Paper 2015/709

Detecting Mobile Application Spoofing Attacks by Leveraging User Visual Similarity Perception

Luka Malisa, Kari Kostiainen, and Srdjan Capkun

Abstract

Mobile application spoofing is an attack where a malicious mobile application mimics the visual appearance of another one. If such an attack is successful, the integrity of what the user sees as well as the confidentiality of what she inputs into the system can be violated by the adversary. A common example of mobile application spoofing is a phishing attack where the adversary tricks the user into revealing her password to a malicious application that resembles the legitimate one. In this work, we propose a novel approach for addressing mobile application spoofing attacks by leveraging the visual similarity of application screens. We use deception rate as a novel metric for measuring how many users would confuse a spoofing application for the genuine one. We conducted a large-scale online study where participants evaluated spoofing samples of popular mobile applications. We used the study results to design and implement a prototype spoofing detection system, tailored to the estimation of deception rate for mobile application login screens.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
mobile security
Contact author(s)
luka malisa @ inf ethz ch
History
2017-01-09: last of 3 revisions
2015-07-18: received
See all versions
Short URL
https://ia.cr/2015/709
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/709,
      author = {Luka Malisa and Kari Kostiainen and Srdjan Capkun},
      title = {Detecting Mobile Application Spoofing Attacks by Leveraging User  Visual Similarity Perception},
      howpublished = {Cryptology ePrint Archive, Paper 2015/709},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/709}},
      url = {https://eprint.iacr.org/2015/709}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.