y P , et al . A malware behavior detection system of Android applications based on multi-class features [J ] . Chinese Journal of Computers , 2014 , 37 ( 1 ): 15 - 27 .

ARP D , SPREITZENBARTH M , HUBNER M , et al . DREBIN:effective and explainable detection of Android malware in your pocket [C ] // NDSS . 2014 .

YAN L K , YIN H . DroidScope:seamlessly reconstructing the os and dalvik semantic views for dynamic Android malware analysis [C ] // USENIX Security Symposium . 2012 : 569 - 584 .

ARZT S , RASTHOFER S , FRITZ C , et al . Flowdroid:precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for Android apps [J ] . ACM Sigplan Notices , 2014 , 49 ( 6 ): 259 - 269 .

ENCK W , GILBERT P , HAN S , et al . TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones [J ] . ACM Transactions on Computer Systems (TOCS) , 2014 , 32 ( 2 ): 5 .

许艳萍 , 马兆丰 , 王中华 , 等 . Android 智能终端安全综述 [J ] . 通信学报 , 2016 , 37 ( 6 ): 169 - 174 .

XU Y P , MA Z F , WANG Z H , et al . Survey of security for Android smart terminal [J ] . Journal on Communications , 2016 , 37 ( 6 ): 169 - 174 .

LI L , LI D , BISSYANDE T F , et al . Understanding Android App piggybacking [C ] // The 39th International Conference on Software Engineering Companion . 2017 : 359 - 361 .

REAVES B , BOWERS J , GORSKI III S A , et al . Android:assessment and evaluation of Android application analysis tools [J ] . ACM Computing Surveys (CSUR) , 2016 , 49 ( 3 ): 55 .

GONZALEZ H , STAKHANOVA N , GHORBANI A A . Droidkin:lightweight detection of Android apps similarity [C ] // International Conference on Security and Privacy in Communication Systems . 2014 : 436 - 453 .

KIM D , GOKHALE A , GANAPATHY V , et al . Detecting plagiarized mobile apps using API birthmarks [J ] . Automated Software Engineering , 2016 , 23 ( 4 ): 591 - 618 .

CHEN K , LIU P , ZHANG Y . Achieving accuracy and scalability simultaneously in detecting application clones on Android markets [C ] // The 36th International Conference on Software Engineering . 2014 : 175 - 186 .

CHEN K , WANG P , LEE Y , et al . Finding unknown malice in 10 seconds:mass vetting for new threats at the Google-Play Scale [C ] // USENIX Security . 2015 :15.

ZHOU W , ZHOU Y , GRACE M , et al . Fast,scalable detection of piggybacked mobile applications [C ] // The Third ACM Conference on Data and Application Security and Privacy . 2013 : 185 - 196 .

CRUSSELL J , GIBLER C , CHEN H . Andarwin:scalable detection of semantically similar Android applications [C ] // European Symposium on Research in Computer Security . 2013 : 182 - 199 .

SHAO Y , LUO X , QIAN C , et al . Towards a scalable resource-driven approach for detecting repackaged Android applications [C ] // The 30th Annual Computer Security Applications Conference . 2014 : 56 - 65 .

GADYATSKAYA O , LEZZA A L , ZHAUNIAROVICH Y . Evaluation of resource-based App repackaging detection in Android [C ] // Nordic Conference on Secure IT Systems . 2016 : 135 - 151 .

SOH C , TAN H B K , ARNATOVICH Y L , et al . Detecting clones in Android applications through analyzing user interfaces [C ] // The 2015 IEEE 23rd International Conference on Program Comprehension . 2015 : 163 - 173 .

CORDELLA L P , FOGGIA P , SANSONE C , et al . A (sub) graph isomorphism algorithm for matching large graphs [J ] . IEEE Transactions on Pattern Analysis and Machine Intelligence , 2004 , 26 ( 10 ): 1367 - 1372 .

LI M , WANG W , WANG P , et al . Libd:scalable and precise third-party library detection in Android markets [C ] // The 39th International Conference on Software Engineering . 2017 : 335 - 346 .

LIU C , CHEN C , HAN J , et al . GPLAG:detection of software plagiarism by program dependence graph analysis [C ] // The 12th ACM SIGKDD International Conference On Knowledge Discovery And Data Mining . 2006 : 872 - 881 .

LI L , BISSYANDÉ T F , KLEIN J , et al . An investigation into the use of common libraries in Android apps [C ] // 2016 IEEE 23rd International Conference on Software Analysis,Evolution,and Reengineering (SANER) . 2016 : 403 - 414 .

LAM P , BODDEN E , LHOTAK O , et al . The soot framework for Java program analysis:a retrospective [C ] // Cetus Users and Compiler Infrastructure Workshop (CETUS 2011) . 2011 .

浏览量

1360

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

DeepRD：基于Siamese LSTM网络的Android重打包应用检测方法