| Fraudulent behavior is a new type of crime with the rise of Internet,it not only leads to privacy leaks,property loss and personal interests damage,but also deepens the crisis sense of social trust.The frauds have attracted many researches since the traditional internet era.However,with the formation and improvement of mobile app ecosystem,mobile Internet technologies have been widely used by the traditional fraudulent behaviors,leading to many new types of frauds.These updated frauds not only make great damage to the mobile app ecosystem,but also bring severe challenges to the mobile app markets and regulators.Therefore,the analysis of new types of fraudulent behaviors for mobile APP ecosystem has increasingly attract many researchers' attention in both academia and industry.Fraudulent behaviors exist in the whole life cycle of mobile applications,and the data generated in each stage are used by fraudsters to implement the frauds by manufacturing or publishing fake information.During the stage of APP developing,APP developers manufacture mobile apps by coding or directly integrating services which are provided by third-party service providers,thus will generate APP raw-data(e.g.,code,resource files,app content),and the typical fraudulent behaviors in this stage include APP clone fraud,online fraud and advertisement fraud.During the stage of APP publishing,APP publishing channels will help the developers to spread their APPs and help the users to download and install target APPs,thus will generate APP meta-data(e.g.,APP name,package name,APP category,APP description),and the typical fraudulent behaviors in this stage include APP identifier fraud,fake description fraud and privilege escalation.During the stage of APP promoting,the developers can buy promotion services that are provided by third-party service providers(such as mobile advertising service provider)to attract more users,thus will generate APP popularity-data(e.g.,APP rank,APP downloads,APP comments),and the typical fraudulent behavior in this stage includes ranking fraud.In past ten years researchers had analyzed some types of fraudulent behaviors in mobile APP ecosystem,and proposed some state-of-the-art approaches and tools.However,as the mobile Internet has entered the development stage of promoting traditional industries into large-scale vertical new industries in recent years,various new types of fraudulent behaviors emerge extensively,and there still remain some challenges:(1)experienced malicious developers improve and update confrontation technology,to circumvent existing fraud detection methods;(2)new APP fields and modes bring new security issues and privacy risks,and will derive new types of fraudulent behaviors,which cannot be efficiently detected by the existing approaches and tools;(3)the underground industry chain of frauds has developed rapidly,it combines various technologies of frauds to obtain more illegal profits,and cannot be detected and prevented by simply one kind of detection method.To address these limitations,we conduct several research efforts on new types of fraudulent behaviors appearing in the three types of APP data for mobile APP ecosystem.Specifically,the research contributions of our work can be summarized as follows:First,aiming at a new type of app clone fraud which leverages fake APP raw-data in the stage of APP developing,we propose an approach to identify fake APPs based on the similarity of UI structure.To be specific,we first analyze the differences of the new type of fake APPs with the traditional fake APPs in the way of plagiarism,we find that the UI structure features are relative stable than other features(e.g.,code,UI content).Then,based on existing dynamic testing techniques,we extract the UI structure features from three dimensions,including overall hierarchy structure,text structure and widget structure,and detect fake APPs by comparing the similarity of UI structure features.Furthermore,we evaluate the effectiveness and efficiency of our approach,and the results show that our approach could achieve an accuracy of 99.5%,which is more effective than other detection tools.Finally,we implement the prototype system and apply it to a large-scale dataset,we detect some fake APP pairs,including tradition fake APPs and the new type of fake APPs,83%of these fake APPs are malware.Our study suggests that app clone fraud is still one of the main threats in mobile APP ecosystem,and we believe that our implemented prototype system can effectively detect and defend various types of fake APPs on the APP market level.In addition,APP markets and regulators should update fake APP detection techniques in time,to help maintain the safety of mobile APP ecosystem.Second,aiming at a new type of online dating fraud(fraudulent dating APPs,FD APPs)which leverages fake APP raw-data,we propose a heuristic-based approach to identify FD APPs and explore the underground industry chain.Specifically,we first analyze this new type of online dating fraud and summarize the characteristics of FD APPs.Based on the summarized characteristics,we extract several heuristic rules and implement a semi-automatic approach to identify FD APPs.Then,we make some in-depth analysis of the correlation between identified FD APPs,including user profile analysis,developer signature analysis,comment analysis and so on.Our observation results reveal that most of the user accounts in FD APPs are not managed by real persons,but by the chatbots based on the predefined conversation templates.Furthermore,we propose the business model of FD APPs and reveal that multiple parties are actually involved in the ecosystem,including producers who develop APPs,publishers who publish APPs to gain profit,and the distribution network that is responsible for distributing the APPs to end users.Finally,we analyze the impact of these APPs on the users(i.e.,victims),and estimate the overall revenue based on several reports that disclose the revenue model of FD APPs.Our results show that these FD APPs could earn from 200 million US dollars to 2 billion US dollars each year.Our work shows that a complete industrial chain of FD APPs has been formed,which will cause great damage to mobile APP ecosystem and the loss of property to users,thus should get more attention.APP markets and regulators can implement the corresponding detection technologies based on our findings.Third,aiming at a new type of APP identifier fraud which leverages fake APP meta-data(e.g.,APP name,package name,developer name),we summarize 11 generation models of fake APP identifiers and propose an approach to identify this new type of fake APPs,and make further analysis on the characteristics and the influence of the fake APPs.To be specific,we first perform a motivational study and summarize the limitations of existing tools in detecting this type of fake APPs.Then,we propose 11 kinds of models to generate fake identifiers,and the evaluation results demonstrate that our models are more effective(the number of fake APPs detected by our models are 10 times than that detected by traditional domain squatting detection tool "URLCrazy").Furthermore,we propose an approach to identify these fake APPs by using white list filtering,by applying our approach to large-scale dataset we harvest 10553 fake APPs(an average of over 20 fake APPs for each target APP).The follow-up investigation results reveal that more than 51%of identified fake APPs are malware.Finally,we estimate the impact of these fake APPs by a post analysis study.Our experiment results reveal that this type of fake APPs does have a meaningful impact on the original APPs,which might lose potential users(some fake APPs have more than 10 million downloads),and suffer a negative impact on the brand images.Our work suggests that this type of fake APPs have been widely spread in mobile APP ecosystem,and they contain more malicious behaviors than the traditional fake APPs,thus will make greater damage to the ecosystem.It is necessary for APP markets and regulators to pay more attention on APP identifiers.Fourth,aiming at a new type of ranking fraud(money-making APPs)which leverages fake APP popularity-data,we propose an approach to identify money-making APPs and make further analysis on the characteristics and other security issues of money-making APPs.Specifically,we first analyze this new type of ranking fraud and summarize the characteristics of money-making APPs.Based on the summarized characteristics,we extract several heuristic rules and implement a semi-automatic approach to identify money-making APPs.We categorize them according to the monetization-related functionalities provided to mobile users,including content sharing,pay-per-install,shopping and cash back,cryptocurrency mining and crowd-sourcing.Then,we analyze positive comments and negative comments respectively.We find that most of the positive comments in these money-making APPs are fake comments,and many users complain about security issues in the negative comments.Furthermore,we perform a general permission analysis and security analysis on the money-making APPs.We find that most of these money-making APPs have security problems and privacy risks(26%of these APPs are malware).Finally,we study the contents disseminated by these APPs.We find that there are many malwares spreading on these money-making APPs,and we also identify some other security issues.Our study suggests that although money-making APPs provide convenience for mobile users to make money online,they aggravate the ranking fraud activities and will introduce new security issues to the users.APP markets should pay special attention to money-making APPs and should propose the regulations to define the boundary of money-making APPs so as to keep illegitimate money-making APPs from entering the markets in the first place. |
PDF Full Text Request