Abstract
Over the years, digital technology has grown considerably. With this growth, the information systems’ security has increasingly become a major concern. In this paper, we propose an analysis model based on application execution traces. This model makes it possible to improve the detection of vulnerabilities in applications. Indeed, after an evaluation of each of the tracing techniques we derived this model which takes into account these techniques and combines them with machine learning techniques. In this way, the applications undergo several analyses. This reduces the effect of evasion techniques used by hackers to circumvent the proposed solutions. We focused on Android applications because of their increasing popularity with a variety of services and features offered, making them a favourite target for hackers. These hackers use every means to exploit the slightest flaw in the applications. Unfortunately, the solutions proposed remain insufficient and sometimes ineffective in the face of their determination.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
References
Nguyen, K.D.T., Tuan, T.M., Le, S.H., Viet, A.P., Ogawa, M., Minh, N.L.: Comparison of three deep learning-based approaches for IoT malware detection. In: 10th International Conference on Knowledge and Systems Engineering (2018)
Dehkordy, D.T., Rasoolzadegan, A.: A new machine learning-based method for android malware detection on imbalanced dataset. Multimedia Tools Appl. 80(16), 24533–24554 (2021). https://doi.org/10.1007/s11042-021-10647-z
Lin, G., Wen, S., Han, Q-L., Zhang, J., Xiang, Y.: Software vulnerability detection using deep neural networks: a survey. In: Proceedings of the IEEE (2020). https://doi.org/10.1109/JPROC.2020.2993293
Dong, S., et al.: Understanding android obfuscation techniques: a large-scale investigation in the wild. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds.) SecureComm 2018. LNICST, vol. 254, pp. 172–192. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01701-9_10
Garcia, J., Hammad, M., Malek, S.: Lightweight, obfuscation-resilient detection and family identification of android malware. ACM Trans. Softw. Eng. Meth. (TOSEM) (2018)
Cueva, P.L., Bertaux, A., Termier, A., Méhaut, J.F., Santana, M.: Debugging embedded multimedia application traces through periodic pattern mining. In: Proceedings of the Tenth ACM International Conference on Embedded Software, EMSOFT 2012, pp. 13–22 (2012). https://doi.org/10.1145/2380356.2380366
Koala, G., Bassolé, D., Zerbo/Sabané, A., Bissyandé, T.F., Sié, O.: Analysis of the impact of permissions on the vulnerability of mobile applications. In: International Conference on e-Infrastructure and e-Services for Developing Countries, AFRICOMM 2019, pp 3–14 (2019). https://doi.org/10.1007/978-3-030-41593-8_1
Ghaffarian, S.M., Shahriari, H.R.: Software vulnerability analysis and discovery using machine-learning and data-mining techniques: a survey. ACM Comput. Surv. 50(4), 1–36 (2017)
Lei, T., Qin, Z., Wang, Z., Li, Q., Ye, D.: Evedroid: event-aware android malware detection against model degrading for IoT devices. IEEE Internet Things J. (2019). https://doi.org/10.1109/JIOT.2019.2909745
Lebis, A.: Capitaliser les processus d’analyse de traces d’apprentissage : modélisation ontologique et assistance à la réutilisation", Thèse, Sorbonne Université (2020). https://tel.archives-ouvertes.fr/tel-02164400v2
Galli, T., Chiclana, F., Siewe, F.: Quality properties of execution tracing, an empirical study. Appl. Syst. Innov. 4, 20 (2021). https://doi.org/10.3390/asi4010020
Hojaji, F., Mayerhofer, T., Zamani, B., Hamou-Lhadj, A., Bousse, E.: Model execution tracing: a systematic mapping study. Softw. Syst. Model. 18(6), 3461–3485 (2019). https://doi.org/10.1007/s10270-019-00724-1
Hassan, N.A., Hijazi, R.: Digital Privacy and Security Using Windows, CA Apress, Berkeley (2017). https://doi.org/10.1007/978-1-4842-2799-2
Zhou, D., Yan, Z., Fu, Y., Yao, Z.: A survey on network data collection. J. Netw. Comput. Appl. 116, 9–23 (2018). https://doi.org/10.1016/j.jnca.2018.05.004
Lazar, J., Feng, J.H., Hochheiser, H.: Chapter 12 - Automated Data Collection Methods. Research Methods in Human Computer Interaction, 2nd edition, Elsevier, Britain, pp 329–368 (2017). https://doi.org/10.1016/B978-0-12-805390-4.00012-1
Gruber, F.: Performance debugging toolbox for binaries: sensitivity analysis and dependence profiling. pp 3–10 (2020). https://tel.archives-ouvertes.fr/tel-02908498
Belkhiri, A.: Analyse de performances des réseaux programmables, à partir d’une trace d’exécution (2021). https://publications.polymtl.ca/9988/1/2021_AdelBelkhiri.pdf
Venturi, H.: Le débogage de code optimisé dans le contexte des systèmes embarqués", pp. 13–40 (2008)
Iegorov, O.: Data mining approach to temporal debugging of embedded streaming applications, pp 89–95 (2018). https://tel.archives-ouvertes.fr/tel-01690719
Bationo, Y.J.: Analyse de performance des plateformes infonuagiques, École Polytechnique de Montréal, pp. 19–28 (2016)
Reumont-Locke, F.: Méthodes efficaces de parallélisation de l’analyse de traces noyau (2015). https://publications.polymtl.ca/1899/1/2015_FabienReumontLocke.pdf
Ravanello, A.: Modeling end user performance perspective for cloud computing systems using data center logs from big data technology. Thesis (2017)
Kouamé, K.G., Ezzati-Jivan, N., Dagenais, M.R.: A flexible datadriven approach for execution trace filtering. In: IEEE International Congress on Big Data (BigData Congress: New York, NY, USA (2015). https://doi.org/10.1109/bigdatacongress.2015.112
Bationo, Y.J., Ezzati-Jivan, N., Dagenais, M.R.: Efficient cloud tracing: from very high level to very low level. In: IEEE International Conference on Consumer Electronics (ICCE 2018), Las Vegas, NV, USA (2018). https://doi.org/10.1109/icce.2018.8326353
Ezzati-Jivan, N., Bastien, G., Dagenais, M.R.: High latency cause detection using multilevel dynamic analysis. In: Annual IEEE International Systems Conference SysCon: Vancouver. Canada (2018). https://doi.org/10.1109/syscon.2018.8369613
Agrawal, P., Trivedi, B.: A survey on android malware and their detection techniques. In: IEEE International Conference on Electrical, Computer and Communication Technologies (ICECCT) (2019). https://doi.org/10.1109/ICECCT.2019.8868951
Qamar, A., Karim, A., Chang, V.: Mobile malware attacks: review, taxonomy and future directions. Future Gener. Comput. Syst. 97, 887–909 (2019). https://doi.org/10.1016/j.future.2019.03.007
Zhou, Q., Feng, F., Shen, Z., Zhou, R., Hsieh, M.-Y., Li, K.-C.: A novel approach for mobile malware classification and detection in Android systems. Multimedia Tools Appl. 78(3), 3529–3552 (2018). https://doi.org/10.1007/s11042-018-6498-z
Sestili, C.D., Snavely, W.S., VanHoudnos, N.M.: Towards security defect prediction with AI (2018). arXiv:1808.09897. http://arxiv.org/abs/1808.09897
Fernández, A., García, S., Galar, M., Prati, R.C., Krawczyk, B., Herrera, F.: Imbalanced classification for big data. In: Learning from Imbalanced Data Sets, pp. 327–349. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98074-4_13
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Koala, G., Bassole, D., Tiendrebeogo, T., Sie, O. (2023). Software Vulnerabilities Detection Using a Trace-Based Analysis Model. In: Saeed, R.A., Bakari, A.D., Sheikh, Y.H. (eds) Towards new e-Infrastructure and e-Services for Developing Countries. AFRICOMM 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 499. Springer, Cham. https://doi.org/10.1007/978-3-031-34896-9_27
Download citation
DOI: https://doi.org/10.1007/978-3-031-34896-9_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-34895-2
Online ISBN: 978-3-031-34896-9
eBook Packages: Computer ScienceComputer Science (R0)