Skip to main content
SpringerLink
Log in

Privacy Petri Net and Privacy Leak Software

  • Regular Paper
  • Published:
Journal of Computer Science and Technology Aims and scope Submit manuscript

Abstract

Private information leak behavior has been widely discovered in malware and suspicious applications. We refer to such software as privacy leak software (PLS). Nowadays, PLS has become a serious and challenging problem to cyber security. Previous methodologies are of two categories: one focuses on the outbound network traffic of the applications; the other dives into the inside information flow of the applications. We present an abstract model called Privacy Petri Net (PPN) which is more applicable to various applications and more intuitive and vivid to users. We apply our approach to both malware and suspicious applications in real world. The experimental result shows that our approach can effectively find categories, content, procedure, destination and severity of the private information leaks for the target software.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Backes M, Kopf B, Rybalchenko A. Automatic discovery and quantification of information leaks. In Proc. the 30th IEEE Symposium on Security and Privacy, May 2009, pp.141-153.

  2. Borders K, Prakash A. Quantifying information leaks in outbound Web traffic. In Proc. the 30th IEEE Symposium on Security and Privacy, May 2009, pp.129-140.

  3. Jung J, Sheth A, Greenstein B, Wetherall D, Maganis G, Kohno T. Privacy oracle: A system for finding application leaks with black box differential testing. In Proc. the 15th ACM Conference on Computer and Communications Security, Oct. 2008, pp.279-288.

  4. Egele M, Kruegel C, Kirda E, Vigna G. PiOS: Detecting privacy leaks in IOS applications. In Proc. the 18th Annual Network & Distributed System Security Symposium, Feb. 2011.

  5. Enck W, Gilbert P, Chun B G, Cox L P, Jung J, McDaniel P, Sheth A. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proc. the 9th USENIX Symposium on Operating Systems Design and Implementation, Oct. 2010, pp.393-407.

  6. Kirda E, Kruegel C. Behavior-based spyware detection. In Proc. the 15th USENIX Security Symposium, July 31-August 4, 2006.

  7. Egele M, Kruegel C, Kirda E, Yin H, Song D. Dynamic spyware analysis. In Proc. the 2007 USENIX Annual Technical Conference, June 2007, pp.233-246.

  8. Kruegel C, Kirda E, Mutz D, Robertson W, Vigna G. Polymorphic worm detection using structural information of executables. In Proc. the 8th International Symposium on Recent Advances in Intrusion Detection, Sept. 2005, pp.207-226.

  9. Kinder J, Katzenbeisser S, Schallhart C, Veith H. Detecting malicious code by model checking. In Proc. the 2nd International Conference on Detection of Intrusions and Malware and Vulnerability Assessment, July 2005, pp.174-187.

  10. Kruegel C, Robertson W, Vigna G. Detecting kernel-level rootkits through binary analysis. In Proc. the 20th Annual Computer Security Applications Conference, Dec. 2004, pp.91-100.

  11. Christodorescu M, Jha S. Static analysis of executables to detect malicious patterns. In Proc. the 12th USENIX Security Symposium, Aug. 2003.

  12. Moser A, Kruegel C, Kirda E. Limits of static analysis for malware detection. In Proc. the 23rd Annual Computer Security Applications Conference, Dec. 2007, pp.421-430.

  13. Sharif M, Lanzi A, Giffin J, Lee W. Impeding malware analysis using conditional code obfuscation. In Proc. the 15th Annual Network and Distributed System Security Symposium, Feb. 2008.

  14. Sharif M, Lanzi A, Giffin J, Lee W. Automatic reverse engineering of malware emulators. In Proc. the 30th IEEE Symposium on Security and Privacy, May 2009, pp.94-109.

  15. Rhee J, Riley R, Xu D, Jiang X. Kernel malware analysis with un-tampered and temporal views of dynamic kernel memory. In Proc. the 13th International Symposium on Recent Advances in Intrusion Detection, Sept. 2010, pp.178-197.

  16. Lanzi A, Sharif M, Lee W. K-tracer: A system for extracting kernel malware behavior. In Proc. the 16th Annual Network & Distributed System Security Symposium, Feb. 2009.

  17. Yin H, Liang Z, Song D. HookFinder: Identifying and understanding malware hooking behaviors. In Proc. the 15th Annual Network & Distributed System Security Symposium, Feb. 2008.

  18. Moser A, Kruegel C, Kirda E. Exploring multiple execution paths for malware analysis. In Proc. the 28th IEEE Symposium on Security and Privacy, May 2007, pp.231-245.

  19. Comparetti P M, Salvaneschi G, Kirda E, Kolbitsch C, Kruegel C, Zanero S. Identifying dormant functionality in malware programs. In Proc. the 31st IEEE Symposium on Security and Privacy, May 2010, pp.61-76.

  20. Christodorescu M, Jha S, Seshia S A, Song D, Bryant R E. Semantics-aware malware detection. In Proc. the 26th IEEE Symposium on Security and Privacy, May 2005, pp.32-46.

  21. Bruschi D, Martignoni L, Monga M. Detecting selfmutating malware using control-flow graph matching. In Proc. the 3rd International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 2006, pp.129-143.

  22. Christodorescu M, Jha S, Kruegel C. Mining specifications of malicious behavior. In Proc. the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, Sept. 2007, pp.5-14.

  23. Martignoni L, Stinson E, Fredrikson M, Jha S, Mitchell J. A layered architecture for detecting malicious behaviors. In Proc. the 11th International Symposium on Recent Advances in Intrusion Detection, Sept. 2008, pp.78-97.

  24. Fredrikson M, Jha S, Christodorescu M, Sailer R, Yan X. Synthesizing near-optimal malware specifications from suspicious behaviors. In Proc. the 31st IEEE Symposium on Security and Privacy, May 2010, pp.45-60.

  25. Wang Y, Lin C, Ungsunan P D, Huang X. Modeling and survivability analysis of service composition using Stochastic Petri Nets. The Journal of Supercomputing, 2011, 56(1): 79–105.

    Article  Google Scholar 

  26. Yu M, Wang Y, Liu L, Cheng X. Modeling and analysis of email worm propagation based on stochastic game nets. In Proc. the 12th International Conference on Parallel and Distributed Computing, Applications and Technologies, Oct. 2011, pp.381-386.

  27. Fan L,Wang Y, Jin X, Li J, Cheng X, Jin S. Comprehensive quantitative analysis on privacy leak behavior. PloS One, 2013, 8(9): e73410.

  28. Fan L,Wang Y, Cheng X, Li J, Jin S. Privacy theft malware multi-process collaboration analysis. Security and Communication Networks, 2015, 8(1): 51–67.

    Article  Google Scholar 

  29. Wang Y, Lin C, Meng K, Yang H, Lv J. Security analysis for online banking system using hierarchical stochastic game nets model. In Proc. IEEE Global Communications Conference, Nov. 30-Dec. 4, 2009.

  30. Wang Y, Lin C, Wang Y, Meng K. Security analysis of enterprise network based on stochastic game nets model. In Proc. IEEE International Conference on Communications, June 2009.

  31. Wang Y, Lin C, Meng K, Lv J. Analysis of attack actions for e-commerce based on stochastic game nets model. Journal of Computers, 2009, 4(6): 461–468.

    Google Scholar 

  32. Wang Y, Yu M, Li J, Meng K, Lin C, Cheng X. Stochastic game net and applications in security analysis for enterprise network. International Journal of Information Security, 2012, 11(1): 41–52.

    Article  Google Scholar 

  33. Gao H, Wang Y, Wang L, Liu L, Li J, Cheng X. Trojan characteristics analysis based on Stochastic Petri Nets. In Proc. IEEE International Conference on Intelligence and Security Informatics, July 2011, pp.213-215.

  34. Tokhtabayev A, Skormin V, Dolgikh A. Dynamic, resilient detection of complex malicious functionalities in the system call domain. In Proc. Military Communications Conference, Oct. 31-Nov. 3, 2010, pp.1349-1356.

  35. Tokhtabayev A, Skormin V, Dolgikh A. Expressive, efficient and obfuscation resilient behavior based IDs. In Proc. the 15th European Symposium on Research in Computer Security, Sept. 2010, pp.698-715.

  36. Liu P, Wang J, He D. Worm detection using CPN. In Proc. IEEE International Conference on Systems, Man and Cybernetics, Oct. 2004, pp.4941-4946.

  37. Ho Y, Frincke D, Tobin D. Planning, Petri nets, and intrusion detection. In Proc. the 21st National Information Systems Security Conference, Oct. 1998.

  38. Johnson N M, Caballero J, Chen K Z, McCamant S, Poosankam P, Reynaud D, Song D. Differential slicing: Identifying causal execution differences for security applications. In Proc. the 32nd IEEE Symposium on Security and Privacy, May 2011, pp.347-362.

  39. Jacob G, Debar H, Filiol E. Malware behavioral detection by attribute-automata using abstraction from platform and language. In Proc. the 12th International Symposium on Recent Advances in Intrusion Detection, Sept. 2009, pp.81-100.

  40. Lanzi A, Balzarotti D, Kruegel C, Christodorescu M, Kirda E. AccessMiner: Using system-centric models for malware protection. In Proc. the 17th ACM Conference on Computer and Communications Security, Oct. 2010, pp.399-412.

  41. Lou W, Ren K. Security, privacy, and accountability in wireless access networks. IEEE Wireless Communications, 2009, 16(4): 80–87.

    Article  Google Scholar 

  42. Liu X, Zhao H, Pan M, Yue H, Li X, Fang Y. Traffic-aware multiple mix zone placement for protecting location privacy. In Proc. INFOCOM, Mar. 2012, pp.972-980.

  43. Lin X, Lu R, Liang X, Shen X. STAP: A social-tier-assisted packet forwarding protocol for achieving receiver-location privacy preservation in VANETs. In Proc. INFOCOM, Apr. 2011, pp.2147-2155.

  44. Gilbert P, Chun B G, Cox L P, Jung J. Automating privacy testing of smartphone applications. Technical Report, TR-CS-2011-02, Duke University, 2011.

  45. Enck W, Ongtang M, McDaniel P. Understanding Android security. IEEE Security & Privacy, 2009, 7(1): 50–57.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing, 100029, China

    Le-Jun Fan

  2. Institute of Computing Technology, Chinese Academy of Sciences, Beijing, 100190, China

    Yuan-Zhuo Wang, Jing-Yuan Li & Xue-Qi Cheng

  3. Department of Computer Science and Technology, Tsinghua University, Beijing, 100083, China

    Chuang Lin

Authors
  1. Le-Jun Fan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuan-Zhuo Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jing-Yuan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xue-Qi Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Chuang Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yuan-Zhuo Wang.

Additional information

This work is supported by the National Natural Science Foundation of China under Grant Nos. 61402124, 61402022, 61173008, 60933005, and 61572469, the National Key Technology Research and Development Program of China under Grant No. 2012BAH39B02, the 242 Projects of China under Grant No. 2011F45, and Beijing Nova Program under Grant No. Z121101002512063.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Fan, LJ., Wang, YZ., Li, JY. et al. Privacy Petri Net and Privacy Leak Software. J. Comput. Sci. Technol. 30, 1318–1343 (2015). https://doi.org/10.1007/s11390-015-1601-7

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11390-015-1601-7

Keywords

Search

Navigation