| Application cloning is becoming a serious threat to the entire Android ecosystem,as it provides help for the distribution of nearly 86%of Android malware.Application cloning is not only compromises the security and privacy of the app users but also robs app developers'revenues.Recently,more and more plagiarists try to fight back through packing their malicious code with the help of commercial packers to evade current detection systems.And to ad-dress this issue,we propose a novel two-phase cloned app detection system that is resilient to the packed app.By using two different grained features,our approach can achieve accu-racy and scalability simultaneously.Specifically,we propose a function-based coarse-grained fast selection method.We leverage the nature language processing techniques and the improved balanced binary tree-based searching scheme in fast selection phase to select all the potential cloned apps quickly.To improve the final accuracy of detection,we propose an UI-based fine-grained de-tection method.Specially,we design a counting-based filtering schema called Blacklist,which can determine the noisy-layout files without any prior knowledge.our evaluation results shows that the false negative rate of our approach is no more than 1.5%and the false positive rate is only 0.06%.In addition,we propose a novel UI-based birthmark,called Schema layout,which is resilient to current commercial packing techniques.Based on above methods,we implement a prototype system FUIDroid and evaluate it on two sets of app.The result from experiment on 320 packed samples demonstrates that FUIDroid is resilient to packed apps.The evaluation on real-world large-scale app dataset shows that FUIDroid can detect the clone versions of any target app from 150,000 apps very quickly. |
PDF Full Text Request