Design And Implementation Of Automation-based Detection Of Malicious Offerwall Android Apps

The mobile Internet has developed rapidly in recent years,and a large number of mobile applications have brought convenience to people.However,some developers exploit certain ways to trap users into interacting with the advertisements in the application for illegal funding,which cause a lot of advertising fraud events.In this paper,we focus on malicious Offer Wall applications,which refer to the applications which use OfferWall advertisement for malicious advertising fraud.OfferWall advertisement is a new type of advertisements in recent years,which provides users with a series of tasks such as applications downloading to complete for virtual currency.This kind of advertisement is integrated in most of the mainstream mobile advertising platforms.OfferWall advertisement has certain transaction attributes.Compared with the traditional mobile advertisement types,the frequency of malicious advertisement fraud is higher,which causes a great loss to the user's interests.OfferWall advertisement is a special type,and its malicious behavior is different from the traditional one.Currently,the research on Android mobile advertising fraud is relatively traditional and mainly focuses on click fraud,static placement fraud and dynamic interactive fraud,which mean static analysis.However,traditional static analysis methods,such as extraction of APIs and rules matching,can't effectively detect advertising fraud in OfferWall applications.Based on the existing research,we design and implement an effective malicious OfferWall advertising application detection system.The main achievements of this paper are as follows:(1)According to the characteristics of Offer Wall application,we study the Android automatic testing technology based on directed state transition diagram,including OfferWall priority traversal algorithm and heuristic event sending strategy.The technology constructs the state transition diagram of the application while running the application,traverses the state of the application,and improves the probability of finding the OfferWall advertisement by the OfferWall priority traversal algorithm.It effectively improves the performance of the automatic testing of advertising applications with OfferWall,and enables the automatic testing to run a large number of advertising applications with OfferWalls quickly and steadily.(2)The traditional method of mobile application advertisement recognition is based on position feature and string matching technology,and it has the problem of low accuracy.To solve the problem,we extract control structure and network flow from the OfferWall advertisement interface,form structured features,and use LightGBM to recognize mobile advertisements in a machine learning way.The method has the advantage of anti-confusion,and can detect new unknown OfferWall advertisements.(3)Malicious fraud in OfferWall advertisement is consists of compulsory interactive fraud and point reward fraud.We use heuristic malicious behavior detection method to detect the above two types of fraud.To accurately detect point reward fraud,we propose the method of inference and trigger path traceback to identify OfferWall advertisement in real time and complete the download task of advertisement in the process of automatic test.(4)In this paper,we implement a semi-automatic Android malicious OfferWall detection system,which consists of four modules.Experiments show that the system has reached a practical level in detection performance and resource consumption.Compared with the traditional methods and existing research,it has a significant improvement,and can meet the demand of OfferWall applications detection.