Anti-obfuscation Android Application Clone Detection Based On Two-phase Screening

With the popularity of Android phones,Android application markets provide a large number of Android applications to meet users' needs.The openness of the Android system has attracted a large number of developers to develop Android applications,thereby promoting the rapid development of the Android ecosystem.However,many plagiarists decompile the original application,repackage the original application by cracking the application content and replacing the application's built-in advertising library,and then publish it to the application market to achieve profitability.These attackers use some obfuscation techniques to obfuscate the source code or static user interface files in the application to avoid detection by some popular detection methods.Aiming at this problem,we propose a two-phase anti-obfuscation detection scheme to achieve fast and accurate clone detection in large-scale applications.Its main work includes the following three aspects:(1)To improve the speed of clone detection,we propose a rapid screening phase based on the hash signature of static resource files.We construct minhash summary from the hash values of all source files,which can effectively reduce the dimension of the hash values,and then use the locality-Sensitive hashing(LSH)algorithm to obtain suspicious cloned applications with high similarity quickly.(2)To achieve the high accuracy of clone detection,an accurate detection scheme based on dynamic birthmark tree is proposed on the basis of the first stage method.For all suspicious cloned applications,by traversing each user interface(UI)dynamically,we extract the feature elements and layout structure of the Android application to construct the layout tree,and then use an efficient tree merging algorithm to merge all layout trees into birthmarks for accurate detection.(3)Based on the above methods,we implement a two-phase clone detection system.To test the obfuscation resistance of our detection system,we use the existing Android application obfuscation technology to repackage the original application for resistance analysis.We evaluate the system performance on two large-scale datasets(nearly 170,000 Android applications)and compare it with other state-of-art detection methods.Experimental results show that our detection system has good performance in the clone detection of large-scale Android applications.