Detection of Repackaged Android Malware with Code-Heterogeneity Features

Tian, Ke; Yao, Danfeng; Ryder, Barbara G.; Tan, Gang; Peng, Guojun

doi:10.1109/tdsc.2017.2745575

Cited by 62 publications

(36 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Finally, we investigate how the accuracy of repackaged [19] (10000,100000) DR-Droid2 [20] (1000,10000) DAPASA [21] (10000,100000) FUIDroid [22] (10000,100000) APPraiser [23] (1000000, ∞) RepDroid [24] (100,1000) SimiDroid [25] (1000,10000) GroupDroid [26] (1000,10000) CLANdroid [27] (10000,100000) DR-Droid [28] (1000,10000) DroidClone [29] (100,1000) FSquaDRA2 [30] (1000,10000) Li et al [31] α (1000000, ∞) Niu et al [32] -RepDetector [33] (1000,10000) SUIDroid [34] (100000,1000000) Kim et al [35] (100,1000) AndroidSOO [36] (10000,100000) AndroSimilar2 [37] (10000,100000) Chen et al [38] (1000,10000) DroidEagle [39] (1000000, ∞) ImageStruct [40] (10000,100000) MassVet [41] (1000000, ∞) PICARD [42] (0,100) Soh et al [43] (100,1000) Wu et al [44] (1000,10000) WuKong [45] (100000,1000000) AnDarwin2 [46] (100000,1000000) AndRadar [47] (100000,1000000) Chen et al [48] (10000,100000) DIVILAR [49] (0,100) DroidKin [50] (1000,10000) DroidLegacy [51] (1000,10000) DroidMarking [9] (100,1000) DroidSim [52] (100,1000) FSquaDRA [53] (10000,100000) Kywe et al [54] (10000,100000) Linares-Vásquez et al [55] α (10000,100000) PlayDrone [56] α (1000000, ∞) ResDroid [57] (1000...…”

Section: Review Of Evaluation Setups and Artefactsmentioning

confidence: 99%

Rebooting Research on Detecting Repackaged Android Apps: Literature Review and Benchmark

Bissyandé

Klein

2021

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

Repackaging is a serious threat to the Android ecosystem as it deprives app developers of their benefits, contributes to spreading malware on users' devices, and increases the workload of market maintainers. In the space of six years, the research around this specific issue has produced 57 approaches which do not readily scale to millions of apps or are only evaluated on private datasets without, in general, tool support available to the community. Through a systematic literature review of the subject, we argue that the research is slowing down, where many state-of-the-art approaches have reported high-performance rates on closed datasets, which are unfortunately difficult to replicate and to compare against. In this work, we propose to reboot the research in repackaged app detection by providing a literature review that summarises the challenges and current solutions for detecting repackaged apps and by providing a large dataset that supports replications of existing solutions and implications of new research directions. We hope that these contributions will re-activate the direction of detecting repackaged apps and spark innovative approaches going beyond the current state-of-the-art.

show abstract

Section: Review Of Evaluation Setups and Artefactsmentioning

confidence: 99%

Rebooting Research on Detecting Repackaged Android Apps: Literature Review and Benchmark

Bissyandé

Klein

2021

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

show abstract

“…With these results, the embedded platform is protected not only at the bootloader level, but even in the Android application level. As the authentication process with ALPU chip is only performed once, when the application is executed, there is less overhead compared to the existing software security techniques in [17][18][19][20][21][22]. Implementation is also relatively easier when developing a new application because only one line of authentication function is added to the original application.…”

Section: Articulacy Of the Administrative Policiesmentioning

confidence: 99%

“…However, RKP is highly dependent on the ARM TrustZone, along with its flaws, and the system is still vulnerable to ecosystem attacks [18]. Several researchers have addressed this issue, focusing on the different forms of ecosystem attacks, namely privilege escalation [19], advertisements [20], and application repackaging [21,22]. Although most of these studies increase the security of Android, they require changes to the native code and could exhibit additional performance overheads to the end users.…”

Section: Introductionmentioning

confidence: 99%

Safe and Policy Oriented Secure Android-Based Industrial Embedded Control System

Delgado

Park

Lee³

et al. 2020

Applied Sciences

View full text Add to dashboard Cite

Android is gaining popularity as the operating system of embedded systems and recent demands of its application on industrial control are steadily increasing. However, its feasibility is still in question due to two major drawbacks: safety and security. In particular, ensuring the safe operation of industrial control systems requires the system to be governed by stringent temporal constraints and should satisfy real-time requirements. In this sense, we explore the real-time characteristics of Xenomai to guarantee strict temporal deadlines, and provide a viable method integrating Android processes to real-time tasks. Security is another issue that affects safety due to the increased connectivity in industrial systems provoking a higher risk of cyber and hardware attacks. Herein, we adopted a hardware copy protection chip and enforced administrative security policies in the booting process and the Android application layer. These policies ensure that the developed system is protected from physical tampering and unwanted Android applications. The articulacy of the administrative policies is demonstrated through experiments. The developed embedded system is connected to an industrial EtherCAT motion device network exhibiting operability on an actual industrial application. Real-time performance was evaluated in terms of schedulability and responsiveness, which are critical in determining the safety and reliability of the control system.

show abstract

“…Building high-quality behavior profiles of apps could help in determining the semantic similarity among the apps, which is pivotal to addressing these issues. Recent research [23,24,29,[32][33][34][35][36][37][38] reveals that compared to primitive representations of programs (e.g., counts of system-calls, Application Programming Interfaces (APIs) used etc.) graph representations (e.g., Control Flow Graphs (CFGs), call graphs, etc.)…”

Section: Introductionmentioning

confidence: 99%

Apk2vec: Semi-Supervised Multi-view Representation Learning for Profiling Android Applications

Narayanan

Soh

Chen

et al. 2018

2018 IEEE International Conference on Data Mining (ICDM)

View full text Add to dashboard Cite

Building behavior profiles of Android applications (apps) with holistic, rich and multi-view information (e.g., incorporating several semantic views of an app such as API sequences, system calls, etc.) would help catering downstream analytics tasks such as app categorization, recommendation and malware analysis significantly better. Towards this goal, we design a semi-supervised Representation Learning (RL) framework named apk2vec to automatically generate a compact representation (aka profile/embedding) for a given app. More specifically, apk2vec has the three following unique characteristics which make it an excellent choice for largescale app profiling: (1) it encompasses information from multiple semantic views such as API sequences, permissions, etc., (2) being a semi-supervised embedding technique, it can make use of labels associated with apps (e.g., malware family or app category labels) to build high quality app profiles, and (3) it combines RL and feature hashing which allows it to efficiently build profiles of apps that stream over time (i.e., online learning).The resulting semi-supervised multi-view hash embeddings of apps could then be used for a wide variety of downstream tasks such as the ones mentioned above. Our extensive evaluations with more than 42,000 apps demonstrate that apk2vec's app profiles could significantly outperform state-of-the-art techniques in four app analytics tasks namely, malware detection, familial clustering, app clone detection and app recommendation.

show abstract

Detection of Repackaged Android Malware with Code-Heterogeneity Features

Cited by 62 publications

References 42 publications

Rebooting Research on Detecting Repackaged Android Apps: Literature Review and Benchmark

Rebooting Research on Detecting Repackaged Android Apps: Literature Review and Benchmark

Safe and Policy Oriented Secure Android-Based Industrial Embedded Control System

Apk2vec: Semi-Supervised Multi-view Representation Learning for Profiling Android Applications

Contact Info

Product

Resources

About