Browse > Article
http://dx.doi.org/10.7840/kics.2015.40.4.700

Android App Birthmarking Technique Resilient to Code Obfuscation  

Kim, Dongjin (Dankook University Department of Computer Science)
Cho, Seong-Je (Dankook University Department of Computer Science & Engineering)
Chung, Youngki (Dankook University Department of Computer Science)
Woo, Jinwoon (Dankook University Department of Computer Science & Engineering)
Ko, Jeonguk (Hancom Inc.)
Yang, Soo-Mi (University of Suwon Department of Information Secrecy)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.40, no.4, 2015 , pp. 700-708 More about this Journal
Abstract
A software birthmark is the set of characteristics of a program which can be used to identify the program. Many researchers have studied on detecting theft of java programs using some birthmarks. In case of Android apps, code obfuscation techniques are used to protect the apps against reverse-engineering and tampering. However, attackers can also use the obfuscation techniques in order to conceal a stolen program. A birthmark (feature) of an app can be alterable by code obfuscations. Therefore, it is necessary to detect Android app theft based on the birthmark which is resilient to code obfuscation. In this paper, we propose an effective Android app birthmark and app theft detection through the proposed birthmark. By analyzing some obfuscation tools, we have first selected parameter and the return types of methods as an adequate birthmark. Then, we have measured similarity of target apps using the birthmarks extracted from the apps, where some target apps are not obfuscated and the others obfuscated. The measurement results show that our proposed birthmark is effective for detecting Android app theft even though the apps are obfuscated.
Keywords
Android app; Software birthmark; Code obfuscation; Software theft; Resilience;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 C. Davies, 95% Android game piracy experience highlights app theft challenge, Retrieved May, 15, 2013, from http://www. slashgear.com/95-android-game-piracy-experie nce-highlights-app-theft-challenge-15282064/
2 D. Seo, Smart phone apps plagiarism warning, Retrieved Mar. 22, 2010, from http://www.etnews.com/201003190142
3 H. Park, S. Choi, S. Seo, and T. Han, "Analyzing differences of binary executable files using program structure and constant values," J. KIISE : Software and Appl., vol. 35, no. 7, pp. 452-461, Jul. 2008.
4 H. Tamada, K. Okamoto, M. Nakamura, A. Monden, and K. Matsumoto, "Dynamic software birthmarks to detect the theft of windows applications," in Proc. Int. Symp. Future Software Technol. 2004 (ISFST 2004), vol. 20, no. 22, Oct. 2004.
5 D. Schuler and V. Dallmeier, "Detecting software theft with API call sequence Sets," in Proc. 8th Workshop Software Reengineering, May 2006.
6 G. Myles and C. Collberg, "Detecting software theft via whole program path birthmarks," in Proc. Inf. Security Conf., vol. 3225, pp 404-415, Sept. 2004.
7 X. Zhou, X. Sun, G. Sun, and Y. Yang, "A combined static and dynamic software birthmark based on component dependence graph," in Proc. 4th Int. Conf. Intell. Inf. Hiding and Multimedia Signal Process. (IIH-MSP), pp. 1416-1421, Aug. 2008.
8 D. Kim, S. Cho, S. Han, M. Park, and I. You, "Open source software detection using function-level static software birthmark," J. Internet Services and Inf. Security (JISIS), vol. 4, no. 4, pp. 25-37, Nov. 2014.   DOI
9 D. Kim, Y. Han, S. Cho, H. Yoo, J, Woo, Y. Nah, M. Park, and L. Chung, "Measuring similarity of windows applications using static and dynamic birthmarks," in Proc. ACM Symp. Applied Computing (2013 SAC), pp. 1628-1633, Mar. 2013.
10 G. Myles and C. Collberg, "k-gram based software birthmarks," in Proc. ACM Symp. Applied Computing (2005 SAC), pp. 314-318, Mar. 2005.
11 J. Ko, H. Shim, D. Kim, Y. Jeong, S. Cho, M. Park, S. Han, and S. Kim, "Measuring similarity of android applications via reversing and K-gram birthmarking," in Proc. Research in Adaptive and Convergent Syst. (2013 RACS), pp. 336-341, Oct. 2013.
12 J. Ko, S. Kang, J. Moon, D. Kim, and S. Cho, "A study on comparing similarity of android applications based on dex," J. The Korea Software Assesment and Valuation Soc., vol. 9, no. 1, Jun. 2013.
13 H. Park, "An android birthmark based on API k-gram," KIPS Trans. Comput. Commun. Syst. (KTCCS), vol. 2, no. 4, pp. 177-180, Apr. 2013.   DOI   ScienceOn
14 Dex Protector, http://dexprotector.com
15 C. S. Collberg and C. Thomborson, "Watermarking, tamper-proofing, and obfuscation-tools for software protection," IEEE Trans. Software Eng., vol. 28 no. 8, Aug. 2002.
16 Proguard, http://developer.android.com/tools/h elp/proguard.html
17 Dexguard, https://www.saikoa.com/dexguard
18 Y. Piao, J. Jung, and J. Yi, "Structural and functional analysis of ProGuard obfuscation tool," J. KICS, vol. 38, no. 08, pp. 654-662, Aug. 2013.
19 H. Lim, "Comparing binary programs using approximate matching of k-grams," J. KIISE : Computing Practices and Lett., vol. 18, no. 4, pp. 288-299, Apr. 2012.
20 Y. Bai, X. Sun, G. Sun, X. Deng, and X. Zhou, "Dynamic k-gram based software birthmark," in Proc. 19th Australian Conf. Software Eng. (ASWEC 2008), pp. 644-649, Mar. 2008.
21 A system for detecting software plagiarism - MOSS, [online] http://theory.stanford.edu/-aike n/moss