[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/2568225.2568276acmconferencesArticle/Chapter ViewAbstractPublication PagesicseConference Proceedingsconference-collections
research-article

Checking app behavior against app descriptions

Published: 31 May 2014 Publication History

Abstract

How do we know a program does what it claims to do? After clustering Android apps by their description topics, we identify outliers in each cluster with respect to their API usage. A "weather" app that sends messages thus becomes an anomaly; likewise, a "messaging" app would typically not be expected to access the current location. Applied on a set of 22,500+ Android applications, our CHABADA prototype identified several anomalies; additionally, it flagged 56% of novel malware as such, without requiring any known malware patterns.

References

[1]
D. Amalfitano, A. R. Fasolino, P. Tramontana, S. De Carmine, and A. M. Memon. Using GUI ripping for automated testing of Android applications. In IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 258–261, New York, NY, USA, 2012. ACM.
[2]
K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie. PScout: analyzing the Android permission specification. In ACM Conference on Computer and Communications Security (CCS), pages 217–228, New York, NY, USA, 2012. ACM.
[3]
A. Bartel, J. Klein, M. Monperrus, and Y. Le Traon. Automatically securing permission-based software by reducing the attack surface: An application to Android. In IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 274–277, 2012.
[4]
D. M. Blei, A. Y. Ng, and M. I. Jordan. Latent Dirichlet allocation. Journal of Machine Learning Research, 3:993–1022, 2003.
[5]
E. Bodden, A. Sewe, J. Sinschek, H. Oueslati, and M. Mezini. Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders. In ACM/IEEE International Conference on Software Engineering (ICSE), pages 241–250, New York, NY, USA, 2011. ACM.
[6]
W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In USENIX conference on Operating Systems Design and Implementation (OSDI), pages 1–6, Berkeley, CA, USA, 2010. USENIX Association.
[7]
A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In ACM Conference on Computer and Communications Security (CCS), pages 627–638, New York, NY, USA, 2011. ACM.
[8]
C. Fritz, S. Arzt, S. Rasthofer, E. Bodden, A. Bartel, J. Klein, Y. le Traon, D. Octeau, and P. McDaniel. Highly precise taint analysis for Android applications. Technical Report TUD-CS-2013-0113, EC SPRIDE, 2013.
[9]
M. Harman, Y. Jia, and Y. Zhang. App store mining and analysis: MSR for app stores. In IEEE Working Conference on Mining Software Repositories (MSR), pages 108–111, 2012.
[10]
K. A. Heller, K. M. Svore, A. D. Keromytis, and S. J. Stolfo. One class support vector machines for detecting anomalous windows registry accesses. In ICDM Workshop on Data Mining for Computer Security (DMSEC), 2003.
[11]
E. W. Høst and B. M. Østvold. Debugging method names. In European Conference on Object-Oriented Programming (ECOOP), pages 294–317. Springer, 2009.
[12]
C. Hu and I. Neamtiu. Automating GUI testing for Android applications. In International Workshop on Automation of Software Test (AST), pages 77–83, New York, NY, USA, 2011. ACM.
[13]
K. S. Jones. A statistical interpretation of term specificity and its application in retrieval. Journal of Documentation, 28(1):11–21, 1972.
[14]
J. Lin, S. Amini, J. I. Hong, N. Sadeh, J. Lindqvist, and J. Zhang. Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. In ACM Conference on Ubiquitous Computing (UbiComp), pages 501–510, New York, NY, USA, 2012. ACM.
[15]
A. Machiry, R. Tahiliani, and M. Naik. Dynodroid: an input generation system for Android apps. In European Software Engineering Conference held jointly with ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE), pages 224–234, New York, NY, USA, 2013. ACM.
[16]
J. B. MacQueen. Some methods for classification and analysis of multivariate observations. In L. M. L. Cam and J. Neyman, editors, Berkeley Symposium on Mathematical Statistics and Probability, volume 1, pages 281–297. University of California Press, 1967.
[17]
L. M. Manevitz and M. Yousef. One-class SVMs for document classification. Journal of Machine Learning Research, 2:139–154, 2002.
[18]
A. K. McCallum. Mallet: A machine learning for language toolkit. http://mallet.cs.umass.edu, 2002.
[19]
R. Pandita, X. Xiao, W. Yang, W. Enck, and T. Xie. WHYPER: Towards automating risk assessment of mobile applications. In USENIX Security Symposium, pages 527–542, 2013.
[20]
R. Pandita, X. Xiao, H. Zhong, T. Xie, S. Oney, and A. Paradkar. Inferring method specifications from natural language API descriptions. In ACM/IEEE International Conference on Software Engineering (ICSE), 2012.
[21]
P. Rousseeuw. Silhouettes: a graphical aid to the interpretation and validation of cluster analysis. Journal of Computational and Applied Mathematics, 20(1):53–65, 1987.
[22]
B. Schölkopf, J. C. Platt, J. C. Shawe-Taylor, A. J. Smola, and R. C. Williamson. Estimating the support of a high-dimensional distribution. Neural Computation, 13(7):1443–1471, 2001.
[23]
R. Stevens, J. Ganz, P. Devanbu, H. Chen, and V. Filkov. Asking for (and about) permissions used by Android apps. In IEEE Working Conference on Mining Software Repositories (MSR), pages 31–40, San Francisco, CA, 2013.
[24]
L. Tan, D. Yuan, G. Krishna, and Y. Zhou. /* iComment: Bugs or bad comments? */. In ACM SIGOPS Symposium on Operating Systems Principles (SOSP), pages 145–158, 2007.
[25]
A. Wasylkowski, A. Zeller, and C. Lindig. Detecting object usage anomalies. In European Software Engineering Conference held jointly with ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE), pages 35–44, New York, NY, 2007. ACM.
[26]
X. Wei, L. Gomez, I. Neamtiu, and M. Faloutsos. ProfileDroid: multi-layer profiling of Android applications. In ACM Annual International Conference on Mobile Computing and networking (MobiCom), pages 137–148, New York, NY, USA, 2012. ACM.
[27]
W. Yang, M. R. Prasad, and T. Xie. A grey-box approach for automated GUI-model generation of mobile applications. In International Conference on Fundamental Approaches to Software Engineering (FASE), pages 250–265, Berlin, Heidelberg, 2013. Springer-Verlag.
[28]
Y. Zhou and X. Jiang. Dissecting Android malware: Characterization and evolution. In IEEE Symposium on Security and Privacy (SP), pages 95–109, Washington, DC, USA, 2012. IEEE Computer Society.

Cited By

View all
  • (2024)Evaluating privacy perceptions, experience, and behavior of software development teamsProceedings of the Twentieth USENIX Conference on Usable Privacy and Security10.5555/3696899.3696905(101-120)Online publication date: 12-Aug-2024
  • (2024)Property-Based Testing for Validating User Privacy-Related Functionalities in Social Media AppsCompanion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering10.1145/3663529.3663863(440-451)Online publication date: 10-Jul-2024
  • (2024)AndroZoo: A Retrospective with a Glimpse into the FutureProceedings of the 21st International Conference on Mining Software Repositories10.1145/3643991.3644863(389-393)Online publication date: 15-Apr-2024
  • Show More Cited By

Index Terms

  1. Checking app behavior against app descriptions

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    ICSE 2014: Proceedings of the 36th International Conference on Software Engineering
    May 2014
    1139 pages
    ISBN:9781450327565
    DOI:10.1145/2568225
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    In-Cooperation

    • TCSE: IEEE Computer Society's Tech. Council on Software Engin.

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 31 May 2014

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Android
    2. clustering
    3. description analysis
    4. malware detection

    Qualifiers

    • Research-article

    Conference

    ICSE '14
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 276 of 1,856 submissions, 15%

    Upcoming Conference

    ICSE 2025

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)79
    • Downloads (Last 6 weeks)6
    Reflects downloads up to 09 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Evaluating privacy perceptions, experience, and behavior of software development teamsProceedings of the Twentieth USENIX Conference on Usable Privacy and Security10.5555/3696899.3696905(101-120)Online publication date: 12-Aug-2024
    • (2024)Property-Based Testing for Validating User Privacy-Related Functionalities in Social Media AppsCompanion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering10.1145/3663529.3663863(440-451)Online publication date: 10-Jul-2024
    • (2024)AndroZoo: A Retrospective with a Glimpse into the FutureProceedings of the 21st International Conference on Mining Software Repositories10.1145/3643991.3644863(389-393)Online publication date: 15-Apr-2024
    • (2024)No Source Code? No Problem! Demystifying and Detecting Mask Apps in iOSProceedings of the 32nd IEEE/ACM International Conference on Program Comprehension10.1145/3643916.3644419(358-369)Online publication date: 15-Apr-2024
    • (2024)Are Your Requests Your True Needs? Checking Excessive Data Collection in VPA AppProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639107(1-12)Online publication date: 20-May-2024
    • (2024)DocFlow: Extracting Taint Specifications from Software DocumentationProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3623312(1-12)Online publication date: 20-May-2024
    • (2024)Do as You Say: Consistency Detection of Data Practice in Program Code and Privacy Policy in Mini-AppIEEE Transactions on Software Engineering10.1109/TSE.2024.3479288(1-23)Online publication date: 2024
    • (2024)Improving Logic Bomb Identification in Android Apps via Context-Aware Anomaly DetectionIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3358979(1-18)Online publication date: 2024
    • (2024)Essential or Excessive? MINDAEXT: Measuring Data Minimization Practices among Browser Extensions2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER60148.2024.00104(964-975)Online publication date: 12-Mar-2024
    • (2023)Assessing Security, Privacy, User Interaction, and Accessibility Features in Popular E-Payment ApplicationsProceedings of the 2023 European Symposium on Usable Security10.1145/3617072.3617102(143-157)Online publication date: 16-Oct-2023
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media