Repadiography: towards a visual support for triaging repackaged apps

App repackaging is a method for conveying malicious or disturbing code, consisting in decompiling an existing app, adding third party code, recompiling the resulting app and distributing it on marketplaces. Recent studies claim that repackaged apps populate both third party and official marketplaces. Solutions for detecting repackaging have been proposed in the literature but few efforts have been devoted to support the triaging activities. The triage is a preliminary automatic analysis aimed at minimizing the time an analyst spends examining potentially harmful applications. Given the high volumes of apps published on the marketplaces and the high speed of production and diffusion of apps, analysts need effective means for accelerating the triaging phase. For this reason, we propose a solution for visually comparing a legitimate app with a repackaged one, and allowing the analyst to immediately locate and quantify the impact of repackaging on the original app’s code.

[1]  Jacques Klein,et al.  Rebooting Research on Detecting Repackaged Android Apps: Literature Review and Benchmark , 2018, IEEE Transactions on Software Engineering.

[2]  Ali A. Ghorbani,et al.  Exploring reverse engineering symptoms in Android apps , 2015, EuroSec '15.

[3]  Jacques Klein,et al.  AndroZoo: Collecting Millions of Android Apps for the Research Community , 2016, 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR).

[4]  Yajin Zhou,et al.  Fast, scalable detection of "Piggybacked" mobile applications , 2013, CODASPY.

[5]  Yang Liu,et al.  Semantic modelling of Android malware for effective malware comprehension, detection, and classification , 2016, ISSTA.

[6]  S. Diehl,et al.  Software visualization , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[7]  Li Yujian,et al.  A Normalized Levenshtein Distance Metric , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[8]  Rui Zhang,et al.  Malware identification using visualization images and deep learning , 2018, Comput. Secur..

[9]  Lei Zhang,et al.  Towards a scalable resource-driven approach for detecting repackaged Android applications , 2014, ACSAC.

[10]  Srinivas Mukkamala,et al.  Image visualization based malware detection , 2013, 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[11]  Dafang Zhang,et al.  Detect repackaged Android application based on HTTP traffic similarity , 2015, Secur. Commun. Networks.

[12]  Sencun Zhu,et al.  ViewDroid: towards obfuscation-resilient mobile application repackaging detection , 2014, WiSec '14.

[13]  Hao Chen,et al.  Attack of the Clones: Detecting Cloned Applications on Android Markets , 2012, ESORICS.

[14]  Xuxian Jiang,et al.  AppInk: watermarking android apps for repackaging deterrence , 2013, ASIA CCS '13.

[15]  Eul Gyu Im,et al.  Malware analysis using visualized images and entropy graphs , 2015, International Journal of Information Security.

[16]  Jean-François Lalande,et al.  Repackaging Android Applications for Auditing Access to Private Data , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[17]  Yajin Zhou,et al.  Detecting repackaged smartphone applications in third-party android marketplaces , 2012, CODASPY '12.

[18]  Anthony Desnos Android: From Reversing to Decompilation , 2011 .

[19]  Barbara G. Ryder,et al.  Analysis of Code Heterogeneity for High-Precision Classification of Repackaged Malware , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[20]  John C. S. Lui,et al.  DroidEagle: seamless detection of visually similar Android apps , 2015, WISEC.

[21]  Roberto Baldoni,et al.  Survey on the Usage of Machine Learning Techniques for Malware Analysis , 2017, Comput. Secur..