Towards Obfuscation Resilient Software Plagiarism Detection

Slides:



Advertisements
Similar presentations
Android Application Development A Tutorial Driven Course.
Advertisements

Google Android Introduction to Mobile Computing. Android is part of the build a better phone process Open Handset Alliance produces Android Comprises.
Application Fundamentals Android Development. Announcements Posting in D2L Tutorials.
 Juxtapp: A Scalable System for Detecting Code Reuse Among Android Applications  Steve Hanna, Ling Huang, Edward Wu1, Saung Li, Charles Chen, and Dawn.
Attack of the Clones: Detecting Cloned Applications on Android Markets Jonathan Crussell 1,2, Clint Gibler 1, and Hao Chen 1Clint GiblerHao Chen 1 University.
Application Fundamentals. See: developer.android.com/guide/developing/building/index.html.
Filip Debelić What is it? Android is a mobile operating system (OS) based on the Linux kernel and currently developed by Google Android,
Google Android as a mobile development platform T Internet Technologies for Mobile Computing Olli Mäkinen.
Android Programming Beomjoo Seo Sep., 12 CS5248 Fall 2012.
S MARTPHONE A PPLICATION D EVELOPMENT Sam Palmer.
Emerging Platform#4: Android Bina Ramamurthy.  Android is an Operating system.  Android is an emerging platform for mobile devices.  Initially developed.
About me Yichuan Wang Android Basics Credit goes to Google and UMBC.
Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang Department of Computer Science North Carolina State University CCS 2013.
Introduction to Android Swapnil Pathak Advanced Malware Analysis Training Series.
© Keren Kalif Intro to Android Development Written by Keren Kalif, Edited by Liron Blecher Contains slides from Google I/O presentation.
Detecting Software Theft via System Call Based Birthmarks Xinran Wang, Yoon-Chan Jhi, Sencun Zhu, Peng Liu ACSAC 2009.
Chapter 2: Simplify! The Android User Interface
Rajab Davudov. Agenda Eclipse, ADT and Android SDK APK file Fundamentals – Activity – Service – Content Provider – Broadcast Receiver – Intent Hello World.
CS378 - Mobile Computing Intents.
Android for Java Developers Denver Java Users Group Jan 11, Mike
Chapter 2 The Android User Interface. Objectives  In this chapter, you learn to:  Develop a user interface using the TextView, ImageView, and Button.
CS378 - Mobile Computing Intents. Allow us to use applications and components that are part of Android System – start activities – start services – deliver.
Android Boot Camp for Developers Using Java, 3E
Android Boot Camp for Developers Using Java, Comprehensive: A Guide to Creating Your First Android Apps Chapter 2: Simplify! The Android User Interface.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
ANDROID BY:-AANCHAL MEHTA MNW-880-2K11. Introduction to Android Open software platform for mobile development A complete stack – OS, Middleware, Applications.
Checking More Alerting Less PRESENTED BY: AMIN ROIS SINUNG NUGROHO.
 Used to be applicable to literary corpus/ academia only  Source code similarity/plagiarism detection is very important  “Moss” is the most widely.
Lecture 2: Android Concepts
1 Android Workshop Platform Overview. 2 What is Android?  Android is a software stack for mobile devices that includes an operating system, middleware.
“What the is That? Deception and Countermeasures in the Android User Interface” Presented by Luke Moors.
The Ingredients of Android Applications. A simple application in a process In a classical programming environment, the OS would load the program code.
WHAT THE APP IS THAT? DECEPTION AND COUNTERMEASURES IN THE ANDROID USER INTERFACE.
CS371m - Mobile Computing Intents 1. Allow us to use applications and components that are already part of Android System – start activities – start services.
CHAPTER 1 part 1 Introduction. Chapter objectives: Understand Android Learn the differences between Java and Android Java Examine the Android project.
Introduction to Android Programming
Introduction to Android Chapter 1 1. Objectives Understand what Android is Learn the differences between Java and Android Java Examine the Android project.
The Basics of Android App Development Sankarshan Mridha Satadal Sengupta.
What mobile ads know about mobile users
Chapter 2: Simplify! The Android User Interface
Android Application -Architecture.
Free for All! Assessing User Data Exposure to Advertising Libraries on Android Campbell Foskin.
Lecture 2: Android Concepts
TriggerScope: Towards Detecting Logic Bombs in Android Applications
Reactive Android Development
Android Runtime – Dalvik VM
Android Studio, Android System Basics and Git
Architecture Concept Documents
Android.
Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques Presented by Vikraman Mohan.
TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime Sadiq Basha.
MAD.
Activities and Intents
Android Mobile Application Development
Mobile Application Development Chapter 4 [Android Navigation and Interface Design] IT448-Fall 2017 IT448- Fall2017.
Anatomy of an Android Application
Deception and Countermeasures in the Android User Interface
TriggerScope Towards detecting logic bombs in android applications
Network Profiler: Towards Automatic Fingerprinting of Android Apps
Application Development A Tutorial Driven Course
HNDIT2417 Mobile Application Development
CHAPTER 1 Introduction Chapter objectives: Understand what Android is
Android Developer Fundamentals V2
Motivation and Problem Statement
Emerging Platform#3 Android & Programming an App
Mobile Programming Dr. Mohsin Ali Memon.
Getting Started with Android…
Introduction to Android
Lecture 2: Android Concepts
Android Development Tools
Presentation transcript:

Towards Obfuscation Resilient Software Plagiarism Detection Sencun Zhu Joint work with Fangfang Zhang, Xinran Wang, Yoon-Chan Jhi, Xiaoqi Jia,Dinghao Wu,Peng Liu The Pennsylvania State University 1

Blossom of open source projects SourceForge.net has over 430,000 registered open source projects as of March 2014 3.7 million developers 41.8 million users 4.8 million downloads a day Mobile apps development - a fast growing industry Over 1 million apps on Google Play and iTunes stores in the end of 2013 2

Software Piracy/Theft/Plagiarism Business software alliance publishes a study report about illegal copying and unauthorized resale of applications every year, indicating 51.4 billion of huge loss in 2009 In 2012, Microsoft accused La Familia, Mexico Drug Cartel, for suspicious piracy of Office 2007 in Mexico, and this unauthorized business earns $2.2 million dollars every day In 2005, IBM had to pay $400 millions to Compuware because of code theft

Smartphone Application Repackaging Repackage mobile apps to make profit App repackaging is also a favorable vehicle for malware propagation leveraging the popularity of mobile apps 5% to 13% of apps in the third-party app markets repackaged the apps from the official Android market [1] 1083 (or 86.0%) of 1260 malware samples were repackaged versions of legitimate apps with malicious payloads [2]

Algorithm Plagiarism Patented algorithms Detection is important when Implemented by others Detection is important when One wants to know if the algorithm is illegally used Or prevent your own employee from violating the IP law The manifest ¯le lists the package name, version number, critical components of the app, and the associate permissions to each component. The resource folder includes all the raw resource ¯les, such as images and audio ¯les, and the XML ¯les which describe the layouts of user interfaces. The Dalvik executable contains all the classes that implement the functionality of all the primary components of an app.

Related Work PC Apps Smartphone Apps User Interface -- Code Logic ViewDroid Code Logic Static source code: [31] Static opcode: [7] Whole program path: [9] PDG: [32], GPLAG [4] API: [10, 33, 8, 11] System call: [18, 17] Clone Detection: [35, 36, 37, 5, 38] Opcode: DroidMOSS [2] Juxtapp [25] AST: [34] PDG: DNADroid [24] Program Semantics VaPD [3], LoPD Algorithm-level ValPD

Problem Statement Design detection methods that are the following features High Accuracy Obfuscation Resilience Scalability Under the following attack models Lazy attack Amateur attack Malware smartphone apps are user behavior intensive and Android event-driven, and the interactions between users and apps are performed through user interfaces (i.e., app views). Some characters of views (e.g. the navigation between views) are unique for each independently developed app. Second, in both types of repackaging, because attackers want to leverage the popularity of a target app, they will keep the repackaged apps' look- and-feel similar to the original one in the user interface level. Speci¯cally, it is built upon a robust birthmark called view graph, which is a graph constructed from all views through static analysis and catches the navigation relation among app views. 4/10/2019

How do we model app’s look-and-feel? Motivation Observation 1: Apps are user behavior intensive and Android event driven The interactions between users and apps through UI Observation 2: Attackers leverage the popularity of a target app keep the repackaged apps' look and feel similar to the original one in the user interface level (i.e., app views). Some characters of views (e.g. the navigation between views) are unique for each independently developed app How do we model app’s look-and-feel?

Android App Background .apk file – download from app market Manifest file: AndroidManifest.xml Resource files: files in the res directory A compiled dalvik executable: classes.dex Activities Four components communicate through intent message Activity: screen views, organized by a stack Service: background tasks, no user interface Broadcast Receivers: listen to broadcast messages Content Provider: manage data sharing, query etc. The manifest ¯le lists the package name, version number, critical components of the app, and the associate permissions to each component. The resource folder includes all the raw resource ¯les, such as images and audio ¯les, and the XML ¯les which describe the layouts of user interfaces. The Dalvik executable contains all the classes that implement the functionality of all the primary components of an app.

Our Birthmark View View Graph Feature View Graph A user interface Its corresponding activity View Graph A directed graph Nodes: Views Edges <a, b>: View navigates from a to b Statically constructed Feature View Graph

System Architecture

View Graph Construction Generate view nodes Activity: onCreate() setContentView() / addPreferencesFromResource() Extract view node features Invocation vector: Android framework specific APIs Generate edges startActivity() / startActivityForResult() Intent objects as the parameter Extract edge features onClick(), onTouch(), OnItemSelected()

View Graph Example a

View Graph Example a

Graph Similarity VF2 algorithm Pre-filters:

Evaluation 10, 311 top Android apps from Google Play 20 categories Totally 573; 872 app pairs are compared.

Results 129 false positives Attack types 112: common libraries 17: views are too simple Attack types 262 lazy attacks 187 amateur attacks 93 malware Most (112 out of 129) of the false matches are caused by the invocations of ad libraries. When two apps share the same ad libraries and one app's graph size is relatively small, the matched nodes related to the common ad libraries will result in a high similarity score. These false matches can be eliminated by whitelisting known ad libraries. The other 17 false matches are due to that one of the apps in each pair is very simple.

Malware Reported by virustotal.com Virus:BAT/Rbtg.gen

Repackaging Clustering Keyword: Sudoku Airpush Adware, which aggressively shows ads in the Android noti¯cation bar

Repackaging Clustering Keyword: Flashlight

Obfuscation Resilience

Thank you ! 22

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.