Mining apps for abnormal usage of sensitive data
作者: Siegfried Rasthofer , Eric Bodden , Steven Arzt , Andreas Zeller , Alessandra Gorla
关键词:
摘要: What is it that makes an app malicious? One important factor malicious apps treat sensitive data differently from benign apps. To capture such differences, we mined 2,866 Android applications for their flow sources, and compare these flows against those found in We find (a) every source, the ends up a small number of typical sinks; (b) sinks differ considerably between apps; (c) differences can be used to flag due abnormal flow; (d) identified by alone, without requiring known malware samples. In our evaluation, mudflow prototype correctly 86.4% all novel malware, 90.1% leaking data.
acm.org
tu-darmstadt.de
bodden.de 
utdallas.edu 参考文章(30)
Tao Xie, Rahul Pandita, William Enck, Xusheng Xiao, Wei Yang, WHYPER: towards automating risk assessment of mobile applications usenix security symposium. pp. 527- 542 ,(2013)
Clint Gibler, Jonathan Crussell, Jeremy Erickson, Hao Chen, AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale trust and trustworthy computing. pp. 291- 307 ,(2012) , 10.1007/978-3-642-30921-2_17
Ondrej Lhotak, Eric Bodden, Patrick Lam, Laurie Hendren, The Soot framework for Java program analysis: a retrospective ,(2011)
Pai-Hsuen Chen, Chih-Jen Lin, Bernhard Schölkopf, A tutorial on ν‐support vector machines Applied Stochastic Models in Business and Industry. ,vol. 21, pp. 111- 136 ,(2005) , 10.1002/ASMB.537
Damien Octeau, Siegfried Rasthofer, Yves Le Traon, Eric Bodden, Alexandre Bartel, Patrick D. McDaniel, Steven Arzt, Jacques Klein, Li Li, I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis arXiv: Software Engineering. ,(2014)
Ryan Stevens, Jonathan Ganz, Vladimir Filkov, Premkumar Devanbu, Hao Chen, Asking for (and about) permissions used by Android apps mining software repositories. pp. 31- 40 ,(2013) , 10.1109/MSR.2013.6624000
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Mark Harman, Yue Jia, Yuanyuan Zhang, App store mining and analysis: MSR for app stores mining software repositories. pp. 108- 111 ,(2012) , 10.5555/2664446.2664461
William Enck, Machigar Ongtang, Patrick McDaniel, On lightweight mobile phone application certification computer and communications security. pp. 235- 245 ,(2009) , 10.1145/1653662.1653691
Sebastian Poeplau, Yanick Fratantonio, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna, Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications. network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23328