英文文献翻译Word文档下载推荐.docx

英文文献翻译Word文档下载推荐.docx

《英文文献翻译Word文档下载推荐.docx》由会员分享，可在线阅读，更多相关《英文文献翻译Word文档下载推荐.docx（9页珍藏版）》请在冰豆网上搜索。

TheproblemofmalwaresaffectingSmartphoneshasbeenwidelyrecognizedbytheresearchersacrosstheworld.MajorityofthesemalwarestargetAndroidOS.StudieshavefoundthatmostoftheAndroidmalwareshideinsiderepackagedappstogetinsideuserdevices.Repackagedappsareusuallyinfectedversionsofpopularapps.AdversariesdownloadapopularAndroidapp,andobtainthecodeusingreverseengineeringandthenaddtheircode（oftenmalicious）toitandrepackageandreleasetheapp.Anumberoftechniquesproposedinresearchandanumberofcommercialanti-virusproductsfocusondetectingmalwares.Thisisthetraditionalapproachandrequiresasignaturedatabase.Zerodaythreatscannotbecaughtwithsuchmethods.Therearemanytechniqueswhichfocusentirelyondetectingrepackagedapps.SincerepackagedappsareinthemajorityamongtheinfectedAndroidapps,theycansavetheuserfromalargepercentageofAndroidmalwares.Detectionandpreventionofrepackagingisalsobeneficialfororiginaldeveloper/publisherastheydonotincurharmtorevenueorreputation.Inthispaper?

westudyindetailaboutsomeoftherepackagingdetectiontechniques.Mainly,therearetwokindsoftechniques-offlineandonline.Theyservedifferentpurposes.Anofflinetechniquecannotbereplacedbyanonlinetechniqueandviceversa.Offlinetechniquesarefordirectuseofappmarketowner,whereasonlinetechniquesarefordirectuseofAndroidusers.Westudydifferentofflineandonlinetechniques.Thesetechniquesusedifferentfeaturesandmetricstodetectsimilarityofappsandtheyarerepresentativesoftheircategoryoftechniques.

1.Introduction

AndroidisthemosttargetedsmartphoneOS.AccordingtoF-Secure,anincredible97%ofnewmobilemalwarefamiliesaretargetingAndroid1.Inonlythefirstquarterof2014,275newAndroidthreatfamilieswereidentifiedbyF-Secure2.ThenumberofnewthreatsidentifiedforothersmartphoneOSswasignorablecomparedtothisfigure.Studies3,9havemadeaveryusefulobservationthatmostoftheAndroidmalwares?

86%ofmalwaresasper3?

And73%ofmalwarefamiliesasper9?

userepackagedappsasthemediumofpropagationandinstallation.Repackaginganappwithamalwareiseasy,andthepopularityoforiginalapphelpsthemalwareininfectingalotofdevicesquickly.Ithasbeenfoundthatmanyappsarerepackagedtoredirecttheadvertisementrevenuefromtheoriginalpublishertotheadversary12,17,20.

Theexistingtechniquescapableofdetectingapprepackagingcanbeclassifiedasofflineandonline.Offlinetechniquesarethosethatcanbeusedforvettingappmarkets.Offlinetechniquesdetectrepackagedappsamongmillionsofappsfromoneormoremarket（s）.Scalabilitybecomesamoredesirabletraitforthesetechniquesthanaccuracy.Onlinetechniquesarethosethatperformasignificantpartoftheirjobontheuserdevice.Theyusuallydetectwhetheranappisrepackagedattheinstallationtime.Theremaybesomemodificationsthatappsneedtogothroughbeforeinstallationfortheonlinetechniquestobeeffective.Wediscussbothkindsoftechniquesinthispaper.

Thispaperiscomposedofthefollowingsections.SectionIIintroducesAndroidsecurity?

apprepackaging?

Andthetechniquestodetectrepackaging.InsectionIII?

weshedsomelightonAndroidOS?

andapprepackagingdetection.SectionIVdiscussesvarioustechniquesthatclaimtodetectrepackagingandhighlightstheiruniquefeatures.SectionVthenpresentsthekeytakeawaysfromsectionIV.Finally,sectionVIconcludethispaperanddiscusssomescopeforfuturework.

2.Androidapprepackaging

Duringrepackagingofapps,modificationscanbemadetotheappbytheadversary（plagiarist）.Thesemodificationsperformedmaybeoneormoreofthefollowing:

replacingofanAPIlibrarywithadversaryownedlibrary;

redirectingtheadrevenueoftheappiftheappusessomeads;

addingsomeadstotheapp;

introducingmalwarecodeinsideexistingmethod（s）;

addingmethod/classspeciallyforintroducingmalwarecode.

Afterthenecessarymodifications‚theadversarycanprepareapackage（APKfile）again.TheadversarysignstheappwithherprivatekeyandthepublickeyintheMETA-INFdirectorynowcorrespondstothisprivatekey.Thisappisnowreleasedonsomeunofficialmarketwheretheuserfallpreytoit.

Somerepackagingdetection/deterrencesolutionsassumethattheadversarywantstoexploitthepopularityoftheoriginalapptoinfectalargenumberofusersquickly.Thus‚theyworkontheassumptionthatthemetadataoftherepackagedappisverysimilartothatoftheoriginalapp.Ontheotherhand‚somesolutionsassumethattheadversaryisrepackaginganexistingappbecauseshewantstosavetime/effortofcreatingahostappforthemalware.Inthiscase‚theadversarycansignificantlychangethemetadatainherrepackagedversion.Theonlywaytodetectsimilarityinsuchcasesistocomparethefunctionality/codeofeachandeverypairofapps.Thethirdpossiblecaseinwhicheventhefunctionalityischangedcannotbecalledrepackaging.

3.Androidapprepackagingdetectiontechniques

Thissectionpresentssomeofthebettertechniquesthathavebeenproposedbytheresearchersfordetectingrepackagedapps.Animportantthingtounderstandisthatatechniquedoesnothavetobeperfect.Ifatechniqueforcestheadversarytoapplymanyobfuscations/modifications‚andmakesthecostofrepackaginghighenoughthattheadversarymakesnoprofit‚thenitismorethansatisfactory.

3.1.AnDarwin

Crusselletal.4presentAnDarwin‚anofflinetool.Scalabilityisapre-requisiteofanyofflinetool.Scalabilityis‚indeed‚theprimaryfocusofthecreatorsofAnDarwin.AnDarwinboastsofasub-quadratictimecomplexitybyusingLocalitySensitiveHashing（LSH）5andMin-wiseindependentpermutationslocalitysensitivehashing（MinHash）6.Thesehashingtechniquesmakeitpossibletodetectsimilarappswithoutactuallycomparingeverypairofapps.

Frommethodsinthesourcecodeoftheapp‚AnDarwinconstructsProgramDependenceGraphs（PDGs）usingonlythedatadependenciesinthecode.Thedatadependenciesaremuchharder（andexpensive）toobfuscatethanthecontroldependencies.AfterPDGconstruction‚correspondingtoeachconnectedcomponentofeachPDG‚asemanticvectorisconstructedwhichcapturesinformationsuchasthetypeandfrequencyofdifferentprogrammingconstructspresent.Then‚LSHusesmanyhashingfunctionstoobtainclustersofsemanticvectorswhicharenearneighbors.SothetaskofthelaterstagesofAnDarwinisjusttofindsimilarappsinsideacluster‚i.e.‚thereisnoneedtocompareappsbelongingtodifferentclusters.

3.2.AppInk

Zhouetal.7proposeAppInktoembedawatermarkinAndroidappssothatifanappdoesnotcarryawatermarkorthewatermarkonitisnotauthenticthenitcanbefoundthatitisarepackagedapp.TheypointoutthatitisnoteasytoembedwatermarkinaJavacode‚andthattooinanAndroidappwhichmayhavemultipleentrypoints.Theyinvolvethedeveloperintheprocessasthedeveloperunderstandsthesemanticandsyntacticstructureofthecodeandshecanchoosetherightplacestoinsertthewatermarkintheappcode.AppInkdoesnotdirectlyembedthewatermarkvalueintothesourceoftheapp.Itisdesignedtoconvertthiswatermarkvalue（string‚number‚etc.）intoanon-trivialdatastructure（specificallygraph）whichis‚inturn‚transformedintoJavacode‚calledwatermarkcode.Executingthiscodeproducestheinstanceofthedatastructurewhichcorrespondstothewatermarkvalue.Theauthorspointoutthattherecognitionpartofthewatermarkingschemeshouldbeautomatedtoo.TherecognizerpartofAppInkextendsDalvikvirtualmachine（DVM）sothatalltheobjectreferencerelationshipscanbescanned（andlogged）whentheappunderreviewruns‚withmanifestappprovidingtheinputeventstotheapp.Theloggedfilesaresearchedforreferencerelationshippatternsthatcanpossiblycorrespondtoawatermarkinggraph.Thegraphisthendecodedtoobtainthecorrespondingvalueanditcanbeverifiedwhetheritisthesameasdeveloper'

swatermarkvalue.

3.3.APKLancet

Yangetal.8proposeAPKLancetwhichreliesonDroidMossforidentifyingmaliciouspayloadintheapp.APKLancetdoesnotmaintainasignaturedatabase‚nordoesitidentifythemaliciouspayloaditself.ItusesAndroGuardforthesetasks.Afteridentification‚itremovesmaliciouspayload.APKLancetmakesanimpracticalassumptionthatmaliciouspayloadisalwaysquiteindependentintheAPK.Therearemoreassumptions.Theauthorsassumethat‚uponexecution‚thepayloadrunsinaseparateworkflow.Theyalsoassumethattheintegrationofmalwareandappcodeisreversible.ItisnotspecifiedhowdoesAPKLancetdecidewhetheranadlibraryoraplug-inisinsertedbytheoriginaldeveloperortheplagiarist.APKLancetispurifyingtheAPKandre-packingit‚butitisnotspecifiedhowdoesitprocuresthedeveloper'

sprivatekey.IfAPKLancetusesanewkeythenthedeveloper/publisheroftheappwouldnotbeabletoupdatetheapplication（alsoanyassumedsharingofresourceswithappsfromthesamedeveloperwouldfail）.

4.ConclusionandFutureWork

Onlinedetectiontechniquesrequiresomeextrainformationintheapps‚ortheyrequiresomechangesintheAndroidapplicationframeworkorDalvikvirtualmachine.Allofthemputsomeprocessingoverheadonuser.device.However‚inlieuofanymarketvettingprocedures‚theyaretheonlythingthatcanprotecttheuserfromthreats.

Offlinetechniqueshavetobehighlyscalableastheyaresu