| In the mobile internet era,mobile applications have entered people's lives in a wide range,which facilitate people's basic necessities of life.And Android applications occupy a large share of the mobile application market.And due to the openness of the Android platform,the Android application is easy to repackage.According to the relevant statistical analysis,repackaged Android applications have been one of the major sources of Android malware.They bring a big threat to user privacy and property safety.For repackaged applications,a multi-user oriented,new detection model and prototype system is proposed and implemented in this thesis.The client of the system is responsible for the extraction of application features.It uses the disassembly technology of DEX file,to extract the opcode sequence of instructions.This method can effectively defense many obfuscation and anti-detection techniques.And then using the means of fuzzy hash,the long opcode sequence is shortened to 32~64 characters.This can not only guarantee the order feature of the opcode sequence,but also can improve the efficiency of the subsequent detection.The client also extracts some auxiliary feature information of the application.According to the application feature information uploaded by clients,the server determines the similarity between applications and puts them into different clusters.When detecting whether an application is a repackaged one,the server first finds the cluster to which it belongs,and second compares the developer signature between the application detected and applications in the same cluster.For the determination of repackaging,the system utilizes the phenomenon of “majorities representing the official”.It is an innovative attempt of the automatic detection method,and has obtained good experimental results.In a prototype experiment consisting of 100 users,a total of 19 repackaged applications were detected.They were distributed on 23 mobile devices,which means that the mobile devices of 23 users were under latent security risks.The detection system is applied after application installation,and before using,it builds the last line of defense against repackaged applications.In this system,the computing resources of mobile devices are effectively utilized,and the computing tasks are reasonably shared by clients and the server.And many users request detection constantly,which makes data updated timely in database.Therefore,the system can detect newly-presented repackaged applications in time.Users can obtain the detection results timely,which effectively prevents the damage to their own caused by repackaged applications. |
PDF Full Text Request