| With the widespread popularity of Android mobile devices,repackaged applications have already had a serious impact on users and developers.To protect the Android ecosystem and maintain the security of the application market,it is necessary to conduct research in the field of Android application repackaging and provide effective and feasible methods for application market detection.However,most of the detection methods and tools are only based on a single resource in the APK,and cannot specifically judge repackaged applications,and therefore cannot meet the accuracy and efficiency requirements of the Android application market,as well as different repackage methods.In response to the above problems,this article takes a variety of static resources in the APK as the research object,from the perspective of different repackaging methods,studies the Android application repacking detection method based on the combination of resources and codes and the Android application repacking detection method based on features and resources.The specific research work is as follows:(1)For the different types of static resources contained in the Android application installation package,a two-stage repackaging detection method based on resources and codes: Droid RC is proposed.In view of the fact that repackaged applications try to give users a sense of experience similar to that of the original application,they often have the characteristics of using the same resource files.From the perspective of resources,a coarsegrained detection method based on R file matching is proposed.This method can Quickly identify resource repackaged applications and code suspicious code repackaged applications;then,for suspicious code repackaged applications,a code-based fine-grained detection method is proposed,which abstracts Android application code into a functional dependency graph,And then extract features from the functional dependency graph,design a featurebased similarity measure,and screen out code repackage applications from suspicious code repackage applications through the similarity threshold.Experiments were conducted on a benchmark data set containing 15297 pairs of repackaged application programs.The experimental results show that the accuracy of the proposed method is as high as 99.85%,and the average detection time cost is 2.17 ms,which has good practicability.(2)For repackaged applications containing malicious code or behavior,a two-stage repackage detection method based on features and resources is proposed.In view of the fact that malicious applications obtain benefits from users,malicious behaviors or codes are often inserted into popular applications.Starting from malicious behaviors,a method for detecting malicious applications based on combined features is proposed,which can accurately identify malicious applications.And benign applications;then,for benign applications that may include repackaged applications,a detection method based on similar resource characteristics is proposed.This method extracts resource characteristics from the R file in the Android application installation package and designs resource characteristics-based Similarity measurement,which filters out repackaged applications from benign applications through the similarity threshold.Experiments were conducted on a benchmark data set containing 16,338 applications.The experimental results show that the accuracy of the proposed method is as high as 95.30%,and the average time cost is 1.46 ms,which has good practicability. |
PDF Full Text Request