A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks

21st Annual Network and Distributed System Security Symposium, NDSS 2014

Volumn , Issue , 2014, Pages

  Rasthofer, Siegfried ^a   Arzt, Steven ^a   Bodden, Eric ^a  

^a DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

ANDROID (OPERATING SYSTEM); ARTIFICIAL INTELLIGENCE; CLASSIFICATION (OF INFORMATION); LEARNING SYSTEMS; MOBILE SECURITY; NETWORK SECURITY;

DYNAMIC ANALYSIS TOOLS; MACHINE LEARNING APPROACHES; MACHINE-LEARNING; SENSITIVE DATAS; SINK-IN; SMART PHONES; SOURCE AND SINK; STATIC AND DYNAMIC ANALYSIS; TRAINING SETS; USER DATA;

SENSITIVE DATA;

EID: 85179847964     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.14722/ndss/2014.23039     Document Type: Conference Paper

References (47)

1. J. Hoffmann, M. Ussath, M. Spreitzenbarth, and T. Holz, “Slicing Droids: Program Slicing for Smali Code,” in Proceedings of the 28th Symposium On Applied Computing, ACM, Ed., 2013, pp. 0–0.
2. L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang, “Chex: statically vetting android apps for component hijacking vulnerabilities,” in Proceedings of the 2012 ACM conference on Computer and communications security, ser. CCS’12. New York, NY, USA: ACM, 2012, pp. 229–240. [Online]. Available: http://doi.acm.org/10.1145/2382196.2382223
3. Z. Yang and M. Yang, “Leakminer: Detect information leakage on android with static taint analysis,” in Third World Congress on Software Engineering (WCSE 2012), 2012, pp. 101–104.
4. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, “A study of android application security,” in Proceedings of the 20th USENIX conference on Security, ser. SEC’11. Berkeley, CA, USA: USENIX Association, 2011, pp. 21–21. [Online]. Available: http://dl.acm.org/citation.cfm?id=2028067.2028088
5. A. P. Fuchs, A. Chaudhuri, and J. S. Foster, “Scandroid: Automated security certification of android applications,” Manuscript, Univ. of Maryland, http://www. cs. umd. edu/~ avik/projects/scandroidascaa, 2009.
6. J. Kim, Y. Yoon, K. Yi, and J. Shin, “ScanDal: Static analyzer for detecting privacy leaks in android applications,” in MoST 2012: Mobile Security Technologies 2012, H. Chen, L. Koved, and D. S. Wallach, Eds. Los Alamitos, CA, USA: IEEE, May 2012. [Online]. Available: http://ropas.snu.ac.kr/scandal/
7. C. Gibler, J. Crussell, J. Erickson, and H. Chen, “Androidleaks: automatically detecting potential privacy leaks in android applications on a large scale,” in Proceedings of the 5th international conference on Trust and Trustworthy Computing, ser. TRUST’12. Berlin, Heidelberg: Springer-Verlag, 2012, pp. 291–307. [Online]. Available: http://dx.doi.org/10.1007/978-3-642-30921-2_17
8. L. Batyuk, M. Herpich, S. A. Camtepe, K. Raddatz, A.-D. Schmidt, and S. Albayrak, “Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within android applications,” in Proceedings of the 2011 6th International Conference on Malicious and Unwanted Software, ser. MALWARE ’11. Washington, DC, USA: IEEE Computer Society, 2011, pp. 66–72. [Online]. Available: http://dx.doi.org/10.1109/MALWARE.2011.6112328
9. C. Mann and A. Starostin, “A framework for static detection of privacy leaks in android applications,” in Proceedings of the 27th Annual ACM Symposium on Applied Computing, ser. SAC’12. New York, NY, USA: ACM, 2012, pp. 1457–1462. [Online]. Available: http://doi.acm.org/10.1145/2231936.2232009
10. Z. Zhao and F. C. C. Osorio, “”trustdroid;”: Preventing the use of smartphones for information leaking in corporate networks through the used of static analysis taint tracking,” in MALWARE, 2012, pp. 135–143.
11. E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, “Analyzing inter-application communication in android,” in Proceedings of the 9th international conference on Mobile systems, applications, and services, ser. MobiSys’11. New York, NY, USA: ACM, 2011, pp. 239–252. [Online]. Available: http://doi.acm.org/10.1145/1999995.2000018
12. “Fortify 360 source code analyzer (sca),” Apr. 2013, http://www8.hp.com/us/en/softwaresolutions/software.html?compURI=1214365#.UW6CVKuAtfQ.
13. “Ibm rational appscan,” Apr. 2013, http://www01.ibm.com/software/de/rational/appscan/.
14. W. Enck, P. Gilbert, B. gon Chun, L. P. Cox, J. Jung, P. McDaniel, and A. Sheth, “Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones,” in OSDI, 2010, pp. 393–407.
15. R. Xu, H. Saïdi, and R. Anderson, “Aurasium: practical policy enforcement for android applications,” in Proceedings of the 21st USENIX conference on Security symposium, ser. Security’12. Berkeley, CA, USA: USENIX Association, 2012, pp. 27–27. [Online]. Available: http://dl.acm.org/citation.cfm?id=2362793.2362820
16. M. Backes, S. Gerling, C. Hammer, M. Maffei, and P. von Styp-Rekowsky, “Appguard: enforcing user requirements on android apps,” in Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems, ser. TACAS’13. Berlin, Heidelberg: Springer-Verlag, 2013, pp. 543–548. [Online]. Available: http://dx.doi.org/10.1007/978-3-642-36742-7_39
17. J. Jeon, K. K. Micinski, J. A. Vaughan, A. Fogel, N. Reddy, J. S. Foster, and T. Millstein, “Dr. android and mr. hide: fine-grained permissions in android applications,” in Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices, ser. SPSM ’12. New York, NY, USA: ACM, 2012, pp. 3–14. [Online]. Available: http://doi.acm.org/10.1145/2381934.2381938
18. “Google mirror api,” aug 2013, https://code.google.com/p/google-api-java-client/wiki/APIs#Google_Mirror_API.
19. “Google glass,” aug 2013, https://developers.google.com/glass/.
20. “Google cast,” aug 2013, https://developers.google.com/cast.
21. “Virus share,” aug 2013, http://virusshare.com/.
22. K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, “Pscout: analyzing the android permission specification,” in Proceedings of the 2012 ACM conference on Computer and communications security, ser. CCS’12. New York, NY, USA: ACM, 2012, pp. 217–228. [Online]. Available: http://doi.acm.org/10.1145/2382196.2382222
23. A. Bartel, J. Klein, Y. Le Traon, and M. Monperrus, “Automatically securing permission-based software by reducing the attack surface: an application to android,” in Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, ser. ASE 2012. New York, NY, USA: ACM, 2012, pp. 274–277. [Online]. Available: http://doi.acm.org/10.1145/2351676.2351722
24. A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, “Android permissions demystified,” in Proceedings of the 18th ACM conference on Computer and communications security, ser. CCS’11. New York, NY, USA: ACM, 2011, pp. 627–638. [Online]. Available: http://doi.acm.org/10.1145/2046707.2046779
25. J. C. Platt, “Advances in kernel methods,” B. Schölkopf, C. J. C. Burges, and A. J. Smola, Eds. Cambridge, MA, USA: MIT Press, 1999, ch. Fast training of support vector machines using sequential minimal optimization, pp. 185–208. [Online]. Available: http://dl.acm.org/citation.cfm?id=299094.299105
26. M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann, and I. H. Witten, “The weka data mining software: an update,” ACM SIGKDD Explorations Newsletter, vol. 11, no. 1, pp. 10–18, 2009.
27. J. R. Quinlan, C4.5: programs for machine learning. San Francisco, CA, USA: Morgan Kaufmann Publishers Inc., 1993.
28. H. Zhang, “The Optimality of Naive Bayes.” in FLAIRS Conference, V. Barr and Z. Markov, Eds. AAAI Press, 2004. [Online]. Available: http://www.cs.unb.ca/profs/hzhang/publications/FLAIRS04ZhangH.pdf
29. P. Lam, E. Bodden, O. Lhoták, and L. Hendren, “The soot framework for java program analysis: a retrospective,” in Cetus Users and Compiler Infastructure Workshop (CETUS 2011), 2011.
30. R. Kohavi, “A study of cross-validation and bootstrap for accuracy estimation and model selection.” Morgan Kaufmann, 1995, pp. 1137–1143.
31. Y. Zhou and X. Jiang, “Dissecting android malware: Characterization and evolution,” in Proceedings of the 2012 IEEE Symposium on Security and Privacy, ser. SP’12. Washington, DC, USA: IEEE Computer Society, 2012, pp. 95–109. [Online]. Available: http://dx.doi.org/10.1109/SP.2012.16
32. M. C. Grace, W. Zhou, X. Jiang, and A.-R. Sadeghi, “Unsafe exposure analysis of mobile in-app advertisements,” in Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks, ser. WISEC’12. New York, NY, USA: ACM, 2012, pp. 101–112. [Online]. Available: http://doi.acm.org/10.1145/2185448.2185464
33. “The google maps geolocation api,” aug 2013, https://developers.google.com/maps/documentation/business/geolocation/.
34. “Android api differences report,” aug 2013, https://developer.android.com/sdk/api_diff/9/changes.html.
35. “Android api differences report,” aug 2013, https://developer.android.com/sdk/api_diff/17/changes.html.
36. “Android api differences report,” aug 2013, https://developer.android.com/sdk/api_diff/18/changes.html.
37. A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, “Android permissions demystified,” in Proceedings of the 18th ACM conference on Computer and communications security, ser. CCS’11. New York, NY, USA: ACM, 2011, pp. 627–638. [Online]. Available: http://doi.acm.org/10.1145/2046707.2046779
38. “Scandroid,” apr 2013, https://github.com/SCanDroid.
39. “A study of android application security - fortify rules,” Apr. 2013, http://www.enck.org/tools/fsca_rules-final.xml.
40. “cyanogenmod,” Apr. 2013, http://www.cyanogenmod.org/.
41. C. Fritz, S. Arzt, S. Rasthofer, and E. Bodden, “Flowdroid: Precise context-, flow-, object-sensitive and lifecycle-aware taint analysis for android apps,” in Submitted to ACM CCS 2013.
42. B. Livshits, A. V. Nori, S. K. Rajamani, and A. Banerjee, “Merlin: Specification inference for explicit information flow problems,” SIGPLAN Not., vol. 44, no. 6, pp. 75–86, Jun. 2009. [Online]. Available: http://doi.acm.org/10.1145/1543135.1542485
43. K.-M. Schneider, “A comparison of event models for naive bayes anti-spam e-mail filtering,” in Proceedings of the tenth conference on European chapter of the Association for Computational Linguistics - Volume 1, ser. EACL’03. Stroudsburg, PA, USA: Association for Computational Linguistics, 2003, pp. 307–314. [Online]. Available: http://dx.doi.org/10.3115/1067807.1067848
44. A. A. Sebyala, T. Olukemi, L. Sacks, and D. L. Sacks, “Active platform security through intrusion detection using naive bayesian network for anomaly detection,” in In: Proceedings of London communications symposium, 2002.
45. B. P. Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru, and I. Molloy, “Android permissions: a perspective combining risks and benefits,” in Proceedings of the 17th ACM symposium on Access Control Models and Technologies, ser. SACMAT’12. New York, NY, USA: ACM, 2012, pp. 13–22. [Online]. Available: http://doi.acm.org/10.1145/2295136.2295141
46. H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy, “Using probabilistic generative models for ranking risks of android apps,” in Proceedings of the 2012 ACM conference on Computer and communications security, ser. CCS’12. New York, NY, USA: ACM, 2012, pp. 241–252. [Online]. Available: http://doi.acm.org/10.1145/2382196.2382224
47. S. Chakradeo, B. Reaves, P. Traynor, and W. Enck, “Mast: triage for market-scale mobile malware analysis,” in Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks, ser. WiSec’13. New York, NY, USA: ACM, 2013, pp. 13–24. [Online]. Available: http://doi.acm.org/10.1145/2462096.2462100