计算机科学

计算机科学 ›› 2023, Vol. 50 ›› Issue (6A): 220300114-7.doi: 10.11896/jsjkx.220300114

• 软件&交叉 • 上一篇    下一篇

基于界面相似度的Android仿冒应用检测研究

付雄, 聂晓晗, 王俊昌   

  1. 南京邮电大学计算机学院 南京 210023
  • 出版日期:2023-06-10 发布日期:2023-06-12
  • 通讯作者: 付雄(fux@njupt.edu.cn)
  • 基金资助:
    国家自然科学基金(51977113);江苏省重点研发计划(社会发展)项目(BE2017743)

Study on Android Fake Application Detection Method Based on Interface Similarity

FU Xiong, NIE Xiaohan, WANG Junchang   

  1. School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China
  • Online:2023-06-10 Published:2023-06-12
  • About author:FU Xiong,born in 1979,Ph.D,professor.His main research interests include cloud computing and distributed computing.
  • Supported by:
    National Natural Science Foundation of China(51977113) and Primary Research & Development Plan(Social Development) of Jiangsu Province(BE2017743).

PDF (PC)

687

摘要: 随着Android系统的发展,仿冒应用在Android平台出现并逐渐活跃。混淆等技术的普及使得仿冒应用难以被传统的检测方法检测。为了有效抵抗加固技术,提出了一种基于界面相似度的Android仿冒应用检测方法InfSimiDetec。首先通过自动化测试工具提取运行界面的布局信息,接着基于布局信息获取界面结构特征,然后筛选出结构特征相似的界面进行界面相似度计算,最后基于相似界面的比率进行应用相似度计算。使用含有多种类型仿冒应用程序的数据集进行实验并将所提方法与传统的检测方法进行比较,结果表明该方法的准确率为94.11%,召回率为96.12%,与传统检测方法相比表现出更优越的性能。

关键词: Android, 界面布局, 仿冒检测, 自动化遍历, 特征提取

Abstract: With the development of the Android,fake applications appear and become active on the Android platform.The popularity of obfuscation and other technologies makes it difficult for fake applications to be detected by traditional detection methods.In order to effectively resist the reinforcement technology,an Android fake application detection method(InfSimiDetec) based on interface similarity is proposed.Firstly,the layout information of the running interface is extracted by the automatic test tool.Next,the interface structural features are extracted based on the layout information.Then the interfaces with similar structural features are selected for interface similarity calculation.Finally,the application similarity calculation is carried out based on the ratio of similar interfaces.Experiments are carried out using a dataset containing multiple types of fake applications and compared with traditional detection methods.The results show that the precision rate of this method is 94.11% and the recall rate is 96.12%.Compared with traditional detection methods,this method shows better performance.

Key words: Android, Interface layout, Detection of fake application, Automation traversal of application, Feature extraction

中图分类号: 

  • TP393
[1]LI J L,WANG Y Z,LUO L G,et al.A Survey of Adversarial Attack Techniques for Android Malware Detection[J].Journal of Cyber Security,2021,6(4):28-43.
[2]WANG S Y,ZHANG Y S,CENG J R,et al.Overviewof Android Malware Detection Methods[J].Computer Applications and Software,2021,38(9):1-9.
[3]UTKARSH S,KULDEEP K,DEEPAKUMAR G.A Study ofCode Clone Detection Techniques in Software Systems[C]//Proceedings of the International Conference on Paradigms of Computing,Communication and Data Sciences.Springer,2021:347-359.
[4]HAMID A B,STAN J.A Data Mining Approach for Detecting Higher-Level Clones in Software[J].IEEE Transactions on Software Engineering,2009,35(4):497-514.
[5]CRUSSEL J,GIBLER C,HAO C.Attack of the Clones:Detecting Cloned Applications on Android Markets[C]//European Symposium on Research in Computer Secu-rity.Computer Security-ESORICS,2012:37-54.
[6]NIU H,YANG T,NIU S.Clone Analysis and Detection in Android Applications[C]//International Conference on Systems and Informatics(ICSAI).IEEE,2016:520-525.
[7]ZHOU W,ZHOU Y J,JIANG X X,et al.Detecting Repackaged Smartphone Applications in Third-party Android Marketplaces[C]//ACM Conference on Data and Application Security and Privacy.ACM,2012:317-326.
[8]MALISA L,KOSTIAINEN K,CAPKUN S.Detecting MobileApplication Spoofing Attacks by Leveraging User Visual Similarity Perception[C]//ACM Conference on Data and Application Secu-rity and Privacy.ACM,2017:289-300.
[9]SUN M,LI M,LUI J C S.DroidEagle:Seamless Detection of Visually Similar Android Apps[C]//ACM Conference on Secu-rity and Privacy in Wireless and Mobile Networks.ACM,2015:1-12.
[10]ZHAUNIAROVICH Y,LEZZA A L,GADYATSKAYA O.Evaluation of Resource-Based App Repackaging Detection in Android[C]//Nordic Conference on Secure IT Systems.2016:135-151.
[11]ZHU J,WU Z,ZHI G,et al.Appearance Similarity Evaluation for Android Applications[C]//International Conference on Advanced Computational Intelligence.IEEE,2015:323-328.
[12]LIU B,NATH S,GOVINDAN R,et al.DECAF:Detecting and Characterizing Ad Fraud in Mobile Apps[C]//USENIX Confe-rence on Networked Systems Design and Implementation(NSDI’14).USENIX Association,2014:57-70.
[13]KAICHEN.A List of Shared Libraries and AdLibraries Used in Android Apps[EB/OL].(2014-02-20)[2022-03-03].http://sites.psu.edu/kaichen/2014/02/20/a-list-of-shared-libraries-and-adlibraries-used-in-android-apps/.
[14]LUXEMBOURG UNIVERSITY.AndroZoo[EB/OL].(2019-03-21)[2022-03-03].https://androzoo.uni.lu/repackaging.
[15]ARP D,SPREITZENBARTH M,HUBNER M,et al.DREBIN:Effective and Explainable Detection of Android Malware in Your Pocket[C]//Network and Distributed System Security Sympo-sium.2014:23-38.
[16]LI L,BISSYANDE T F,KLEIN J.SimiDroid:Identifying and Explaining Similarities in Android Apps[C]//IEEE Trustcom/BigDataSE/ICESS.IEEE,2017:136-143.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发