TY - GEN
T1 - You can promote, but you can't hide
T2 - 32nd Annual Computer Security Applications Conference, ACSAC 2016
AU - Xie, Zhen
AU - Zhu, Sencun
AU - Li, Qing
AU - Wang, Wenjing
PY - 2016/12/5
Y1 - 2016/12/5
N2 - Instead of improving their apps' quality, some developers hire a group of users (called collusive attackers) to post positive ratings and reviews irrespective of the actual app quality. In this work, we aim to expose the apps whose ratings have been manipulated (or abused) by collusive attackers. Specifically, we model the relations of raters and apps as biclique communities and propose four attack signatures to identify malicious communities, where the raters are collusive attackers and the apps are abused apps. We further design a linear-time search algorithm to enumerate such communities in an app store. Our system was implemented and initially run against Apple App Store of China on July 17, 2013. In 33 hours, our system examined 2, 188 apps, with the information of millions of reviews and reviewers downloaded on the fly. It reported 108 abused apps, among which 104 apps were confirmed to be abused. In a later time, we ran our tool against Apple App Stores of China, United Kingdom, and United States in a much larger scale. The evaluation results show that among the apps examined by our tool, abused apps account for 0.94%, 0.92%, and 0.57% out of all the analyzed apps, respectively in June 2013. In our latest checking on Oct. 15, 2015, these ratios decrease to 0.44%, 0.70%, and 0.42%, respectively. Our algorithm can greatly narrow down the suspect list from all apps (e.g., below 1% as shown in our paper). App store vendors may then use other information to do further verification.
AB - Instead of improving their apps' quality, some developers hire a group of users (called collusive attackers) to post positive ratings and reviews irrespective of the actual app quality. In this work, we aim to expose the apps whose ratings have been manipulated (or abused) by collusive attackers. Specifically, we model the relations of raters and apps as biclique communities and propose four attack signatures to identify malicious communities, where the raters are collusive attackers and the apps are abused apps. We further design a linear-time search algorithm to enumerate such communities in an app store. Our system was implemented and initially run against Apple App Store of China on July 17, 2013. In 33 hours, our system examined 2, 188 apps, with the information of millions of reviews and reviewers downloaded on the fly. It reported 108 abused apps, among which 104 apps were confirmed to be abused. In a later time, we ran our tool against Apple App Stores of China, United Kingdom, and United States in a much larger scale. The evaluation results show that among the apps examined by our tool, abused apps account for 0.94%, 0.92%, and 0.57% out of all the analyzed apps, respectively in June 2013. In our latest checking on Oct. 15, 2015, these ratios decrease to 0.44%, 0.70%, and 0.42%, respectively. Our algorithm can greatly narrow down the suspect list from all apps (e.g., below 1% as shown in our paper). App store vendors may then use other information to do further verification.
UR - http://www.scopus.com/inward/record.url?scp=85007583350&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85007583350&partnerID=8YFLogxK
U2 - 10.1145/2991079.2991099
DO - 10.1145/2991079.2991099
M3 - Conference contribution
AN - SCOPUS:85007583350
T3 - ACM International Conference Proceeding Series
SP - 374
EP - 385
BT - Proceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016
PB - Association for Computing Machinery
Y2 - 5 December 2016 through 9 December 2016
ER -