Scalable and Obfuscation-Resilient Android App Repackaging Detection Based on Behavior Birthmark
Repackaged Android apps are the major source of Android malware, which not only compromise the pecuniary profit of original authors, but also pose threat to security and privacy of mobile users. Although a large number of birthmark based approaches have been proposed for Android repackaging detectio...
Saved in:
| Published in | 2017 24th Asia Pacific Software Engineering Conference (APSEC) pp. 476 - 485 |
|---|---|
| Main Authors | , , , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
01.12.2017
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | Repackaged Android apps are the major source of Android malware, which not only compromise the pecuniary profit of original authors, but also pose threat to security and privacy of mobile users. Although a large number of birthmark based approaches have been proposed for Android repackaging detection, the majority of them heavily rely on the code instruction details, thus suffering from the following two limitations: (1) subject to code/resource obfuscation technologies; (2) fail to large scale repackaging detection. In this paper, we propose a novel behavior based approach for Android repackaging detection to meet scalability and obfuscation-resilience at the same time. As the repackaged app always keeps the basic functionalities of the original one for leveraging its popularity, they usually have similar behaviors. This observation inspires us to design the new behavior based birthmark for Android repackaging detection, namely, API dependency graph. To further improve the detection performance, we also introduce a system dependency summary graph based ADG extraction approach for high efficiency birthmark construction. We implement a prototype system named ACFinder and evaluate our system using 13,917 apps of 22 categories collected from APK-DL. Experiments show that ACFinder can extract behavior birthmark efficiently (average 52.9s per app), and that our behavior birthmark is resilient to complex code obfuscation technologies (average app similarity all are 1.0 for 11 code obfuscation algorithms) and capable to large scale detection (average 0.37s per app pair). |
|---|---|
| AbstractList | Repackaged Android apps are the major source of Android malware, which not only compromise the pecuniary profit of original authors, but also pose threat to security and privacy of mobile users. Although a large number of birthmark based approaches have been proposed for Android repackaging detection, the majority of them heavily rely on the code instruction details, thus suffering from the following two limitations: (1) subject to code/resource obfuscation technologies; (2) fail to large scale repackaging detection. In this paper, we propose a novel behavior based approach for Android repackaging detection to meet scalability and obfuscation-resilience at the same time. As the repackaged app always keeps the basic functionalities of the original one for leveraging its popularity, they usually have similar behaviors. This observation inspires us to design the new behavior based birthmark for Android repackaging detection, namely, API dependency graph. To further improve the detection performance, we also introduce a system dependency summary graph based ADG extraction approach for high efficiency birthmark construction. We implement a prototype system named ACFinder and evaluate our system using 13,917 apps of 22 categories collected from APK-DL. Experiments show that ACFinder can extract behavior birthmark efficiently (average 52.9s per app), and that our behavior birthmark is resilient to complex code obfuscation technologies (average app similarity all are 1.0 for 11 code obfuscation algorithms) and capable to large scale detection (average 0.37s per app pair). |
| Author | Zhou, Chengjian Xiang, Hongyue Yuan, Cangzhou Guo, Jiangtao Wei, Shenhong |
| Author_xml | – sequence: 1 givenname: Cangzhou surname: Yuan fullname: Yuan, Cangzhou – sequence: 2 givenname: Shenhong surname: Wei fullname: Wei, Shenhong – sequence: 3 givenname: Chengjian surname: Zhou fullname: Zhou, Chengjian – sequence: 4 givenname: Jiangtao surname: Guo fullname: Guo, Jiangtao – sequence: 5 givenname: Hongyue surname: Xiang fullname: Xiang, Hongyue |
| BookMark | eNotjctOwzAURI0EErR0yYqNfyDBj9hOlmkoD6lSUQvrcmNft6bBiZKAxN_TCjYzZzE6MyHnsY1IyA1nKeesuCtfNosqFYybVGVnZMKVzLXUOdeXZDYMH4wxIXQhOb8i7xsLDdQNUoiOrmr_NVgYQxuTNQ6hCRhHWkbXt8HRsuvoGjuwB9iFuKP3OKI9bekcBnT0BLiH79D2dB76cf8J_eGaXHhoBpz995S8PSxeq6dkuXp8rsplErhRY-K4sd5I7Tm3eS2FQCFyzLwyqDy6ItM1cwgK8mN6qXShTWFBqxo8GM3llNz-eQMibrs-HM9_trlkqjBM_gIxoVTL |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/APSEC.2017.54 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 1538636816 9781538636817 |
| EndPage | 485 |
| ExternalDocumentID | 8305970 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IK 6IL 6IN AAJGR AAWTH ABLEC ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK IEGSK OCL RIB RIC RIE RIL |
| ID | FETCH-LOGICAL-i175t-d17cf736f11c8b322e228e4f57e5fed946b0dea5a8deaf3569679ca65bafa7613 |
| IEDL.DBID | RIE |
| IngestDate | Wed Aug 27 02:52:37 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i175t-d17cf736f11c8b322e228e4f57e5fed946b0dea5a8deaf3569679ca65bafa7613 |
| PageCount | 10 |
| ParticipantIDs | ieee_primary_8305970 |
| PublicationCentury | 2000 |
| PublicationDate | 2017-Dec. |
| PublicationDateYYYYMMDD | 2017-12-01 |
| PublicationDate_xml | – month: 12 year: 2017 text: 2017-Dec. |
| PublicationDecade | 2010 |
| PublicationTitle | 2017 24th Asia Pacific Software Engineering Conference (APSEC) |
| PublicationTitleAbbrev | APSEC |
| PublicationYear | 2017 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0002269311 |
| Score | 2.0626688 |
| Snippet | Repackaged Android apps are the major source of Android malware, which not only compromise the pecuniary profit of original authors, but also pose threat to... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 476 |
| SubjectTerms | Android repackaging Androids Behavior birthmark Humanoid robots Image edge detection Malware Obfuscation resilient Scalability Semantics |
| Title | Scalable and Obfuscation-Resilient Android App Repackaging Detection Based on Behavior Birthmark |
| URI | https://ieeexplore.ieee.org/document/8305970 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1NT8IwGG6QkydUMH6nB492sK0f61EQQkxQIpJww35Ggg4D28Vfb7sNSIwHL0uzy5q-a563b5_neQG49Z5vUSwUUjxMEMaRRpJbgWKlqYNHyzjzeufREx1O8eOMzGrgbqeFMcYU5DMT-GFxl69XKvelsnbifk7O3AH9wB3cSq3Wrp7i0ggeh-HeRrN9P570e568xYLC7H_fPKXAjkEDjLZfLSkjyyDPZKC-fxky_ndaR6C1V-nB8Q5_jkHNpCegsW3TAKtd2wRvExcHr5CCItXwWdp8U9bp0IvZLD68IBJ6XuNqoaFLSqHLyYVaFt2L4IPJCq5WCrsO7jT0g0rYD7uLdfb-KdbLFpgO-q-9IaoaK6CFyxYypENvRhRTG4YqkW5LmyhKDLaEGWKN5pjKjjaCiMQ9bUwop4wrQYkUVjCXAJyCerpKzRmAJhZYUp1QrSWOBBZUaIsVIUwKYTudc9D0Czb_Kr0z5tVaXfz9-hIc-niVdJErUM_Wubl2oJ_JmyLaP-jUr3I |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3LTsJAFJ0QXOgKFYxvZ-HSAm3n0S4FIaiARCBhh_OMDVoMtBu_3pm2QGJcuGkm3bSZO5N75s455wJwaz3fPJ8JR4Ru4CDkSYeHmjm-kMSkR01DavXOgyHpTdHTDM9K4G6rhVFKZeQzVbfD7C5fLkVqS2WNwCzOkJoD-p7J-9jN1VrbiooBEqHvujsjzcb9aNxpW_oWrWd2_7v2KVn26FbAYPPdnDSyqKcJr4vvX5aM__2xQ1Db6fTgaJuBjkBJxcegsmnUAIt9WwVvYxMJq5GCLJbwhet0nVfqnFe1jj6sJBJaZuMyktDAUmhQOROLrH8RfFBJxtaKYcskPAntoJD2w1a0St4_2WpRA9NuZ9LuOUVrBScyeCFxpGvtiHyiXVcE3Gxq5XmBQhpThbWSISK8KRXDLDBP7WMSEhoKRjBnmlEDAU5AOV7G6hRA5TPEiQyIlBx5DDHCpEYCY8oZ083mGajaCZt_5e4Z82Kuzv9-fQP2e5NBf95_HD5fgAMbu5w8cgnKySpVVwYCJPw6i_wPOzKyuw |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2017+24th+Asia+Pacific+Software+Engineering+Conference+%28APSEC%29&rft.atitle=Scalable+and+Obfuscation-Resilient+Android+App+Repackaging+Detection+Based+on+Behavior+Birthmark&rft.au=Yuan%2C+Cangzhou&rft.au=Wei%2C+Shenhong&rft.au=Zhou%2C+Chengjian&rft.au=Guo%2C+Jiangtao&rft.date=2017-12-01&rft.pub=IEEE&rft.spage=476&rft.epage=485&rft_id=info:doi/10.1109%2FAPSEC.2017.54&rft.externalDocID=8305970 |