Rahul Potharaju - Purdue University
Feb 13, 2013
Download: MP4 Video
Watch in your Browser
Watch on YouTube
"I'm not stealing, I'm merely borrowing - Plagiarism in Smartphone App Markets"
Plagiarism is the copying of another party's ideas and passing them off as your own. In the world of smartphone app-markets, this is usually followed by confusion for the buyers (users) and lost sales for the original developer. In some cases, these plagiarized applications act as carriers for malware that can steal your bank details or leak your private information to third-parties. While closed markets such as Apple's AppStore and Windows Marketplace mitigate this problem to some extent through their manual application approval process, open markets such as Google's Android Market, where anyone can publish an application for others to download, are plagued by this problem.
In this talk, I will show how an attacker can launch malware onto a large number of smartphone users by plagiarizing Android applications and by using elements of social engineering to increase the infection rate. Using a dataset of 158,000 smartphone applications' meta-information, I will portray the seriousness of this problem. To this end, we propose three detection schemes that rely on syntactic fingerprinting to detect plagiarized applications under different levels of obfuscation used by the attacker. Experimental analysis of 7,600 smartphone application binaries shows that the proposed schemes detect all instances of plagiarism from a set of real-world malware incidents with 0.5% false positives and scale to millions of applications using only commodity servers.
About the Speaker
Rahul Potharaju is a PhD student in the Department of Computer Science at Purdue University and a member of CERIAS. Prior to that, in 2009, he earned his Masters Degree in Computer Science from Northwestern University. He has over two years of industrial research experience working on projects in collaboration with Microsoft Research, Redmond and Motorola Applied Research Center. His current work focuses on large-scale Internet measurements, intrusion detection and security aspects of smartphone architectures, and reliability aspects of data centers both from a hardware and a software perspective. A recurring theme in all his research is combining cross-domain techniques such as those from natural language processing with statistical machine learning and data mining to make surprising inferences in the networking and smartphone areas. His research advisor is Prof. Cristina Nita-Rotaru.
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52 (Suite 050B), West Lafayette Campus. More information...