Improving the Automatic Identification of Malicious Android Apps in Unofficial Stores through Logo Analysis

L. Vollero; D. Biondo; R. Setola; G. Bocci; R. Mammoliti; A. Toma

doi:10.5220/0006270305670572

Improving the Automatic Identification of Malicious Android Apps in Unofficial Stores through Logo Analysis

L. Vollero, D. Biondo, R. Setola, G. Bocci, R. Mammoliti, A. Toma

2017

Abstract

The wide diffusion of mobile devices and the ability of users to customize their experience through applications (Apps) is opening to new problems related to privacy, security and data integrity for the mobile ecosystem. Smartphones, in general, and Android devices, in particular, are rapidly becoming emerging threat vectors of cybercrime activities. Unofficial Android markets, especially those with weak controls on published Apps, are the places where frauds may easily start and spread. Hence, the ability to identify and quickly shut down deceptive Apps is of paramount importance in the protection of users, services and infrastructures. Traditional approaches that aim at mitigating the presence of malicious Apps in unofficial markets, are based on crawlers for scanning stores and checking the words used in Apps’ description. These methods works very well when the App’s title, keywords and description match specific patterns that identify services to protect and the application owner or App’s signature do not match expected ones. Unluckily, the performance of such methods reduce sharply when the store adopts a language that is not supported by the recognition system or the App publisher uses misleading words in the App’s description. Nevertheless, App publishers always use a logo which is familiar to the user in order to highlight the application and increase the probability that the users install it. In this paper we presents a system that overcomes the limitation of traditional approaches including logo analysis in the process of App recognition. Our contribution is the definition and evaluation of a logo-based complementary system to be used in conjunction with traditional approaches based on word lists checking. The system and the performance of the proposed solution are presented and analyzed in the paper.

References

Bay, H., Ess, A., Tuytelaars, T., and Gool, L. V. (2008). Speeded-up robust features (SURF). Computer Vision and Image Understanding, 110(3):346 - 359. Similarity Matching in Computer Vision and Multimedia.
Bertino, E. (2016). Securing mobile applications. Computer, 49(2):9-9.
CERT (2016). http://cert.org/.
Csurka, G., Dance, C. R., Fan, L., Willamowski, J., and Bray, C. (2004). Visual categorization with bags of keypoints. In In Workshop on Statistical Learning in Computer Vision, ECCV, pages 1-22.
FIRST (2016). https://www.first.org/.
Harris, Z. S. (1954). Distributional structure. Word, 10(2- 3):146-162.
Hsu, C.-W. and Lin, C.-J. (2002). A comparison of methods for multiclass support vector machines. IEEE transactions on Neural Networks, 13(2):415-425.
PI CERT (2016). http://www.picert.it.
Seo, S.-H., Gupta, A., Sallam, A. M., Bertino, E., and Yim, K. (2014). Detecting mobile malware threats to homeland security through static analysis. Journal of Network and Computer Applications, 38:43 - 53.

Download

Paper Citation

in Harvard Style

Vollero L., Biondo D., Setola R., Bocci G., Mammoliti R. and Toma A. (2017). Improving the Automatic Identification of Malicious Android Apps in Unofficial Stores through Logo Analysis . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 567-572. DOI: 10.5220/0006270305670572

in Bibtex Style

@conference{icissp17,
author={L. Vollero and D. Biondo and R. Setola and G. Bocci and R. Mammoliti and A. Toma},
title={Improving the Automatic Identification of Malicious Android Apps in Unofficial Stores through Logo Analysis},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={567-572},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006270305670572},
isbn={978-989-758-209-7},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Improving the Automatic Identification of Malicious Android Apps in Unofficial Stores through Logo Analysis
SN - 978-989-758-209-7
AU - Vollero L.
AU - Biondo D.
AU - Setola R.
AU - Bocci G.
AU - Mammoliti R.
AU - Toma A.
PY - 2017
SP - 567
EP - 572
DO - 10.5220/0006270305670572