GridDroid--An Effective and Efficient Approach for Android Repackaging Detection Based on Runtime Graphical User Interface  被引量：1

作　　者：Jun Ma Qing-Wei Sun Chang Xu Xian-Ping Tao 马骏;孙清伟;许畅;陶先平(State Key Laboratory for Novel Software Technology,Nanjing University,Nanjing 210023,China;Department of Computer Science and Technology,Nanjing University,Nanjing 210023,China;Huatai Securities Co.,Ltd.,Nanjing 210019,China)

机构地区：[1]State Key Laboratory for Novel Software Technology,Nanjing University,Nanjing 210023,China [2]Department of Computer Science and Technology,Nanjing University,Nanjing 210023,China [3]Huatai Securities Co.,Ltd.,Nanjing 210019,China

出　　处：《Journal of Computer Science & Technology》2022年第1期147-181,共35页计算机科学技术学报（英文版）

基　　金：supported by the Leading-Edge Technology Program of Jiangsu Natural Science Foundation of China under Grant No.BK20202001;the National Natural Science Foundation of China under Grant No.61932021.

摘　　要：Repackaging brings serious threats to Android ecosystem.Software birthmark techniques are typically applied to detect repackaged apps.Birthmarks based on apps'runtime graphical user interfaces(GUI)are effective,especially for obfuscated or encrypted apps.However,existing studies are time-consuming and not suitable for handling apps in large scale.In this paper,we propose an effective yet efficient dynamic GUI birthmark for Android apps.Briefly,we run an app with automatically generated GUI events and dump its layout after each event.We divide each dumped layout into a grid,count in each grid cell the vertices of boundary rectangles corresponding to widgets within the layout,and generate a feature vector to encode the layout.Similar layouts are merged at runtime,and finally we obtain a graph as the birthmark of the app.Given a pair of apps to be compared,we build a weighted bipartite graph from their birthmarks and apply a modified version of the maximum-weight-bipartite-matching algorithm to determine whether they form a repackaging pair(RP)or not.We implement the proposed technique in a prototype,GridDroid,and apply it to detect RPs in three datasets involving 527 apks.GridDroid reports only six false negatives and seven false positives,and it takes GridDroid merely 20 microseconds on average to compare a pair of birthmarks.

关 键 词：Android apps dynamic software birthmark graphical user interface(GUI) repackaging detection 

分 类 号：TP319[自动化与计算机技术—计算机软件与理论]