TY - GEN
T1 - ViewDroid
T2 - 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2014
AU - Zhang, Fangfang
AU - Huang, Heqing
AU - Zhu, Sencun
AU - Wu, Dinghao
AU - Liu, Peng
PY - 2014
Y1 - 2014
N2 - In recent years, as mobile smart device sales grow quickly, the development of mobile applications (apps) keeps accelerating, so does mobile app repackaging. Attackers can easily repackage an app under their own names or embed advertisements to earn pecuniary profits. They can also modify a popular app by inserting malicious payloads into the original app and leverage its popularity to accelerate malware propagation. In this paper, we propose ViewDroid, a user interface based approach to mobile app repackaging detection. Android apps are user interaction intensive and event dominated, and the interactions between users and apps are performed through user interface, or views. This observation inspires the design of our new birthmark for Android apps, namely, feature view graph, which captures users' navigation behavior across app views. Our experimental results demonstrate that this birthmark can characterize Android apps from a higher level abstraction, making it resilient to code obfuscation. ViewDroid can detect repackaged apps at a large scale, both effectively and efficiently. Our experiments also show that the false positive and false negative rates of ViewDroid are both very low.
AB - In recent years, as mobile smart device sales grow quickly, the development of mobile applications (apps) keeps accelerating, so does mobile app repackaging. Attackers can easily repackage an app under their own names or embed advertisements to earn pecuniary profits. They can also modify a popular app by inserting malicious payloads into the original app and leverage its popularity to accelerate malware propagation. In this paper, we propose ViewDroid, a user interface based approach to mobile app repackaging detection. Android apps are user interaction intensive and event dominated, and the interactions between users and apps are performed through user interface, or views. This observation inspires the design of our new birthmark for Android apps, namely, feature view graph, which captures users' navigation behavior across app views. Our experimental results demonstrate that this birthmark can characterize Android apps from a higher level abstraction, making it resilient to code obfuscation. ViewDroid can detect repackaged apps at a large scale, both effectively and efficiently. Our experiments also show that the false positive and false negative rates of ViewDroid are both very low.
UR - http://www.scopus.com/inward/record.url?scp=84907403322&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84907403322&partnerID=8YFLogxK
U2 - 10.1145/2627393.2627395
DO - 10.1145/2627393.2627395
M3 - Conference contribution
AN - SCOPUS:84907403322
SN - 9781450329729
T3 - WiSec 2014 - Proceedings of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks
SP - 25
EP - 36
BT - WiSec 2014 - Proceedings of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks
PB - Association for Computing Machinery
Y2 - 23 July 2014 through 25 July 2014
ER -