References of "Bissyande, Tegawendé François D Assise 50000802"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailAn Investigation into the Use of Common Libraries in Android Apps
Li, Li UL; Bissyande, Tegawendé François D Assise UL; Klein, Jacques UL et al

in The 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2016) (2016, March)

The packaging model of Android apps requires the entire code necessary for the execution of an app to be shipped into one single apk file. Thus, an analysis of Android apps often visits code which is not ... [more ▼]

The packaging model of Android apps requires the entire code necessary for the execution of an app to be shipped into one single apk file. Thus, an analysis of Android apps often visits code which is not part of the functionality delivered by the app. Such code is often contributed by the common libraries which are used pervasively by all apps. Unfortunately, Android analyses, e.g., for piggybacking detection and malware detection, can produce inaccurate results if they do not take into account the case of library code, which constitute noise in app features. Despite some efforts on investigating Android libraries, the momentum of Android research has not yet produced a complete set of common libraries to further support in-depth analysis of Android apps. In this paper, we leverage a dataset of about 1.5 million apps from Google Play to harvest potential common libraries, including advertisement libraries. With several steps of refinements, we finally collect by far the largest set of 1,113 libraries supporting common functionality and 240 libraries for advertisement. We use the dataset to investigates several aspects of Android libraries, including their popularity and their proportion in Android app code. Based on these datasets, we have further performed several empirical investigations to confirm the motivations behind our work. [less ▲]

Detailed reference viewed: 177 (10 UL)
Full Text
Peer Reviewed
See detailParameter Values of Android APIs: A Preliminary Study on 100,000 Apps
Li, Li UL; Bissyande, Tegawendé François D Assise UL; Klein, Jacques UL et al

in The 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2016) (2016, March)

Parameter values are important elements for un- derstanding how Application Programming Interfaces (APIs) are used in practice. In the context of Android, a few number of API methods are used pervasively ... [more ▼]

Parameter values are important elements for un- derstanding how Application Programming Interfaces (APIs) are used in practice. In the context of Android, a few number of API methods are used pervasively by millions of apps, where these API methods provide app core functionality. In this paper, we present preliminary insights from ParamHarver, a purely static analysis approach for automatically extracting parameter values from Android apps. Investigations on 100,000 apps illustrate how an in-depth study of parameter values can be leveraged in various scenarios (e.g., to recommend relevant parameter values, or even, to some extent, to identify malicious apps). [less ▲]

Detailed reference viewed: 200 (6 UL)
Full Text
Peer Reviewed
See detailProfiling household appliance electricity usage with n-gram language modeling
Li, Daoyuan UL; Bissyande, Tegawendé François D Assise UL; Kubler, Sylvain UL et al

in The 2016 IEEE International Conference on Industrial Technology (ICIT 2016) (2016, March)

Detailed reference viewed: 237 (38 UL)
Full Text
Peer Reviewed
See detailOn the Lack of Consensus in Anti-Virus Decisions: Metrics and Insights on Building Ground Truths of Android Malware
Hurier, Médéric UL; Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL et al

in Detection of Intrusions and Malware, and Vulnerability Assessment - 13th International Conference (2016)

There is generally a lack of consensus in Antivirus (AV) engines' decisions on a given sample. This challenges the building of authoritative ground-truth datasets. Instead, researchers and practitioners ... [more ▼]

There is generally a lack of consensus in Antivirus (AV) engines' decisions on a given sample. This challenges the building of authoritative ground-truth datasets. Instead, researchers and practitioners may rely on unvalidated approaches to build their ground truth, e.g., by considering decisions from a selected set of Antivirus vendors or by setting up a threshold number of positive detections before classifying a sample. Both approaches are biased as they implicitly either decide on ranking AV products, or they consider that all AV decisions have equal weights. In this paper, we extensively investigate the lack of agreement among AV engines. To that end, we propose a set of metrics that quantitatively describe the different dimensions of this lack of consensus. We show how our metrics can bring important insights by using the detection results of 66 AV products on 2 million Android apps as a case study. Our analysis focuses not only on AV binary decision but also on the notoriously hard problem of labels that AVs associate with suspicious files, and allows to highlight biases hidden in the collection of a malware ground truth---a foundation stone of any machine learning-based malware detection approach. [less ▲]

Detailed reference viewed: 389 (25 UL)
Full Text
Peer Reviewed
See detailName Suggestions during Feature Identification: The VariClouds Approach
Martinez, Jabier UL; Ziadi, Tewfik; Bissyande, Tegawendé François D Assise UL et al

in 20th International Systems and Software Product Line Conference (SPLC 2016) proceedings (2016)

Detailed reference viewed: 109 (5 UL)
Full Text
Peer Reviewed
See detailFeature Location Benchmark for Software Families using Eclipse Community Releases
Martinez, Jabier UL; Ziadi, Tewfik; Papadakis, Mike UL et al

in Software Reuse: Bridging with Social-Awareness, ICSR 2016 Proceedings (2016)

Detailed reference viewed: 151 (11 UL)
Full Text
Peer Reviewed
See detailMining Families of Android Applications for Extractive SPL Adoption
Li, Li UL; Martinez, Jabier UL; Ziadi, Tewfik et al

in The 20th International Systems and Software Product Line Conference (SPLC 2016) (2016)

The myriads of smart phones around the globe gave rise to a vast proliferation of mobile applications. These applications target an increasing number of user profiles and tasks. In this context, Android ... [more ▼]

The myriads of smart phones around the globe gave rise to a vast proliferation of mobile applications. These applications target an increasing number of user profiles and tasks. In this context, Android is a leading technology for their development and on-line markets are the main means for their distribution. In this paper we motivate, from two perspectives, the mining of these markets with the objective to identify families of apps variants in the wild. The first perspective is related to research activities where building realistic case studies for evaluating extractive SPL adoption techniques are needed. The second is related to a large- scale, world-wide and time-aware study of reuse practice in an industry which is now flourishing among all others within the software engineering community. This study is relevant to assess potential for SPLE practices adoption. We present initial implementations of the mining process and we discuss analyses of variant families. [less ▲]

Detailed reference viewed: 216 (14 UL)
Full Text
Peer Reviewed
See detailTowards an Autonomous Vision-Based Unmanned Aerial System against Wildlife Poachers
Olivares Mendez, Miguel Angel UL; Fu, Changhong; Ludivig, Philippe et al

in Sensors (2015), 15(12), 29861

Poaching is an illegal activity that remains out of control in many countries. Based on the 2014 report of the United Nations and Interpol, the illegal trade of global wildlife and natural resources ... [more ▼]

Poaching is an illegal activity that remains out of control in many countries. Based on the 2014 report of the United Nations and Interpol, the illegal trade of global wildlife and natural resources amounts to nearly $213 billion every year, which is even helping to fund armed conflicts. Poaching activities around the world are further pushing many animal species on the brink of extinction. Unfortunately, the traditional methods to fight against poachers are not enough, hence the new demands for more efficient approaches. In this context, the use of new technologies on sensors and algorithms, as well as aerial platforms is crucial to face the high increase of poaching activities in the last few years. Our work is focused on the use of vision sensors on UAVs for the detection and tracking of animals and poachers, as well as the use of such sensors to control quadrotors during autonomous vehicle following and autonomous landing. [less ▲]

Detailed reference viewed: 227 (45 UL)
Full Text
Peer Reviewed
See detailVulnerabilities of Government Websites in a Developing Country – The Case of Burkina Faso
Bissyande, Tegawendé François D Assise UL; Ouoba, Jonathan; Ahmat, Daouda et al

in 7th International Conference on e‐Infrastructure and e‐Services for Developing Countries (2015, December)

Slowly, but consistently, the digital gap between developing and developed countries is being closed. Everyday, there are initiatives towards relying on ICT to simplify the interaction between citizens ... [more ▼]

Slowly, but consistently, the digital gap between developing and developed countries is being closed. Everyday, there are initiatives towards relying on ICT to simplify the interaction between citizens and their governments in developing countries. E-government is thus becoming a reality: in Burkina Faso, all government bodies are taking part in this movement with web portals dedicated to serving the public. Unfortunately, in this rush to promote government actions within this trend of digitization, little regards is given to the security of such web sites. In many cases, government highly critical web sites are simply produced in a product line fashion using Content Management Systems which the webmasters do not quite master. We discuss in this study our findings on empirically assessing the security of govern- ment websites in Burkina Faso. By systematically scanning these websites for simple and well-known vulnerabilities, we were able to discover issues that deserved urgent attention. As an example, we were able to crawl from temporary backup files in a government web site all information (hostname, login and password in clear) to read and write directly in the database and for impersonating the administrator of the website. We also found that around 50% of the government websites are built on top of platforms suffering from 14 publicly known vulnerabilities, and thus can be readily attacked by any hacker. [less ▲]

Detailed reference viewed: 165 (10 UL)
Full Text
Peer Reviewed
See detailPotential Component Leaks in Android Apps: An Investigation into a new Feature Set for Malware Detection
Li, Li UL; Allix, Kevin UL; Li, Daoyuan UL et al

in The 2015 IEEE International Conference on Software Quality, Reliability and Security (QRS 2015) (2015, August)

Detailed reference viewed: 523 (259 UL)
Full Text
See detailHarvesting Fix Hints in the History of Bugs
Bissyande, Tegawendé François D Assise UL

Report (2015)

In software development, fixing bugs is an im- portant task that is time consuming and cost-sensitive. While many approaches have been proposed to automatically detect and patch software code, the ... [more ▼]

In software development, fixing bugs is an im- portant task that is time consuming and cost-sensitive. While many approaches have been proposed to automatically detect and patch software code, the strategies are limited to a set of identified bugs that were thoroughly studied to define their properties. They thus manage to cover a niche of faults such as infinite loops. We build on the assumption that bugs, and the associated user bug reports, are repetitive and propose a new approach of fix recommendations based on the history of bugs and their associated fixes. In our approach, once a bug is reported, it is automatically compared to all previously fixed bugs using information retrieval techniques and machine learning classification. Based on this comparison, we recommend top-k fix actions, identified from past fix examples, that may be suitable as hints for software developers to address the new bug [less ▲]

Detailed reference viewed: 46 (3 UL)
Full Text
See detailA Study of Potential Component Leaks in Android Apps
Li, Li UL; Allix, Kevin UL; Li, Daoyuan UL et al

Report (2015)

We discuss the capability of a new feature set for malware detection based on potential component leaks (PCLs). PCLs are defined as sensitive data-flows that involve Android inter-component communications ... [more ▼]

We discuss the capability of a new feature set for malware detection based on potential component leaks (PCLs). PCLs are defined as sensitive data-flows that involve Android inter-component communications. We show that PCLs are common in Android apps and that malicious applications indeed manipulate significantly more PCLs than benign apps. Then, we evaluate a machine learning-based approach relying on PCLs. Experimental validation show high performance with 95% precision for identifying malware, demonstrating that PCLs can be used for discriminating malicious apps from benign apps. By further investigating the generalization ability of this feature set, we highlight an issue often overlooked in the Android malware detection community: Qualitative aspects of training datasets have a strong impact on a malware detector’s performance. Furthermore, this impact cannot be overcome by simply increasing the Quantity of training material. [less ▲]

Detailed reference viewed: 190 (2 UL)
Full Text
Peer Reviewed
See detailApkCombiner: Combining Multiple Android Apps to Support Inter-App Analysis
Li, Li UL; Bartel, Alexandre; Bissyande, Tegawendé François D Assise UL et al

in International Conference on ICT Systems Security and Privacy Protection (SEC 2015) (2015, May)

Detailed reference viewed: 193 (10 UL)
Full Text
Peer Reviewed
See detailIccTA: Detecting Inter-Component Privacy Leaks in Android Apps
Li, Li UL; Bartel, Alexandre; Bissyande, Tegawendé François D Assise UL et al

in 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE 2015) (2015)

Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating ... [more ▼]

Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating wallpapers) and (2) use the device microphone (to change background following noise changes). With these permissions, the application could silently record user conversations and upload them remotely. To give more confidence about how Shake Them All actually processes what it records, it is necessary to build a precise analysis tool that tracks the flow of any sensitive data from its source point to any sink, especially if those are in different components. Since Android applications may leak private data carelessly or maliciously, we propose IccTA, a static taint analyzer to detect privacy leaks among components in Android applications. IccTA goes beyond state-of-the-art approaches by supporting inter-component detection. By propagating context information among components, IccTA improves the precision of the analysis. IccTA outperforms existing tools on two benchmarks for ICC-leak detectors: DroidBench and ICC-Bench. Moreover, our approach detects 534 ICC leaks in 108 apps from MalGenome and 2,395 ICC leaks in 337 apps in a set of 15,000 Google Play apps. [less ▲]

Detailed reference viewed: 1216 (40 UL)
Full Text
Peer Reviewed
See detailAutomating the Extraction of Model-based Software Product Lines from Model Variants
Martinez, Jabier UL; Ziadi, Tewfik; Bissyande, Tegawendé François D Assise UL et al

in 30th IEEE/ACM International Conference on Automated Software Engineering (ASE 2015) (2015)

Detailed reference viewed: 92 (9 UL)
Full Text
Peer Reviewed
See detailAre Your Training Datasets Yet Relevant? - An Investigation into the Importance of Timeline in Machine Learning-Based Malware Detection
Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL; Klein, Jacques UL et al

in Engineering Secure Software and Systems - 7th International Symposium ESSoS 2015, Milan, Italy, March 4-6, 2015. Proceedings (2015)

In this paper, we consider the relevance of timeline in the construction of datasets, to highlight its impact on the performance of a machine learning-based malware detection scheme. Typically, we show ... [more ▼]

In this paper, we consider the relevance of timeline in the construction of datasets, to highlight its impact on the performance of a machine learning-based malware detection scheme. Typically, we show that simply picking a random set of known malware to train a malware detector, as it is done in many assessment scenarios from the literature, yields significantly biased results. In the process of assessing the extent of this impact through various experiments, we were also able to con- firm a number of intuitive assumptions about Android malware. For instance, we discuss the existence of Android malware lineages and how they could impact the performance of malware detection in the wild. [less ▲]

Detailed reference viewed: 1121 (31 UL)
Full Text
Peer Reviewed
See detailEmpirical assessment of machine learning-based malware detectors for Android: Measuring the Gap between In-the-Lab and In-the-Wild Validation Scenarios
Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL; Jerome, Quentin UL et al

in Empirical Software Engineering (2014)

To address the issue of malware detection through large sets of applications, researchers have recently started to investigate the capabilities of machine-learning techniques for proposing effective ... [more ▼]

To address the issue of malware detection through large sets of applications, researchers have recently started to investigate the capabilities of machine-learning techniques for proposing effective approaches. So far, several promising results were recorded in the literature, many approaches being assessed with what we call in the lab validation scenarios. This paper revisits the purpose of malware detection to discuss whether such in the lab validation scenarios provide reliable indications on the performance of malware detectors in real-world settings, aka in the wild. To this end, we have devised several Machine Learning classifiers that rely on a set of features built from applications’ CFGs. We use a sizeable dataset of over 50 000 Android applications collected from sources where state-of-the art approaches have selected their data. We show that, in the lab, our approach outperforms existing machine learning-based approaches. However, this high performance does not translate in high performance in the wild. The performance gap we observed—F-measures dropping from over 0.9 in the lab to below 0.1 in the wild —raises one important question: How do state-of-the-art approaches perform in the wild ? [less ▲]

Detailed reference viewed: 466 (45 UL)
Full Text
Peer Reviewed
See detailSensing in the Urban Technological Deserts-A Position Paper for Smart Cities in Least Developed Countries
Ouoba, Jonathan; Bissyande, Tegawendé François D Assise UL

in International Workshop on Web Intelligence and Smart Sensing (2014, September 01)

Technological progress in recent years have allowed to produce sensors, on macroscopic and microscopic scales, that are now essential to ubiquitous computing. This paradigm has made the concept of smart ... [more ▼]

Technological progress in recent years have allowed to produce sensors, on macroscopic and microscopic scales, that are now essential to ubiquitous computing. This paradigm has made the concept of smart cities a reality that is now in synchrony with the needs and requirements for living in this era. Whether it concerns commuters in public transportations or users of existential services such as hospitals, the implementation of smart cities is equally important in developed countries than in the least developed countries. Unfortunately, in the latter, sensors and the associated technologies are not readily available to implement smart cities. It is therefore necessary to identify surrogate ways of sensing the ambiant environment. In this position paper, we discuss the situations in least developed countries and the obstacles to common implementations of smart cities. We also provide a preliminary enumeration of how mobile-phones with SMS-based services and the cultural model can be leveraged to build smart cities in such urban technological deserts. [less ▲]

Detailed reference viewed: 52 (0 UL)
Full Text
Peer Reviewed
See detailA Forensic Analysis of Android Malware -- How is Malware Written and How It Could Be Detected?
Allix, Kevin UL; Jerome, Quentin UL; Bissyande, Tegawendé François D Assise UL et al

in Proceedings of the 2014 IEEE 38th Annual Computer Software and Applications Conference (2014, July)

We consider in this paper the analysis of a large set of malware and benign applications from the Android ecosystem. Although a large body of research work has dealt with Android malware over the last ... [more ▼]

We consider in this paper the analysis of a large set of malware and benign applications from the Android ecosystem. Although a large body of research work has dealt with Android malware over the last years, none has addressed it from a forensic point of view. After collecting over 500,000 applications from user markets and research repositories, we perform an analysis that yields precious insights on the writing process of Android malware. This study also explores some strange artifacts in the datasets, and the divergent capabilities of state-of-the-art antivirus to recognize/define malware. We further highlight some major weak usage and misunderstanding of Android security by the criminal community and show some patterns in their operational flow. Finally, using insights from this analysis, we build a naive malware detection scheme that could complement existing anti virus software. [less ▲]

Detailed reference viewed: 327 (18 UL)