Paper published in a book (Scientific congresses, symposiums and conference proceedings)
Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps
SAMHI, Jordan; Li, Li; BISSYANDE, Tegawendé François D Assise et al.
2022In 44th International Conference on Software Engineering (ICSE 2022)
Peer reviewed
 

Files


Full Text
difuzer_preprint.pdf
Author preprint (863.82 kB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
Static Analysis; Android Security; Logic Bomb
Abstract :
[en] One prominent tactic used to keep malicious behavior from being detected during dynamic test campaigns is logic bombs, where malicious operations are triggered only when specific conditions are satisfied. Defusing logic bombs remains an unsolved problem in the literature. In this work, we propose to investigate Suspicious Hidden Sensitive Operations (SHSOs) as a step towards triaging logic bombs. To that end, we develop a novel hybrid approach that combines static analysis and anomaly detection techniques to uncover SHSOs, which we predict as likely implementations of logic bombs. Concretely, Difuzer identifies SHSO entry-points using an instrumentation engine and an inter-procedural data-flow analysis. Then, it extracts trigger-specific features to characterize SHSOs and leverages One-Class SVM to implement an unsupervised learning model for detecting abnormal triggers. We evaluate our prototype and show that it yields a precision of 99.02% to detect SHSOs among which 29.7% are logic bombs. Difuzer outperforms the state-of-the-art in revealing more logic bombs while yielding less false positives in about one order of magnitude less time. All our artifacts are released to the community.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Trustworthy Software Engineering (TruX)
Disciplines :
Computer science
Author, co-author :
SAMHI, Jordan  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX
Li, Li;  Monash University
BISSYANDE, Tegawendé François D Assise  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX
KLEIN, Jacques  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX
External co-authors :
yes
Language :
English
Title :
Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps
Publication date :
21 May 2022
Event name :
44th International Conference on Software Engineering (ICSE 2022)
Event place :
Pittsburgh, United States
Event date :
from 21-05-2022 to 29-05-2022
Audience :
International
Main work title :
44th International Conference on Software Engineering (ICSE 2022)
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
FnR Project :
FNR14596679 - Dissecting Android Applications Using Static Analysis, 2020 (01/03/2020-31/10/2023) - Jordan Samhi
Funders :
FNR - Fonds National de la Recherche
Available on ORBilu :
since 04 January 2022

Statistics


Number of views
156 (21 by Unilu)
Number of downloads
72 (6 by Unilu)

Scopus citations®
 
16
Scopus citations®
without self-citations
8
OpenCitations
 
1
OpenAlex citations
 
13

Bibliography


Similar publications



Contact ORBilu