Presentation is loading. Please wait.

Presentation is loading. Please wait.

Towards Obfuscation Resilient Software Plagiarism Detection

Published by侗重 嵇 Modified over 6 years ago

Similar presentations

Presentation on theme: "Towards Obfuscation Resilient Software Plagiarism Detection"— Presentation transcript:

1 Towards Obfuscation Resilient Software Plagiarism Detection
Sencun Zhu Joint work with Fangfang Zhang, Xinran Wang, Yoon-Chan Jhi, Xiaoqi Jia,Dinghao Wu,Peng Liu The Pennsylvania State University 1

2 Blossom of open source projects
SourceForge.net has over 430,000 registered open source projects as of March 2014 3.7 million developers 41.8 million users 4.8 million downloads a day Mobile apps development - a fast growing industry Over 1 million apps on Google Play and iTunes stores in the end of 2013 2

3 Software Piracy/Theft/Plagiarism
Business software alliance publishes a study report about illegal copying and unauthorized resale of applications every year, indicating 51.4 billion of huge loss in 2009 In 2012, Microsoft accused La Familia, Mexico Drug Cartel, for suspicious piracy of Office 2007 in Mexico, and this unauthorized business earns $2.2 million dollars every day In 2005, IBM had to pay $400 millions to Compuware because of code theft

4 Smartphone Application Repackaging
Repackage mobile apps to make profit App repackaging is also a favorable vehicle for malware propagation leveraging the popularity of mobile apps 5% to 13% of apps in the third-party app markets repackaged the apps from the official Android market [1] 1083 (or 86.0%) of 1260 malware samples were repackaged versions of legitimate apps with malicious payloads [2]

5 Algorithm Plagiarism Patented algorithms Detection is important when
Implemented by others Detection is important when One wants to know if the algorithm is illegally used Or prevent your own employee from violating the IP law The manifest ¯le lists the package name, version number, critical components of the app, and the associate permissions to each component. The resource folder includes all the raw resource ¯les, such as images and audio ¯les, and the XML ¯les which describe the layouts of user interfaces. The Dalvik executable contains all the classes that implement the functionality of all the primary components of an app.

6 Related Work PC Apps Smartphone Apps User Interface -- Code Logic
ViewDroid Code Logic Static source code: [31] Static opcode: [7] Whole program path: [9] PDG: [32], GPLAG [4] API: [10, 33, 8, 11] System call: [18, 17] Clone Detection: [35, 36, 37, 5, 38] Opcode: DroidMOSS [2] Juxtapp [25] AST: [34] PDG: DNADroid [24] Program Semantics VaPD [3], LoPD Algorithm-level ValPD

7 Problem Statement Design detection methods that are the following features High Accuracy Obfuscation Resilience Scalability Under the following attack models Lazy attack Amateur attack Malware smartphone apps are user behavior intensive and Android event-driven, and the interactions between users and apps are performed through user interfaces (i.e., app views). Some characters of views (e.g. the navigation between views) are unique for each independently developed app. Second, in both types of repackaging, because attackers want to leverage the popularity of a target app, they will keep the repackaged apps' look- and-feel similar to the original one in the user interface level. Speci¯cally, it is built upon a robust birthmark called view graph, which is a graph constructed from all views through static analysis and catches the navigation relation among app views. 4/10/2019

8 How do we model app’s look-and-feel?
Motivation Observation 1: Apps are user behavior intensive and Android event driven The interactions between users and apps through UI Observation 2: Attackers leverage the popularity of a target app keep the repackaged apps' look and feel similar to the original one in the user interface level (i.e., app views). Some characters of views (e.g. the navigation between views) are unique for each independently developed app How do we model app’s look-and-feel?

9 Android App Background
.apk file – download from app market Manifest file: AndroidManifest.xml Resource files: files in the res directory A compiled dalvik executable: classes.dex Activities Four components communicate through intent message Activity: screen views, organized by a stack Service: background tasks, no user interface Broadcast Receivers: listen to broadcast messages Content Provider: manage data sharing, query etc. The manifest ¯le lists the package name, version number, critical components of the app, and the associate permissions to each component. The resource folder includes all the raw resource ¯les, such as images and audio ¯les, and the XML ¯les which describe the layouts of user interfaces. The Dalvik executable contains all the classes that implement the functionality of all the primary components of an app.

10 Our Birthmark View View Graph Feature View Graph A user interface
Its corresponding activity View Graph A directed graph Nodes: Views Edges <a, b>: View navigates from a to b Statically constructed Feature View Graph

11 System Architecture

12 View Graph Construction
Generate view nodes Activity: onCreate() setContentView() / addPreferencesFromResource() Extract view node features Invocation vector: Android framework specific APIs Generate edges startActivity() / startActivityForResult() Intent objects as the parameter Extract edge features onClick(), onTouch(), OnItemSelected()

13 View Graph Example a

14 View Graph Example a

15 Graph Similarity VF2 algorithm Pre-filters:

16 Evaluation 10, 311 top Android apps from Google Play 20 categories
Totally 573; 872 app pairs are compared.

17 Results 129 false positives Attack types 112: common libraries
17: views are too simple Attack types 262 lazy attacks 187 amateur attacks 93 malware Most (112 out of 129) of the false matches are caused by the invocations of ad libraries. When two apps share the same ad libraries and one app's graph size is relatively small, the matched nodes related to the common ad libraries will result in a high similarity score. These false matches can be eliminated by whitelisting known ad libraries. The other 17 false matches are due to that one of the apps in each pair is very simple.

18 Malware Reported by virustotal.com Virus:BAT/Rbtg.gen

19 Repackaging Clustering
Keyword: Sudoku Airpush Adware, which aggressively shows ads in the Android noti¯cation bar

20 Repackaging Clustering
Keyword: Flashlight

21 Obfuscation Resilience

22 Thank you ! 22

Download ppt "Towards Obfuscation Resilient Software Plagiarism Detection"

Similar presentations

Android Application Development A Tutorial Driven Course.

Android Application Development A Tutorial Driven Course.
Google Android Introduction to Mobile Computing. Android is part of the build a better phone process Open Handset Alliance produces Android Comprises.

Google Android Introduction to Mobile Computing. Android is part of the build a better phone process Open Handset Alliance produces Android Comprises.
Application Fundamentals Android Development. Announcements Posting in D2L Tutorials.

Application Fundamentals Android Development. Announcements Posting in D2L Tutorials.
 Juxtapp: A Scalable System for Detecting Code Reuse Among Android Applications  Steve Hanna, Ling Huang, Edward Wu1, Saung Li, Charles Chen, and Dawn.

 Juxtapp: A Scalable System for Detecting Code Reuse Among Android Applications  Steve Hanna, Ling Huang, Edward Wu1, Saung Li, Charles Chen, and Dawn.
Attack of the Clones: Detecting Cloned Applications on Android Markets Jonathan Crussell 1,2, Clint Gibler 1, and Hao Chen 1Clint GiblerHao Chen 1 University.

Attack of the Clones: Detecting Cloned Applications on Android Markets Jonathan Crussell 1,2, Clint Gibler 1, and Hao Chen 1Clint GiblerHao Chen 1 University.
Application Fundamentals. See: developer.android.com/guide/developing/building/index.html.

Application Fundamentals. See: developer.android.com/guide/developing/building/index.html.
Filip Debelić What is it? Android is a mobile operating system (OS) based on the Linux kernel and currently developed by Google Android,

Filip Debelić What is it? Android is a mobile operating system (OS) based on the Linux kernel and currently developed by Google Android,
Google Android as a mobile development platform T-110.7111 Internet Technologies for Mobile Computing Olli Mäkinen.

Google Android as a mobile development platform T Internet Technologies for Mobile Computing Olli Mäkinen.
Android Programming Beomjoo Seo Sep., 12 CS5248 Fall 2012.

Android Programming Beomjoo Seo Sep., 12 CS5248 Fall 2012.
S MARTPHONE A PPLICATION D EVELOPMENT Sam Palmer.

S MARTPHONE A PPLICATION D EVELOPMENT Sam Palmer.
Emerging Platform#4: Android Bina Ramamurthy.  Android is an Operating system.  Android is an emerging platform for mobile devices.  Initially developed.

Emerging Platform#4: Android Bina Ramamurthy.  Android is an Operating system.  Android is an emerging platform for mobile devices.  Initially developed.
About me Yichuan Wang Android Basics Credit goes to Google and UMBC.

About me Yichuan Wang Android Basics Credit goes to Google and UMBC.
Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang Department of Computer Science North Carolina State University CCS 2013.

Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang Department of Computer Science North Carolina State University CCS 2013.
Introduction to Android Swapnil Pathak www.SecurityXploded.com Advanced Malware Analysis Training Series.

Introduction to Android Swapnil Pathak Advanced Malware Analysis Training Series.
© Keren Kalif Intro to Android Development Written by Keren Kalif, Edited by Liron Blecher Contains slides from Google I/O presentation.

© Keren Kalif Intro to Android Development Written by Keren Kalif, Edited by Liron Blecher Contains slides from Google I/O presentation.
Detecting Software Theft via System Call Based Birthmarks Xinran Wang, Yoon-Chan Jhi, Sencun Zhu, Peng Liu ACSAC 2009.

Detecting Software Theft via System Call Based Birthmarks Xinran Wang, Yoon-Chan Jhi, Sencun Zhu, Peng Liu ACSAC 2009.
Chapter 2: Simplify! The Android User Interface

Chapter 2: Simplify! The Android User Interface
Rajab Davudov. Agenda Eclipse, ADT and Android SDK APK file Fundamentals – Activity – Service – Content Provider – Broadcast Receiver – Intent Hello World.

Rajab Davudov. Agenda Eclipse, ADT and Android SDK APK file Fundamentals – Activity – Service – Content Provider – Broadcast Receiver – Intent Hello World.
CS378 - Mobile Computing Intents.

CS378 - Mobile Computing Intents.
Android for Java Developers Denver Java Users Group Jan 11, 2012 -Mike

Android for Java Developers Denver Java Users Group Jan 11, Mike

Similar presentations

Ads by Google