摘要
近年来,智能手机普及的同时也诞生了各种各样的应用.除了官方市场,许多三方市场也提供应用下载.对三方市场进行研究后发现:许多三方市场应用是将官方市场合法应用二次打包后投放到三方市场上的.此现象给用户和市场提供者都带来一定的安全隐患.如何检测这种二次打包应用成了急需解决的问题.本文提出基于流量相似度的Android二次打包应用的检测技术.它捕获应用的流量并对其进行解析、分类,以得到应用特征——功能流图与广告流图.最后计算特征的相似度来判定二次打包应用.实验结果显示三方市场上4.06%到10.18%的应用是二次打包的,并发现插入新广告或替换已存在的广告来赚取广告收入是二次打包的通用手段.此外,二次打包应用还会消耗更多的流量.
Recent years have witnessed incredible adoption of smartphones, which is accompanied by large amount and wide variety of feature-rich smartphone applications. Besides the official market, some third-party markets have also been created to host apps. In this paper, we perform a systematic study on third-party markets. Among them, we find a common practice of repackaging legitimate apps from the official market and distributing repackaged ones via third-party markets, which brings certain security problems to the user and market provider. How to detect the repackaged applications becomes an urgent problem. This paper presents a technology to detect Android repackaged applications based on network traffic's similarity. It analyses and classifies an app's network traffic, so as to obtain its features--function flow graph and advertisement flow graph. And then it calculates apps' similarity between the third-party market and official market. The experiments show a worrisome fact that 4.06% to 10. 18% of apps hosted on these studied marketplaces are repackaged. Future manual investigation indicates that these repackaged apps are mainly used to embed a new advertisement or replace existing in-app to earn ad revenues, or even implant malicious payloads.
出处
《小型微型计算机系统》
CSCD
北大核心
2015年第5期954-958,共5页
Journal of Chinese Computer Systems
基金
国家重点基础研究发展计划项目(2012CB315805)资助
国家自然科学基金项目(61173167)资助
