[WWW2020 Best Student Paper] Mobile App Squatting
移动APP蹲?
一、主要内容
In this paper, we explore the presence of squatting attacks in the mobile app ecosystem.In “App Squatting”, attackers release apps with identifiers (e.g.,app name or package name) that are confusingly similar to those of popular apps or well-known Internet brands.
提出了一种新型的攻击模式“APP蹲”。攻击者发布的应用程序的标识符(例如,应用程序名或包名)与流行应用程序或知名互联网品牌的标识符极为相似。
(印象中这种“蹲”模式的类似攻击模式有很多种)
二、相关定义
We define App Squatting as a type of squatting behavior where attackers release apps with identifiers that are confusingly similar
to those belonging to popular apps or large Internet brands.
我们将应用程序App Squatting 定义为一种抢占行为,攻击者释放的应用程序的标识符与流行应用程序或大型互联网品牌的标识符非常相似。
Based on the target of the squatting, we classify apps into app name squatting and package name squatting.
根据抢占目标类型,我们将App Squatting分为应用名称蹲和安装包名称蹲
(1) Fake Apps: Apps with an identical app or package name to legitimate apps, but with different developer signatures.
(2) Squatting Apps: Apps whose app or package name is confusingly similar (but unidentical) to the legitimate app.
三、模型算法
Thanks to our preliminary investigation,we have identified 11 squatting generation models for app identifiers.
(是在之前工作的基础上,将App Squatting分为11种类型)
As shown in Figure 2, these models can be classified into two categories: (1) mutation-based squatting generation models,
and (2) combosquatting generation models.
7783
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
