Research And Implementation Of Progressive Android Application Similarity Detection System

The development of the Android system has brought great convenience to people's lives,but it has also brought various mobile terminal security problems,such as malicious applications stealing users'private information and endangering users' personal property.In order to expand the spread of malicious applications,criminals always choose to repackage well-known applications to confuse users.So analyzing and detecting the repackaged applications is becoming more important in preventing such malicious applications.Most of the existing detection methods for repackaged applications are based on the comparison of application pairwise similarities,when the existing pairwise comparison detection methods are applied to thousands of application markets,each repackaging detection of an application must be compared with those in the entire application market,and the time consumed cannot meet the requirements,and at the same time,they can be improved in accuracy.In response to the above problems,the research content of this article is as follows:First,The existing pairwise comparison detection methods can not provide fast detection services for thousands of applications.In order to solve this problem,this thesis designs and implements a progressive Android application similarity detection scheme.The scheme includes two stages:coarse-grained and fine-grained.The coarse-grained detection stage s the application as a vector.Compared with other vector definition methods,the extraction method is more streamlined,the dimension is determined and kept at a low level.And instead of searching for similar applications,we search for similar vectors,reducing the coarse-grained Detection time;With the introduction of the approximate nearest neighbor algorithm,a list of suspected applications of the samples to be tested can be obtained through coarse-grained detection in 40,474 applications within a few seconds.Experiments show that this method guarantees good accuracy and solves the problem of "combination explosion" in the detection of large-scale application markets.The fine-grained detection stage proposed in this thesis extracts commonly used sensitive APIs as detection features.This method can resist code confusion and at the same time resist the interference caused by operations such as code reordering and insertion of invalid code used by malicious attackers to avoid detection.Experiments prove that the accuracy of this method is better than the other two existing similarity detection methods.The combination of coarse and fine-grained detection can find a repackaged sample applied in the large-scale application market within a few minutes.Second,based on the above repackaging detection method,a distributed Android application similarity detection system is designed and implemented.This system supports rapid detection of repackaged applications and multi-dimensional application correlation analysis(package name,Logo,certificate).Constructing a distributed system structure through functional decomposition and module decoupling can not only ensure detection efficiency,but also maintain stability.