Detecting Mobile Application Spoofing Attacks by Leveraging User Visual Similarity Perception

Authors: Luka Malisa, Kari Kostiainen, and Srdjan Čapkun
Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (CODASPY '17)
PDF

Abstract

Mobile application spoofing is an attack where a malicious mobile app mimics the visual appearance of another one. A common example of mobile application spoofing is a phishing attack where the adversary tricks the user into revealing her password to a malicious app that resembles the legitimate one. In this paper, we propose a novel spoofing de-Tection approach, tailored to the protection of mobile app login screens, using screenshot extraction and visual similarity comparison. We use deception rate as a novel similarity metric for measuring how likely the user is to consider a potential spoofing app as one of the protected applications. We conducted a large-scale online study where participantsevaluated spoofing samples of popular mobile app login screens, and used the study results to implement a detection system that accurately estimates deception rate. We show that efficient detection is possible with low overhead.

People

Dr. Luka Malisa
Doctoral Student (2011 – 2019)
Information Security Officer, SDX
Dr. Kari Kostiainen
Senior Scientist

BibTex

@inproceedings{malisa2017detecting,
  author    = {Malisa, Luka and Kostiainen, Kari and Capkun, Srdjan},
  title     = {{Detecting Mobile Application Spoofing Attacks by Leveraging User Visual Similarity Perception}},
  booktitle = {Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (CODASPY '17)},
  address   = {Scottsdale, AZ, USA},
  year      = 2017,
  month     = mar,
  publisher = {Association for Computing Machinery},
  doi       = {10.1145/3029806.3029819},
  url       = {https://doi.org/10.1145/3029806.3029819}
}

Research Collection: 20.500.11850/218074