Abstract
Repackaged Android applications (or simply apps) are one of the major sources of mobile malware and also an important cause of severe revenue loss to app developers. Although a number of solutions have been proposed to detect repackaged apps, the majority of them heavily rely on code analysis, thus suffering from two limitations: (1) poor scalability due to the billion opcode problem; (2) unreliability to code obfuscation/app hardening techniques. In this paper, we explore an alternative approach that exploits core resources, which have close relationships with codes, to detect repackaged apps. More precisely, we define new features for characterizing apps, investigate two kinds of algorithms for searching similar apps, and propose a two-stage methodology to speed up the detection. We realize our approach in a system named ResDroid and conduct large scale evaluation on it. The results show that ResDroid can identify repackaged apps efficiently and effectively even if they are protected by obfuscation or hardening systems.
Original language | English |
---|---|
Title of host publication | ACM International Conference Proceeding Series |
Publisher | Association for Computing Machinery |
Pages | 56-65 |
Number of pages | 10 |
DOIs | |
Publication status | Published - 8 Dec 2014 |
Event | 30th Annual Computer Security Applications Conference, ACSAC 2014 - New Orleans, United States Duration: 8 Dec 2014 → 12 Dec 2014 |
Conference
Conference | 30th Annual Computer Security Applications Conference, ACSAC 2014 |
---|---|
Country/Territory | United States |
City | New Orleans |
Period | 8/12/14 → 12/12/14 |
ASJC Scopus subject areas
- Software
- Human-Computer Interaction
- Computer Vision and Pattern Recognition
- Computer Networks and Communications