authors
- MARTIN MARTINEZ, IGNACIO
- HERNANDEZ GUTIERREZ, JOSE ALBERTO
CloneSpot: Fast detection of Android repackages
Articles
Overview
published in
publication date
- May 2019
start page
- 740
end page
- 748
volume
- 94
Digital Object Identifier (DOI)
full text
International Standard Serial Number (ISSN)
- 0167-739X
Electronic International Standard Serial Number (EISSN)
- 1872-7115
abstract
- Repackaging of applications is one of the key attack vectors for mobile malware. This is particularly easy and popular in Android Markets, where applications can be downloaded, decompiled, modified and re-uploaded at a very low cost. Detecting clones and victims is often a hard task, especially in markets with several million of applications to analyze, such as Google Play Store. This work proposes CloneSpot, a novel methodology to efficiently detect Repackaged versions of Android apps using Min Hashing techniques applied to applications' meta-data publicly available at Google Play. We validate our approach by analyzing 1.3 Million of applications collected from Google Play in September 2017, from which around 420K are detected as potential repackaged or victim versions of other applications. (C) 2018 Elsevier B.V. All rights reserved.
Classification
subjects
- Telecommunications
keywords
- android malware; repackaging; min-hashing; meta-information