Juxtapp and DStruct: Detection of Similarity Among Android Applications
作者: Saung Li
DOI:
关键词:
摘要: In recent years, we have witnessed an incredible growth in the adoption of smartphones, which has been accompanied by influx applications. Users can purchase or download applications for free onto their mobile phones from centralized application markets such as Google’s Android Market and Amazon’s third party market. Despite rapidly increasing volume available on markets, these marketplaces often only cursorily review applications, many are unreviewed due to vast number submissions. Markets largely rely user policing reporting detect that may be misleading its functionality misbehaving. This reactive approach is neither scalable nor reliable incidence piracy malware increased, putting too much responsibility end users. To automate process identifying problematic previously proposed Juxtapp, a infrastructure code similarity analysis among Juxtapp able find instances malware, piracy, vulnerable detecting reuse Such system must fast, so this paper discuss distributed implementation Juxtapp. We evaluate Juxtapp’s performance up 95,000 parallelized analyze rapidly. aid users analysis, introduce web service automatically manages resources required run service. For complementary approach, propose DStruct, tool similar based directory structures. DStruct provides another method performing address problems security, including determining if pirated contain known malware. our using more than 58,000 official market Chinese experiments, 3 variants popular paid game 9 malicious Furthermore, market, detected 4 legitimate authors had used repackage with efficacy provide further insights into improving detection tools ours.
berkeley.edu参考文章(15)
Andrew Walenstein, Arun Lakhotia, The Software Similarity Problem in Malware Analysis dagstuhl seminar proceedings. pp. 0- ,(2007)
Steve Hanna, Ling Huang, Edward Wu, Saung Li, Charles Chen, Dawn Song, Juxtapp: a scalable system for detecting code reuse among android applications international conference on detection of intrusions and malware and vulnerability assessment. pp. 62- 81 ,(2012) , 10.1007/978-3-642-37300-8_4
Debin Gao, Michael K. Reiter, Dawn Song, BinHunt: Automatically Finding Semantic Differences in Binary Programs international conference on information and communication security. pp. 238- 255 ,(2008) , 10.1007/978-3-540-88625-9_16
Ulrich Bayer, Paolo Milani Comparetti, Clemens Hlauschek, Christopher Kruegel, Engin Kirda, Scalable, behavior-based malware clustering network and distributed system security symposium. ,(2009)
Wu Zhou, Yajin Zhou, Xuxian Jiang, Peng Ning, Detecting repackaged smartphone applications in third-party android marketplaces Proceedings of the second ACM conference on Data and Application Security and Privacy - CODASKY '12. pp. 317- 326 ,(2012) , 10.1145/2133601.2133640
Jiyong Jang, David Brumley, Shobha Venkataraman, BitShred Proceedings of the 18th ACM conference on Computer and communications security - CCS '11. pp. 309- 320 ,(2011) , 10.1145/2046707.2046742
Xin Hu, Tzi-cker Chiueh, Kang G. Shin, Large-scale malware indexing using function-call graphs computer and communications security. pp. 611- 620 ,(2009) , 10.1145/1653662.1653736
Kilian Weinberger, Anirban Dasgupta, John Langford, Alex Smola, Josh Attenberg, Feature hashing for large scale multitask learning Proceedings of the 26th Annual International Conference on Machine Learning - ICML '09. pp. 1113- 1120 ,(2009) , 10.1145/1553374.1553516
Z. Li, S. Lu, S. Myagmar, Y. Zhou, CP-Miner: finding copy-paste and related bugs in large-scale software code IEEE Transactions on Software Engineering. ,vol. 32, pp. 176- 192 ,(2006) , 10.1109/TSE.2006.28
Saul Schleimer, Daniel S. Wilkerson, Alex Aiken, Winnowing: local algorithms for document fingerprinting international conference on management of data. pp. 76- 85 ,(2003) , 10.1145/872757.872770