Glanz, Leonid ; Amann, Sven ; Eichberg, Michael ; Reif, Michael ; Hermann, Ben ; Lerch, Johannes ; Mezini, Mira (2017)
CodeMatch: Obfuscation Won’t Conceal Your Repackaged App.
Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering.
doi: 10.1145/3106237.3106305
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
An established way to steal the income of app developers, or to trick users into installing malware, is the creation of repackaged apps. These are clones of – typically – successful apps. To conceal their nature, they are often obfuscated by their creators. But, given that it is a common best practice to obfuscate apps, a trivial identification of repackaged apps is not possible. The problem is further intensified by the prevalent usage of libraries. In many apps, the size of the overall code base is basically determined by the used libraries. Therefore, two apps, where the obfuscated code bases are very similar, do not have to be repackages of each other. To reliably detect repackaged apps, we propose a two step approach which first focuses on the identification and removal of the library code in obfuscated apps. This approach – LibDetect – relies on code representations which abstract over several parts of the underlying bytecode to be resilient against certain obfuscation techniques. Using this approach, we are able to identify on average 70% more used libraries per app than previous approaches. After the removal of an app’s library code, we then fuzzy hash the most abstract representation of the remaining app code to ensure that we can identify repackaged apps even if very advanced obfuscation techniques are used. This makes it possible to identify repackaged apps. Using our approach, we found that ≈ 15% of all apps in Android app stores are repackages.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2017 |
| Autor(en): | Glanz, Leonid ; Amann, Sven ; Eichberg, Michael ; Reif, Michael ; Hermann, Ben ; Lerch, Johannes ; Mezini, Mira |
| Art des Eintrags: | Bibliographie |
| Titel: | CodeMatch: Obfuscation Won’t Conceal Your Repackaged App |
| Sprache: | Englisch |
| Publikationsjahr: | 8 September 2017 |
| Ort: | Paderborn, Germany |
| Buchtitel: | Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering |
| Veranstaltungstitel: | Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering |
| DOI: | 10.1145/3106237.3106305 |
| URL / URN: | http://dl.acm.org/citation.cfm?id=3106305 |
| Kurzbeschreibung (Abstract): | An established way to steal the income of app developers, or to trick users into installing malware, is the creation of repackaged apps. These are clones of – typically – successful apps. To conceal their nature, they are often obfuscated by their creators. But, given that it is a common best practice to obfuscate apps, a trivial identification of repackaged apps is not possible. The problem is further intensified by the prevalent usage of libraries. In many apps, the size of the overall code base is basically determined by the used libraries. Therefore, two apps, where the obfuscated code bases are very similar, do not have to be repackages of each other. To reliably detect repackaged apps, we propose a two step approach which first focuses on the identification and removal of the library code in obfuscated apps. This approach – LibDetect – relies on code representations which abstract over several parts of the underlying bytecode to be resilient against certain obfuscation techniques. Using this approach, we are able to identify on average 70% more used libraries per app than previous approaches. After the removal of an app’s library code, we then fuzzy hash the most abstract representation of the remaining app code to ensure that we can identify repackaged apps even if very advanced obfuscation techniques are used. This makes it possible to identify repackaged apps. Using our approach, we found that ≈ 15% of all apps in Android app stores are repackages. |
| Freie Schlagworte: | Engineering; E1; library detection, repackage detection, obfuscation, code analysis |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Softwaretechnik DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
| Hinterlegungsdatum: | 05 Sep 2017 11:19 |
| Letzte Änderung: | 06 Sep 2018 10:33 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum