Abstract
The popularity of Android brings much functionality to its users but it also brings many threats. Repacked Android application is one such threat which is the root of many other threats such as malware, phishing, adware, and economical loss. Earlier many techniques have been proposed for the detection of repacked application but they have their limitations and bottlenecks. The issue of malware and duplicate apps affecting the smartphones are being reported on a large scale and has drawn the attention of many researchers. Major of these issues target Android-based phones. Repackaged apps are usually infected versions of popular apps. Adversaries download a popular Android app, and obtain the code using reverse engineering and then add their code (often malicious) to it and repackage and release the app. The existing methods focus primarily on the extraction of apps’ behavior and comparing the same with their static code. These have the least chance of detecting the code obfuscation and the dynamic behavior of apps. Therefore, a framework of App-NTS is proposed which extracts the dynamic behavior of the apps from the network traffic analysis. The dynamic vantage point algorithm used for the comparative analysis of the apps’ behavior, which significantly helps in reducing the time complexity. Experimental analysis has detected 365 repacked apps from 8645 apps that are downloaded from various online markets and have also brought dramatic results in terms of better performance with Mean Square Error value decreased by 41% and Log loss reduced by 35.2%. There is an increase in accuracy of 18.3% when compared to other states of the art techniques.
Similar content being viewed by others
References
Ahmed M, Mahmood AN (2015) Novel approach for network traffic pattern analysis using clustering-based collective anomaly detection. Ann Data Sci 2(1):111–130
Alan HF, Kaur J (2016) Can Android applications be identified using only TCP/IP headers of their launch time traffic? In: Proceedings of the 9th ACM conference on security and privacy in wireless and mobile networks, pp 61–66
Aleieldin S (2018) Stimulation and detection of Android repackaged malware with active learning. J Comput Secur 7(1):1412–1420
Arndt DJ, Zincir-Heywood AN (2011) A comparison of three machine learning techniques for encrypted network traffic analysis. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), pp 107–114
Bai Y, Du Z, Zhang C, Zhao X (2019) Sentinel surveillance of traffic conditions with multilayer network. J Ambient Intell Humaniz Comput 10(8):3123–3131
Basheikh M (2014) Smartphones operating systems market analysis. Int J Sci Eng Res 5(5):12–14
Crussell J, Gibler C, Chen H (2014) Andarwin: scalable detection of android application clones based on semantics. IEEE Trans Mob Comput 14(10):2007–2019
Dobrescu R, Hossu D, Ulrich R (2009) Self-similarity tests for internet traffic. J Control Eng Appl Inform 11(4):11–17
Dulucq S, Touzet H (2003) Analysis of tree edit distance algorithms. In: Annual Symposium on Combinatorial Pattern Matching, pp 83–95
Falaki H, Lymberopoulos D, Mahajan R, Kandula S, Estrin D (2010) A first look at traffic on smartphones. In: Proceedings of the 10th ACM SIGCOMM conference on Internet measurement, pp 281–287
Gadyatskaya O, Lezza AL, Zhauniarovich, Y (2016) Evaluation of resource-based app repackaging detection in Android. In: International Conference on system security, pp 135–151
Koutník J, Šnorek M (2008) Temporal hebbian self-organizing map for sequences. In: International Conference on Artificial Neural Networks, pp 632–641
Li L, Bissyandé TF, Klein J (2019) Rebooting research on detecting repackaged Android apps: literature review and benchmark. IEEE Trans Softw Eng. https://doi.org/10.1109/TSE.2019.2901679
Liu Z, Wang R, Tao M (2016) SmoteAdaNL: a learning method for network traffic classification. J Ambient Intell Humaniz Comput 7(1):121–130
Lyu F, Lin Y, Yang J (2017) An efficient and packing-resilient two-phase android cloned application detection approach. Mob Inform Syst 20171:1–13
Pries R, Wamser F, Staehle D, Heck K, Tran-Gia P (2009) Traffic measurement and analysis of a broadband wireless internet access. In: VTC Spring 2009-IEEE 69th Vehicular Technology Conference, pp 1–5
Ren C, Chen K, Liu P (2014) Droidmarking: resilient software watermarking for impeding android application repackaging. In: Proceedings of the 29th ACM/IEEE international conference on automated software engineering, pp 635–646
Talal M, Zaidan AA, Zaidan BB, Albahri OS, Alsalem MA, Albahri AS, Alaa M (2019) Comprehensive review and analysis of anti-malware apps for smartphones. Telecommun Syst 72(2):285–337
Vidas T, Christin N (2013) Sweetening android lemon markets: measuring and combating malware in application marketplaces. In: Proceedings of the third ACM conference on Data and application security and privacy, pp 197–208
Wei X, Valler NC, Madhyastha HV, Neamtiu I, Faloutsos M (2017) Characterizing the behavior of handheld devices and its implications. Comput Netw 114:1–12
Wu X, Zhang D, Su X, Li W (2015) Detect repackaged Android application based on HTTP traffic similarity. Secur Commun Netw 8(13):2257–2266
Yang W, Li J, Zhang Y, Li Y, Shu J, Gu D (2014) APKLancet: tumor payload diagnosis and purification for android applications. In: Proceedings of the 9th ACM symposium on information, computer and communications security, pp 483–494
Zhao S, Chen S, Sun Y, Cai Z, Su J (2019) Identifying known and unknown mobile application traffic using a multilevel classifier. Secur Commun Netws 2019:1–12
Zhou W, Zhou Y, Jiang X, Ning P (2012) Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of the second ACM conference on Data and Application Security and Privacy, pp 317–326
Zhou W, Zhang X, Jiang X (2013) AppInk: watermarking android apps for repackaging deterrence. In: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, pp 1–12
Zhou M, Chen J, Liu Y, Ackah-Arthur H, Chen S, Zhang Q, Zeng Z (2019) A method for software vulnerability detection based on improved control flow graph. Wuhan Univ J Nat Sci 24(2):149–160
Acknowledgments
The authors would like to express their heartfelt thanks to the editors and anonymous referees for their most valuable comments and constructive suggestions which leads to the significant improvement of the earlier version of the manuscript.
Funding
Dr. Mohammed Alshehri would like to thank the Deanship of Scientific Research at Majmaah University for supporting this work under the Project No. R-2021-9.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Alshehri, M. APP-NTS: a network traffic similarity-based framework for repacked Android apps detection. J Ambient Intell Human Comput 13, 1537–1546 (2022). https://doi.org/10.1007/s12652-021-03023-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-021-03023-0