{"title":"DroidEagle:无缝检测视觉上相似的Android应用程序","authors":"Mingshen Sun, Mengmeng Li, John C.S. Lui","doi":"10.1145/2766498.2766508","DOIUrl":null,"url":null,"abstract":"Repackaged malware and phishing malware consist 86% [35] of all Android malware, and they significantly affect the Android ecosystem. Previous work use disassembled Dalvik bytecode and hashing approaches to detect repackaged malware, but these approaches are vulnerable to obfuscation attacks and they demand large computational resources on mobile devices. In this work, we propose a novel methodology which uses the layout resources within an app to detect apps which are \"visually similar\", a common characteristic in repackaged apps and phishing malware. To detect visually similar apps, we design and implement DroidEagle which consists of two sub-systems: RepoEagle and HostEagle. RepoEagle is to perform large scale detection on apps repositories (e.g., apps markets), and HostEagle is a lightweight mobile app which can help users to quickly detect visually similar Android app upon download. We demonstrate the high accuracy and efficiency of DroidEagle: Within 3 hours RepoEagle can detect 1298 visually similar apps from 99 626 apps in a repository. In less than one second, HostEagle can help an Android user to determine whether a downloaded mobile app is a repackaged apps or a phishing malware. This is the first work which provides both speed and scalability in discovering repackaged apps and phishing malware in Android system.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"69","resultStr":"{\"title\":\"DroidEagle: seamless detection of visually similar Android apps\",\"authors\":\"Mingshen Sun, Mengmeng Li, John C.S. Lui\",\"doi\":\"10.1145/2766498.2766508\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Repackaged malware and phishing malware consist 86% [35] of all Android malware, and they significantly affect the Android ecosystem. Previous work use disassembled Dalvik bytecode and hashing approaches to detect repackaged malware, but these approaches are vulnerable to obfuscation attacks and they demand large computational resources on mobile devices. In this work, we propose a novel methodology which uses the layout resources within an app to detect apps which are \\\"visually similar\\\", a common characteristic in repackaged apps and phishing malware. To detect visually similar apps, we design and implement DroidEagle which consists of two sub-systems: RepoEagle and HostEagle. RepoEagle is to perform large scale detection on apps repositories (e.g., apps markets), and HostEagle is a lightweight mobile app which can help users to quickly detect visually similar Android app upon download. We demonstrate the high accuracy and efficiency of DroidEagle: Within 3 hours RepoEagle can detect 1298 visually similar apps from 99 626 apps in a repository. In less than one second, HostEagle can help an Android user to determine whether a downloaded mobile app is a repackaged apps or a phishing malware. This is the first work which provides both speed and scalability in discovering repackaged apps and phishing malware in Android system.\",\"PeriodicalId\":261845,\"journal\":{\"name\":\"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks\",\"volume\":\"24 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-06-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"69\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2766498.2766508\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2766498.2766508","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
DroidEagle: seamless detection of visually similar Android apps
Repackaged malware and phishing malware consist 86% [35] of all Android malware, and they significantly affect the Android ecosystem. Previous work use disassembled Dalvik bytecode and hashing approaches to detect repackaged malware, but these approaches are vulnerable to obfuscation attacks and they demand large computational resources on mobile devices. In this work, we propose a novel methodology which uses the layout resources within an app to detect apps which are "visually similar", a common characteristic in repackaged apps and phishing malware. To detect visually similar apps, we design and implement DroidEagle which consists of two sub-systems: RepoEagle and HostEagle. RepoEagle is to perform large scale detection on apps repositories (e.g., apps markets), and HostEagle is a lightweight mobile app which can help users to quickly detect visually similar Android app upon download. We demonstrate the high accuracy and efficiency of DroidEagle: Within 3 hours RepoEagle can detect 1298 visually similar apps from 99 626 apps in a repository. In less than one second, HostEagle can help an Android user to determine whether a downloaded mobile app is a repackaged apps or a phishing malware. This is the first work which provides both speed and scalability in discovering repackaged apps and phishing malware in Android system.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
