WuKong: a scalable and accurate two-phase approach to Android app clone detection

Wang, Haoyu; Guo, Yao; Ma, Zhimin; Chen, Xiangqun

doi:10.1145/2771783.2771795

Cited by 175 publications

(118 citation statements)

References 49 publications

Supporting

Mentioning

115

Contrasting

Order By: Relevance

“…We consider that the false positive rate of FUIDroid is actually determined by the performance of UI-based detection system. After analyzing many previous works [4,[8][9][10], we find out that the false positive occurs mainly under one case. When different apps include the same third-party libraries, the similarity between them may anomalously increase.…”

Section: False Positivementioning

confidence: 99%

“…This hybrid approach depends upon three parameters-Description Mapping, Interface Analysis, and Source Code Analysis-to identify a unique application. Wukong [4] proposes a two-phase approach to detect app clones and uses an accurate and automated clustering-based approach to filter third-party libraries.…”

Section: Related Workmentioning

confidence: 99%

“…These approaches can be divided into two categories: codebased techniques [3][4][5][6][7][8] and UI-based techniques [9][10][11][12][13][14][15][16][17]. Code-based methods focus on detecting the code reuse in repackaged apps, while UI-based methods analyze the similarity of app's user interface.…”

Section: Introductionmentioning

confidence: 99%

“…Second, the features about app's functionality and user interface are stored separately from the source code, which means they are free from current app packing techniques [19]. Lastly, inspired by WuKong [4], multilevel based detection strategy is able to keep great advantage in large-scale scenario.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

An Efficient and Packing-Resilient Two-Phase Android Cloned Application Detection Approach

Lyu¹,

Lin²,

Yang³

2017

Mobile Information Systems

View full text Add to dashboard Cite

The huge benefit of mobile application industry has attracted a large number of developers and attendant attackers. Application repackaging provides help for the distribution of most Android malware. It is a serious threat to the entire Android ecosystem, as it not only compromises the security and privacy of the app users but also plunders app developers' income. Although massive approaches have been proposed to address this issue, plagiarists try to fight back through packing their malicious code with the help of commercial packers. Previous works either do not consider the packing issue or rely on time-consuming computations, which are not scalable for large-scale real-world scenario. In this paper, we propose FUIDroid, a novel two-phase app clones detection system that can detect the packed cloned app. FUIDroid includes a function-based fast selection phase to quickly select suspicious apps by analyzing apps' description and a further UI-based accurate detection phase to refine the detection result. We evaluate our system on two sets of apps. The result from experiment on 320 packed samples demonstrates that FUIDroid is resilient to packed apps. The evaluation on more than 150,000 real-world apps shows the efficiency of FUIDroid in large-scale scenario.

show abstract

Section: False Positivementioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An Efficient and Packing-Resilient Two-Phase Android Cloned Application Detection Approach

Lyu¹,

Lin²,

Yang³

2017

Mobile Information Systems

View full text Add to dashboard Cite

show abstract

“…Most of repackaged app detection works [3], [6] indeed do not come with reusable tools for the research community. To the best of our knowledge, Androguard [7] and FSquaDRA [8] are the main publicly available tools for app similarity analysis.…”

Section: Introductionmentioning

confidence: 99%

SimiDroid: Identifying and Explaining Similarities in Android Apps

Bissyandé

Klein

2017

2017 IEEE Trustcom/BigDataSE/Icess

View full text Add to dashboard Cite

Abstract-App updates and repackaging are recurrent in the Android ecosystem, filling markets with similar apps that must be identified and analyzed to accelerate user adoption, improve development efforts, and prevent malware spreading. Despite the existence of several approaches to improve the scalability of detecting repackaged/cloned apps, researchers and practitioners are eventually faced with the need for a comprehensive pairwise comparison to understand and validate the similarities among apps. This paper describes the design of SimiDroid, a framework for multi-level comparison of Android apps. SimiDroid is built with the aim to support the understanding of similarities/changes among app versions and among repackaged apps. In particular, we demonstrate the need and usefulness of such a framework based on different case studies implementing different analyzing scenarios for revealing various insights on how repackaged apps are built. We further show that the similarity comparison plugins implemented in SimiDroid yield more accurate results than the state-of-the-art.

show abstract

Implementing a hardware‐assisted memory management mechanism for ARM platforms using the B method

Chang¹,

Jiang²,

Xie³

et al. 2018

Concurrency and Computation

View full text Add to dashboard Cite

ARM embedded devices are becoming increasingly ubiquitous, permeating many aspects of daily life. The security issues on ARM embedded devices are much more important in critical infrastructure. The trusted hardware technologies provide the trusted environments isolated from the untrusted part of the system. However, for some deficiency, the researchers focus on current hardware-assisted isolated mechanisms. Depending on the implementation of the protection mechanism, the software-based approaches are not efficient and the hardware-based approaches are not flexible. Moreover, these defense mechanisms need formal specification that is inadequate in recent research. B method is a state-based formal method, which provides a successive refinement mechanism. In this paper, we propose a hardware-assisted memory isolation protection mechanism, provide specifications and refinements using the B method, and implement the memory management system on an ARM-based platform. The evaluation results show that the proposed isolation protection mechanism is effective, and the automatic proof rate of machines is acceptable. KEYWORDSB method, formal specification, hardware-assisted, isolation protection INTRODUCTIONSmart embedded devices with OS on ARM platforms are deployed in automotive, medical, industrial, teaching technologies, and smart cities and in critical infrastructure. With the increasing growth of attacks originated by security threats and vulnerability exploitation, the security of intelligent embedded devices is of strategic importance. 1 Securing ARM embedded devices are challenging because they are special-purpose and resource-constrained. New capabilities of modern trusted hardware technologies allow for the execution of arbitrary code within trusted environments completely isolated from the rest of the system. The software/hardware isolation environment provides an underlying isolation, which enhances the security of embedded devices.Recent research focuses on two key points about current hardware-assisted isolated mechanisms. 2 One is the implementation of the protection mechanism. 3-7 In general, the software-based approaches are not efficient and the hardware-based approaches are not flexible. The theoretic support for these defense mechanisms is inadequate. The other is formal specification using formal methods. 8-10 However, the existing problems are as follows.(1) The existing implementation schemes are lack of effective formal analysis and verification, thus the determinacy of the security policies is difficult to guarantee.(2) The majority of formal models are in a high abstract level, and the applications in the real system are difficult. Motivated by the above research state of the art, the main objective of this work is to present our hardware-assisted memory management mechanism using the B method on ARM platforms. The B method is a formal method enabling the development of secure programs, which uses concepts of first order logic, set theory, and integer arithmetics to specify abstract state machines ...

show abstract

WuKong: a scalable and accurate two-phase approach to Android app clone detection

Cited by 175 publications

References 49 publications

An Efficient and Packing-Resilient Two-Phase Android Cloned Application Detection Approach

An Efficient and Packing-Resilient Two-Phase Android Cloned Application Detection Approach

SimiDroid: Identifying and Explaining Similarities in Android Apps

Implementing a hardware‐assisted memory management mechanism for ARM platforms using the B method

Contact Info

Product

Resources

About