Skip to main content
SpringerLink
Log in

Software Vulnerabilities Detection Using a Trace-Based Analysis Model

  • Conference paper
  • First Online:
Towards new e-Infrastructure and e-Services for Developing Countries (AFRICOMM 2022)

  • 182 Accesses

Abstract

Over the years, digital technology has grown considerably. With this growth, the information systems’ security has increasingly become a major concern. In this paper, we propose an analysis model based on application execution traces. This model makes it possible to improve the detection of vulnerabilities in applications. Indeed, after an evaluation of each of the tracing techniques we derived this model which takes into account these techniques and combines them with machine learning techniques. In this way, the applications undergo several analyses. This reduces the effect of evasion techniques used by hackers to circumvent the proposed solutions. We focused on Android applications because of their increasing popularity with a variety of services and features offered, making them a favourite target for hackers. These hackers use every means to exploit the slightest flaw in the applications. Unfortunately, the solutions proposed remain insufficient and sometimes ineffective in the face of their determination.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://www.brendangregg.com/blog/2014-05-11/strace-wow-much-syscall.html.

  2. 2.

    http://dtrace.org/blogs/about/.

  3. 3.

    https://developer.apple.com/library/mac/documentation/DeveloperTools/Conceptual/InstrumentsUserGuide/.

  4. 4.

    https://lttng.org.

  5. 5.

    https://www.gartner.com/en/information-technology/insights/top-technology-trends/top-technology-trends-ebook.

References

  1. Nguyen, K.D.T., Tuan, T.M., Le, S.H., Viet, A.P., Ogawa, M., Minh, N.L.: Comparison of three deep learning-based approaches for IoT malware detection. In: 10th International Conference on Knowledge and Systems Engineering (2018)

    Google Scholar 

  2. Dehkordy, D.T., Rasoolzadegan, A.: A new machine learning-based method for android malware detection on imbalanced dataset. Multimedia Tools Appl. 80(16), 24533–24554 (2021). https://doi.org/10.1007/s11042-021-10647-z

    Article  Google Scholar 

  3. Lin, G., Wen, S., Han, Q-L., Zhang, J., Xiang, Y.: Software vulnerability detection using deep neural networks: a survey. In: Proceedings of the IEEE (2020). https://doi.org/10.1109/JPROC.2020.2993293

  4. Dong, S., et al.: Understanding android obfuscation techniques: a large-scale investigation in the wild. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds.) SecureComm 2018. LNICST, vol. 254, pp. 172–192. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01701-9_10

    Chapter  Google Scholar 

  5. Garcia, J., Hammad, M., Malek, S.: Lightweight, obfuscation-resilient detection and family identification of android malware. ACM Trans. Softw. Eng. Meth. (TOSEM) (2018)

    Google Scholar 

  6. https://www.gartner.com/en/information-technology/insights/top-technology-trends/top-technology-trends-ebook

  7. Cueva, P.L., Bertaux, A., Termier, A., Méhaut, J.F., Santana, M.: Debugging embedded multimedia application traces through periodic pattern mining. In: Proceedings of the Tenth ACM International Conference on Embedded Software, EMSOFT 2012, pp. 13–22 (2012). https://doi.org/10.1145/2380356.2380366

  8. Koala, G., Bassolé, D., Zerbo/Sabané, A., Bissyandé, T.F., Sié, O.: Analysis of the impact of permissions on the vulnerability of mobile applications. In: International Conference on e-Infrastructure and e-Services for Developing Countries, AFRICOMM 2019, pp 3–14 (2019). https://doi.org/10.1007/978-3-030-41593-8_1

  9. Ghaffarian, S.M., Shahriari, H.R.: Software vulnerability analysis and discovery using machine-learning and data-mining techniques: a survey. ACM Comput. Surv. 50(4), 1–36 (2017)

    Article  Google Scholar 

  10. Lei, T., Qin, Z., Wang, Z., Li, Q., Ye, D.: Evedroid: event-aware android malware detection against model degrading for IoT devices. IEEE Internet Things J. (2019). https://doi.org/10.1109/JIOT.2019.2909745

  11. Lebis, A.: Capitaliser les processus d’analyse de traces d’apprentissage : modélisation ontologique et assistance à la réutilisation", Thèse, Sorbonne Université (2020). https://tel.archives-ouvertes.fr/tel-02164400v2

  12. Galli, T., Chiclana, F., Siewe, F.: Quality properties of execution tracing, an empirical study. Appl. Syst. Innov. 4, 20 (2021). https://doi.org/10.3390/asi4010020

    Article  Google Scholar 

  13. Hojaji, F., Mayerhofer, T., Zamani, B., Hamou-Lhadj, A., Bousse, E.: Model execution tracing: a systematic mapping study. Softw. Syst. Model. 18(6), 3461–3485 (2019). https://doi.org/10.1007/s10270-019-00724-1

    Article  Google Scholar 

  14. Hassan, N.A., Hijazi, R.: Digital Privacy and Security Using Windows, CA Apress, Berkeley (2017). https://doi.org/10.1007/978-1-4842-2799-2

  15. Zhou, D., Yan, Z., Fu, Y., Yao, Z.: A survey on network data collection. J. Netw. Comput. Appl. 116, 9–23 (2018). https://doi.org/10.1016/j.jnca.2018.05.004

    Article  Google Scholar 

  16. Lazar, J., Feng, J.H., Hochheiser, H.: Chapter 12 - Automated Data Collection Methods. Research Methods in Human Computer Interaction, 2nd edition, Elsevier, Britain, pp 329–368 (2017). https://doi.org/10.1016/B978-0-12-805390-4.00012-1

  17. Gruber, F.: Performance debugging toolbox for binaries: sensitivity analysis and dependence profiling. pp 3–10 (2020). https://tel.archives-ouvertes.fr/tel-02908498

  18. Belkhiri, A.: Analyse de performances des réseaux programmables, à partir d’une trace d’exécution (2021). https://publications.polymtl.ca/9988/1/2021_AdelBelkhiri.pdf

  19. Venturi, H.: Le débogage de code optimisé dans le contexte des systèmes embarqués", pp. 13–40 (2008)

    Google Scholar 

  20. Iegorov, O.: Data mining approach to temporal debugging of embedded streaming applications, pp 89–95 (2018). https://tel.archives-ouvertes.fr/tel-01690719

  21. Bationo, Y.J.: Analyse de performance des plateformes infonuagiques, École Polytechnique de Montréal, pp. 19–28 (2016)

    Google Scholar 

  22. Reumont-Locke, F.: Méthodes efficaces de parallélisation de l’analyse de traces noyau (2015). https://publications.polymtl.ca/1899/1/2015_FabienReumontLocke.pdf

  23. Ravanello, A.: Modeling end user performance perspective for cloud computing systems using data center logs from big data technology. Thesis (2017)

    Google Scholar 

  24. Kouamé, K.G., Ezzati-Jivan, N., Dagenais, M.R.: A flexible datadriven approach for execution trace filtering. In: IEEE International Congress on Big Data (BigData Congress: New York, NY, USA (2015). https://doi.org/10.1109/bigdatacongress.2015.112

  25. Bationo, Y.J., Ezzati-Jivan, N., Dagenais, M.R.: Efficient cloud tracing: from very high level to very low level. In: IEEE International Conference on Consumer Electronics (ICCE 2018), Las Vegas, NV, USA (2018). https://doi.org/10.1109/icce.2018.8326353

  26. Ezzati-Jivan, N., Bastien, G., Dagenais, M.R.: High latency cause detection using multilevel dynamic analysis. In: Annual IEEE International Systems Conference SysCon: Vancouver. Canada (2018). https://doi.org/10.1109/syscon.2018.8369613

  27. Agrawal, P., Trivedi, B.: A survey on android malware and their detection techniques. In: IEEE International Conference on Electrical, Computer and Communication Technologies (ICECCT) (2019). https://doi.org/10.1109/ICECCT.2019.8868951

  28. Qamar, A., Karim, A., Chang, V.: Mobile malware attacks: review, taxonomy and future directions. Future Gener. Comput. Syst. 97, 887–909 (2019). https://doi.org/10.1016/j.future.2019.03.007

    Article  Google Scholar 

  29. Zhou, Q., Feng, F., Shen, Z., Zhou, R., Hsieh, M.-Y., Li, K.-C.: A novel approach for mobile malware classification and detection in Android systems. Multimedia Tools Appl. 78(3), 3529–3552 (2018). https://doi.org/10.1007/s11042-018-6498-z

    Article  Google Scholar 

  30. Sestili, C.D., Snavely, W.S., VanHoudnos, N.M.: Towards security defect prediction with AI (2018). arXiv:1808.09897. http://arxiv.org/abs/1808.09897

  31. Fernández, A., García, S., Galar, M., Prati, R.C., Krawczyk, B., Herrera, F.: Imbalanced classification for big data. In: Learning from Imbalanced Data Sets, pp. 327–349. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98074-4_13

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratoire de Mathématiques et d’Informatique, Université Joseph Ki -Zerbo, Ouagadougou, Burkina Faso

    Gouayon Koala, Didier Bassole & Oumarou Sie

  2. Laboratoire d’Algèbre, de Mathématiques Discrètes et d’Informatique, Université Nazi Boni, Bobo-Dioulasso, Burkina Faso

    Telesphore Tiendrebeogo

Authors
  1. Gouayon Koala
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Didier Bassole
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Telesphore Tiendrebeogo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Oumarou Sie
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gouayon Koala .

Editor information

Editors and Affiliations

  1. Taif University, Ta'if, Saudi Arabia

    Rashid A. Saeed

  2. State University of Zanzibar, Zanzibar, Tanzania

    Abubakar D. Bakari

  3. State University of Zanzibar, Zanzibar, Tanzania

    Yahya Hamad Sheikh

Rights and permissions

Reprints and permissions

Copyright information

© 2023 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Koala, G., Bassole, D., Tiendrebeogo, T., Sie, O. (2023). Software Vulnerabilities Detection Using a Trace-Based Analysis Model. In: Saeed, R.A., Bakari, A.D., Sheikh, Y.H. (eds) Towards new e-Infrastructure and e-Services for Developing Countries. AFRICOMM 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 499. Springer, Cham. https://doi.org/10.1007/978-3-031-34896-9_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-34896-9_27

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-34895-2

  • Online ISBN: 978-3-031-34896-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation