ABSTRACT
How do we know a program does what it claims to do? After clustering Android apps by their description topics, we identify outliers in each cluster with respect to their API usage. A "weather" app that sends messages thus becomes an anomaly; likewise, a "messaging" app would typically not be expected to access the current location. Applied on a set of 22,500+ Android applications, our CHABADA prototype identified several anomalies; additionally, it flagged 56% of novel malware as such, without requiring any known malware patterns.
- D. Amalfitano, A. R. Fasolino, P. Tramontana, S. De Carmine, and A. M. Memon. Using GUI ripping for automated testing of Android applications. In IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 258–261, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
- K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie. PScout: analyzing the Android permission specification. In ACM Conference on Computer and Communications Security (CCS), pages 217–228, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
- A. Bartel, J. Klein, M. Monperrus, and Y. Le Traon. Automatically securing permission-based software by reducing the attack surface: An application to Android. In IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 274–277, 2012. Google ScholarDigital Library
- D. M. Blei, A. Y. Ng, and M. I. Jordan. Latent Dirichlet allocation. Journal of Machine Learning Research, 3:993–1022, 2003. Google ScholarDigital Library
- E. Bodden, A. Sewe, J. Sinschek, H. Oueslati, and M. Mezini. Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders. In ACM/IEEE International Conference on Software Engineering (ICSE), pages 241–250, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In USENIX conference on Operating Systems Design and Implementation (OSDI), pages 1–6, Berkeley, CA, USA, 2010. USENIX Association. Google ScholarDigital Library
- A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In ACM Conference on Computer and Communications Security (CCS), pages 627–638, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- C. Fritz, S. Arzt, S. Rasthofer, E. Bodden, A. Bartel, J. Klein, Y. le Traon, D. Octeau, and P. McDaniel. Highly precise taint analysis for Android applications. Technical Report TUD-CS-2013-0113, EC SPRIDE, 2013.Google Scholar
- M. Harman, Y. Jia, and Y. Zhang. App store mining and analysis: MSR for app stores. In IEEE Working Conference on Mining Software Repositories (MSR), pages 108–111, 2012.Google ScholarCross Ref
- K. A. Heller, K. M. Svore, A. D. Keromytis, and S. J. Stolfo. One class support vector machines for detecting anomalous windows registry accesses. In ICDM Workshop on Data Mining for Computer Security (DMSEC), 2003.Google Scholar
- E. W. Høst and B. M. Østvold. Debugging method names. In European Conference on Object-Oriented Programming (ECOOP), pages 294–317. Springer, 2009. Google ScholarDigital Library
- C. Hu and I. Neamtiu. Automating GUI testing for Android applications. In International Workshop on Automation of Software Test (AST), pages 77–83, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- K. S. Jones. A statistical interpretation of term specificity and its application in retrieval. Journal of Documentation, 28(1):11–21, 1972.Google ScholarCross Ref
- J. Lin, S. Amini, J. I. Hong, N. Sadeh, J. Lindqvist, and J. Zhang. Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. In ACM Conference on Ubiquitous Computing (UbiComp), pages 501–510, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
- A. Machiry, R. Tahiliani, and M. Naik. Dynodroid: an input generation system for Android apps. In European Software Engineering Conference held jointly with ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE), pages 224–234, New York, NY, USA, 2013. ACM. Google ScholarDigital Library
- J. B. MacQueen. Some methods for classification and analysis of multivariate observations. In L. M. L. Cam and J. Neyman, editors, Berkeley Symposium on Mathematical Statistics and Probability, volume 1, pages 281–297. University of California Press, 1967.Google Scholar
- L. M. Manevitz and M. Yousef. One-class SVMs for document classification. Journal of Machine Learning Research, 2:139–154, 2002. Google ScholarDigital Library
- A. K. McCallum. Mallet: A machine learning for language toolkit. http://mallet.cs.umass.edu, 2002.Google Scholar
- R. Pandita, X. Xiao, W. Yang, W. Enck, and T. Xie. WHYPER: Towards automating risk assessment of mobile applications. In USENIX Security Symposium, pages 527–542, 2013. Google ScholarDigital Library
- R. Pandita, X. Xiao, H. Zhong, T. Xie, S. Oney, and A. Paradkar. Inferring method specifications from natural language API descriptions. In ACM/IEEE International Conference on Software Engineering (ICSE), 2012. Google ScholarDigital Library
- P. Rousseeuw. Silhouettes: a graphical aid to the interpretation and validation of cluster analysis. Journal of Computational and Applied Mathematics, 20(1):53–65, 1987. Google ScholarDigital Library
- B. Schölkopf, J. C. Platt, J. C. Shawe-Taylor, A. J. Smola, and R. C. Williamson. Estimating the support of a high-dimensional distribution. Neural Computation, 13(7):1443–1471, 2001. Google ScholarDigital Library
- R. Stevens, J. Ganz, P. Devanbu, H. Chen, and V. Filkov. Asking for (and about) permissions used by Android apps. In IEEE Working Conference on Mining Software Repositories (MSR), pages 31–40, San Francisco, CA, 2013. Google ScholarDigital Library
- L. Tan, D. Yuan, G. Krishna, and Y. Zhou. /* iComment: Bugs or bad comments? */. In ACM SIGOPS Symposium on Operating Systems Principles (SOSP), pages 145–158, 2007. Google ScholarDigital Library
- A. Wasylkowski, A. Zeller, and C. Lindig. Detecting object usage anomalies. In European Software Engineering Conference held jointly with ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE), pages 35–44, New York, NY, 2007. ACM. Google ScholarDigital Library
- X. Wei, L. Gomez, I. Neamtiu, and M. Faloutsos. ProfileDroid: multi-layer profiling of Android applications. In ACM Annual International Conference on Mobile Computing and networking (MobiCom), pages 137–148, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
- W. Yang, M. R. Prasad, and T. Xie. A grey-box approach for automated GUI-model generation of mobile applications. In International Conference on Fundamental Approaches to Software Engineering (FASE), pages 250–265, Berlin, Heidelberg, 2013. Springer-Verlag. Google ScholarDigital Library
- Y. Zhou and X. Jiang. Dissecting Android malware: Characterization and evolution. In IEEE Symposium on Security and Privacy (SP), pages 95–109, Washington, DC, USA, 2012. IEEE Computer Society. Google ScholarDigital Library
Index Terms
- Checking app behavior against app descriptions
Recommendations
An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide WebWith the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
Permission-Educator: App for Educating Users About Android Permissions
Intelligent Human Computer InteractionAbstractCyberattacks and malware infestation are issues that surround most operating systems (OS) these days. In smartphones, Android OS is more susceptible to malware infection. Although Android has introduced several mechanisms to avoid cyberattacks, ...
Same app, different app stores: a comparative study
MOBILESoft '17: Proceedings of the 4th International Conference on Mobile Software Engineering and SystemsTo attract more users, implementing the same mobile app for different platforms has become a common industry practice. App stores provide a unique channel for users to share feedback on the acquired apps through ratings and textual reviews. However, ...
Comments