英文文献翻译.docx
- 文档编号:3300895
- 上传时间:2022-11-21
- 格式:DOCX
- 页数:9
- 大小:26.53KB
英文文献翻译.docx
《英文文献翻译.docx》由会员分享,可在线阅读,更多相关《英文文献翻译.docx(9页珍藏版)》请在冰豆网上搜索。
英文文献翻译
英文文献翻译
AndroidApplicationsRepackagingDetectionTechniquesforSmartphoneDevices
Abstract
TheproblemofmalwaresaffectingSmartphoneshasbeenwidelyrecognizedbytheresearchersacrosstheworld.MajorityofthesemalwarestargetAndroidOS.StudieshavefoundthatmostoftheAndroidmalwareshideinsiderepackagedappstogetinsideuserdevices.Repackagedappsareusuallyinfectedversionsofpopularapps.AdversariesdownloadapopularAndroidapp,andobtainthecodeusingreverseengineeringandthenaddtheircode(oftenmalicious)toitandrepackageandreleasetheapp.Anumberoftechniquesproposedinresearchandanumberofcommercialanti-virusproductsfocusondetectingmalwares.Thisisthetraditionalapproachandrequiresasignaturedatabase.Zerodaythreatscannotbecaughtwithsuchmethods.Therearemanytechniqueswhichfocusentirelyondetectingrepackagedapps.SincerepackagedappsareinthemajorityamongtheinfectedAndroidapps,theycansavetheuserfromalargepercentageofAndroidmalwares.Detectionandpreventionofrepackagingisalsobeneficialfororiginaldeveloper/publisherastheydonotincurharmtorevenueorreputation.Inthispaper?
westudyindetailaboutsomeoftherepackagingdetectiontechniques.Mainly,therearetwokindsoftechniques-offlineandonline.Theyservedifferentpurposes.Anofflinetechniquecannotbereplacedbyanonlinetechniqueandviceversa.Offlinetechniquesarefordirectuseofappmarketowner,whereasonlinetechniquesarefordirectuseofAndroidusers.Westudydifferentofflineandonlinetechniques.Thesetechniquesusedifferentfeaturesandmetricstodetectsimilarityofappsandtheyarerepresentativesoftheircategoryoftechniques.
1.Introduction
AndroidisthemosttargetedsmartphoneOS.AccordingtoF-Secure,anincredible97%ofnewmobilemalwarefamiliesaretargetingAndroid1.Inonlythefirstquarterof2014,275newAndroidthreatfamilieswereidentifiedbyF-Secure2.ThenumberofnewthreatsidentifiedforothersmartphoneOSswasignorablecomparedtothisfigure.Studies3,9havemadeaveryusefulobservationthatmostoftheAndroidmalwares?
86%ofmalwaresasper3?
And73%ofmalwarefamiliesasper9?
userepackagedappsasthemediumofpropagationandinstallation.Repackaginganappwithamalwareiseasy,andthepopularityoforiginalapphelpsthemalwareininfectingalotofdevicesquickly.Ithasbeenfoundthatmanyappsarerepackagedtoredirecttheadvertisementrevenuefromtheoriginalpublishertotheadversary12,17,20.
Theexistingtechniquescapableofdetectingapprepackagingcanbeclassifiedasofflineandonline.Offlinetechniquesarethosethatcanbeusedforvettingappmarkets.Offlinetechniquesdetectrepackagedappsamongmillionsofappsfromoneormoremarket(s).Scalabilitybecomesamoredesirabletraitforthesetechniquesthanaccuracy.Onlinetechniquesarethosethatperformasignificantpartoftheirjobontheuserdevice.Theyusuallydetectwhetheranappisrepackagedattheinstallationtime.Theremaybesomemodificationsthatappsneedtogothroughbeforeinstallationfortheonlinetechniquestobeeffective.Wediscussbothkindsoftechniquesinthispaper.
Thispaperiscomposedofthefollowingsections.SectionIIintroducesAndroidsecurity?
apprepackaging?
Andthetechniquestodetectrepackaging.InsectionIII?
weshedsomelightonAndroidOS?
apprepackaging?
andapprepackagingdetection.SectionIVdiscussesvarioustechniquesthatclaimtodetectrepackagingandhighlightstheiruniquefeatures.SectionVthenpresentsthekeytakeawaysfromsectionIV.Finally,sectionVIconcludethispaperanddiscusssomescopeforfuturework.
2.Androidapprepackaging
Duringrepackagingofapps,modificationscanbemadetotheappbytheadversary(plagiarist).Thesemodificationsperformedmaybeoneormoreofthefollowing:
replacingofanAPIlibrarywithadversaryownedlibrary;redirectingtheadrevenueoftheappiftheappusessomeads;addingsomeadstotheapp;introducingmalwarecodeinsideexistingmethod(s);addingmethod/classspeciallyforintroducingmalwarecode.
Afterthenecessarymodifications‚theadversarycanprepareapackage(APKfile)again.TheadversarysignstheappwithherprivatekeyandthepublickeyintheMETA-INFdirectorynowcorrespondstothisprivatekey.Thisappisnowreleasedonsomeunofficialmarketwheretheuserfallpreytoit.
Somerepackagingdetection/deterrencesolutionsassumethattheadversarywantstoexploitthepopularityoftheoriginalapptoinfectalargenumberofusersquickly.Thus‚theyworkontheassumptionthatthemetadataoftherepackagedappisverysimilartothatoftheoriginalapp.Ontheotherhand‚somesolutionsassumethattheadversaryisrepackaginganexistingappbecauseshewantstosavetime/effortofcreatingahostappforthemalware.Inthiscase‚theadversarycansignificantlychangethemetadatainherrepackagedversion.Theonlywaytodetectsimilarityinsuchcasesistocomparethefunctionality/codeofeachandeverypairofapps.Thethirdpossiblecaseinwhicheventhefunctionalityischangedcannotbecalledrepackaging.
3.Androidapprepackagingdetectiontechniques
Thissectionpresentssomeofthebettertechniquesthathavebeenproposedbytheresearchersfordetectingrepackagedapps.Animportantthingtounderstandisthatatechniquedoesnothavetobeperfect.Ifatechniqueforcestheadversarytoapplymanyobfuscations/modifications‚andmakesthecostofrepackaginghighenoughthattheadversarymakesnoprofit‚thenitismorethansatisfactory.
3.1.AnDarwin
Crusselletal.4presentAnDarwin‚anofflinetool.Scalabilityisapre-requisiteofanyofflinetool.Scalabilityis‚indeed‚theprimaryfocusofthecreatorsofAnDarwin.AnDarwinboastsofasub-quadratictimecomplexitybyusingLocalitySensitiveHashing(LSH)5andMin-wiseindependentpermutationslocalitysensitivehashing(MinHash)6.Thesehashingtechniquesmakeitpossibletodetectsimilarappswithoutactuallycomparingeverypairofapps.
Frommethodsinthesourcecodeoftheapp‚AnDarwinconstructsProgramDependenceGraphs(PDGs)usingonlythedatadependenciesinthecode.Thedatadependenciesaremuchharder(andexpensive)toobfuscatethanthecontroldependencies.AfterPDGconstruction‚correspondingtoeachconnectedcomponentofeachPDG‚asemanticvectorisconstructedwhichcapturesinformationsuchasthetypeandfrequencyofdifferentprogrammingconstructspresent.Then‚LSHusesmanyhashingfunctionstoobtainclustersofsemanticvectorswhicharenearneighbors.SothetaskofthelaterstagesofAnDarwinisjusttofindsimilarappsinsideacluster‚i.e.‚thereisnoneedtocompareappsbelongingtodifferentclusters.
3.2.AppInk
Zhouetal.7proposeAppInktoembedawatermarkinAndroidappssothatifanappdoesnotcarryawatermarkorthewatermarkonitisnotauthenticthenitcanbefoundthatitisarepackagedapp.TheypointoutthatitisnoteasytoembedwatermarkinaJavacode‚andthattooinanAndroidappwhichmayhavemultipleentrypoints.Theyinvolvethedeveloperintheprocessasthedeveloperunderstandsthesemanticandsyntacticstructureofthecodeandshecanchoosetherightplacestoinsertthewatermarkintheappcode.AppInkdoesnotdirectlyembedthewatermarkvalueintothesourceoftheapp.Itisdesignedtoconvertthiswatermarkvalue(string‚number‚etc.)intoanon-trivialdatastructure(specificallygraph)whichis‚inturn‚transformedintoJavacode‚calledwatermarkcode.Executingthiscodeproducestheinstanceofthedatastructurewhichcorrespondstothewatermarkvalue.Theauthorspointoutthattherecognitionpartofthewatermarkingschemeshouldbeautomatedtoo.TherecognizerpartofAppInkextendsDalvikvirtualmachine(DVM)sothatalltheobjectreferencerelationshipscanbescanned(andlogged)whentheappunderreviewruns‚withmanifestappprovidingtheinputeventstotheapp.Theloggedfilesaresearchedforreferencerelationshippatternsthatcanpossiblycorrespondtoawatermarkinggraph.Thegraphisthendecodedtoobtainthecorrespondingvalueanditcanbeverifiedwhetheritisthesameasdeveloper'swatermarkvalue.
3.3.APKLancet
Yangetal.8proposeAPKLancetwhichreliesonDroidMossforidentifyingmaliciouspayloadintheapp.APKLancetdoesnotmaintainasignaturedatabase‚nordoesitidentifythemaliciouspayloaditself.ItusesAndroGuardforthesetasks.Afteridentification‚itremovesmaliciouspayload.APKLancetmakesanimpracticalassumptionthatmaliciouspayloadisalwaysquiteindependentintheAPK.Therearemoreassumptions.Theauthorsassumethat‚uponexecution‚thepayloadrunsinaseparateworkflow.Theyalsoassumethattheintegrationofmalwareandappcodeisreversible.ItisnotspecifiedhowdoesAPKLancetdecidewhetheranadlibraryoraplug-inisinsertedbytheoriginaldeveloperortheplagiarist.APKLancetispurifyingtheAPKandre-packingit‚butitisnotspecifiedhowdoesitprocuresthedeveloper'sprivatekey.IfAPKLancetusesanewkeythenthedeveloper/publisheroftheappwouldnotbeabletoupdatetheapplication(alsoanyassumedsharingofresourceswithappsfromthesamedeveloperwouldfail).
4.ConclusionandFutureWork
Onlinedetectiontechniquesrequiresomeextrainformationintheapps‚ortheyrequiresomechangesintheAndroidapplicationframeworkorDalvikvirtualmachine.Allofthemputsomeprocessingoverheadonuser.device.However‚inlieuofanymarketvettingprocedures‚theyaretheonlythingthatcanprotecttheuserfromthreats.
Offlinetechniqueshavetobehighlyscalableastheyaresu
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 英文 文献 翻译