TY - GEN
T1 - Detecting Clones in Android Applications through Analyzing User Interfaces
AU - Soh, Charlie
AU - Tan, Hee Beng Kuan
AU - Arnatovich, Yauhen Leanidavich
AU - Wang, Lipo
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/8/5
Y1 - 2015/8/5
N2 - The blooming mobile smart phone device industry has attracted a large number of application developers. However, due to the availability of reverse engineering tools for Android applications, it also caught the attention of plagiarists and malware writers. In recent years, application cloning has become a serious threat to the Android market. In previous work, mobile application clone detection mainly focuses on code-based analysis. Such an approach lacks resilient to advanced obfuscation techniques. Their efficiency is also questionable, as billions of opcodes need to be processed for cross-market clone detection. In this paper, we propose a novel technique of detecting Android application clones based on the analysis of user interface (UI) information collected at runtime. By leveraging on the multiple entry points feature of Android applications, the UI information can be collected easily without the need to generate relevant inputs and execute the entire application. Another advantage of our technique is obfuscation resilient since semantics preserving obfuscation technique do not affect runtime behaviors. We evaluated our approach on a set of real-world dataset and it has a low false positive rate and false negative rate. Furthermore, the results also show that our approach is effective in detecting different types of repackaging attacks.
AB - The blooming mobile smart phone device industry has attracted a large number of application developers. However, due to the availability of reverse engineering tools for Android applications, it also caught the attention of plagiarists and malware writers. In recent years, application cloning has become a serious threat to the Android market. In previous work, mobile application clone detection mainly focuses on code-based analysis. Such an approach lacks resilient to advanced obfuscation techniques. Their efficiency is also questionable, as billions of opcodes need to be processed for cross-market clone detection. In this paper, we propose a novel technique of detecting Android application clones based on the analysis of user interface (UI) information collected at runtime. By leveraging on the multiple entry points feature of Android applications, the UI information can be collected easily without the need to generate relevant inputs and execute the entire application. Another advantage of our technique is obfuscation resilient since semantics preserving obfuscation technique do not affect runtime behaviors. We evaluated our approach on a set of real-world dataset and it has a low false positive rate and false negative rate. Furthermore, the results also show that our approach is effective in detecting different types of repackaging attacks.
KW - Android
KW - Clone detection
KW - Obfuscation resilient
KW - Repackaging
KW - User interface
UR - http://www.scopus.com/inward/record.url?scp=84961305389&partnerID=8YFLogxK
U2 - 10.1109/ICPC.2015.25
DO - 10.1109/ICPC.2015.25
M3 - Conference Proceeding
AN - SCOPUS:84961305389
T3 - IEEE International Conference on Program Comprehension
SP - 163
EP - 173
BT - Proceedings - 2015 IEEE 23rd International Conference on Program Comprehension, ICPC 2015
PB - IEEE Computer Society
T2 - 23rd IEEE International Conference on Program Comprehension, ICPC 2015
Y2 - 18 May 2015 through 19 May 2015
ER -