Research Of Android Repackaged Application Detection Based On UI Resources

In recent years,the security of Android applications has become more and more serious.According to statistics,nearly 98% of mobile security issues are from Android platform.And the main security threat comes from application repackaging.Application repackaging not only seriously damages the legitimate income of developers,but also threatens the privacy of users.More seriously,application repackaging is becoming the main means for attackers to quickly spread the virus.According to research,86% of malicious applications originate from repackaged applications,and most of the repackaged applications appear in third-party application stores that lacks detection mechanisms.According to the study,the proportion of repackaged applications reached 5%-13% in third-party app stores.To effectively detect repackaged applications,we present an accurate detection method with both high efficiency and resistance.First,we propose a multi-stage detection method based on the similarity of UI resources,which includes two phases.In the coarse-grained phase,we compare the similarity of images and propose a max-interval dynamic selection method,which achieves 98.52%filtering rate and 98.46% recall rate.In the fine-grained phase,we use NCD to measure similarity of the layout.The NCD method achieves high accuracy and efficiency,it just costs 9.5ms per pair.While detection using TED requires 23 ms and code-based detection requires 65,000 ms.In addition,we improve the method proposed above based on perceptual hashing thus improving the resistance of image tampering.At the same time,we introduce the LSH index technology to achieve fast and effective selection,and reduce the number of comparison in the coarse-grained phase,thus improving overall detection efficiency.We demonstrate the effectiveness of the above improvements through a series of experiments.Finally,based on the above detection method,we design and implement the prototype system Mirror for repackaging detection.Through the decompilation,manual installation and the use of other security detection tools,we analyze the experimental results in detail and summarize the unique behaviors of repackaged applications.Then the unique behaviors are illustrated by repackaged application examples.