I'm not stealing, I'm merely borrowing - Plagiarism in Smartphone App Markets
Rahul Potharaju - Purdue University
Feb 13, 2013Size: 161.0MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractPlagiarism is the copying of another party's ideas and passing them off as your own. In the world of smartphone app-markets, this is usually followed by confusion for the buyers (users) and lost sales for the original developer. In some cases, these plagiarized applications act as carriers for malware that can steal your bank details or leak your private information to third-parties. While closed markets such as Apple's AppStore and Windows Marketplace mitigate this problem to some extent through their manual application approval process, open markets such as Google's Android Market, where anyone can publish an application for others to download, are plagued by this problem.
In this talk, I will show how an attacker can launch malware onto a large number of smartphone users by plagiarizing Android applications and by using elements of social engineering to increase the infection rate. Using a dataset of 158,000 smartphone applications' meta-information, I will portray the seriousness of this problem. To this end, we propose three detection schemes that rely on syntactic fingerprinting to detect plagiarized applications under different levels of obfuscation used by the attacker. Experimental analysis of 7,600 smartphone application binaries shows that the proposed schemes detect all instances of plagiarism from a set of real-world malware incidents with 0.5% false positives and scale to millions of applications using only commodity servers.
About the SpeakerRahul Potharaju is a PhD student in the Department of Computer Science at Purdue University and a member of CERIAS. Prior to that, in 2009, he earned his Masters Degree in Computer Science from Northwestern University. He has over two years of industrial research experience working on projects in collaboration with Microsoft Research, Redmond and Motorola Applied Research Center. His current work focuses on large-scale Internet measurements, intrusion detection and security aspects of smartphone architectures, and reliability aspects of data centers both from a hardware and a software perspective. A recurring theme in all his research is combining cross-domain techniques such as those from natural language processing with statistical machine learning and data mining to make surprising inferences in the networking and smartphone areas. His research advisor is Prof. Cristina Nita-Rotaru.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.