Reference : Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/49268
Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps
English
Samhi, Jordan mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
Li, Li mailto [Monash University]
Bissyande, Tegawendé François D Assise mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
Klein, Jacques mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
21-May-2022
44th International Conference on Software Engineering (ICSE 2022)
Yes
No
International
44th International Conference on Software Engineering (ICSE 2022)
from 21-05-2022 to 29-05-2022
Pittsburgh
United States of America
[en] Static Analysis ; Android Security ; Logic Bomb
[en] One prominent tactic used to keep malicious behavior from being detected during dynamic test campaigns is logic bombs, where malicious operations are triggered only when specific conditions are satisfied. Defusing logic bombs remains an unsolved problem in the literature. In this work, we propose to investigate Suspicious Hidden Sensitive Operations (SHSOs) as a step towards triaging logic bombs. To that end, we develop a novel hybrid approach that combines static analysis and anomaly detection techniques to uncover SHSOs, which we predict as likely implementations of logic bombs. Concretely, Difuzer identifies SHSO entry-points using an instrumentation engine and an inter-procedural data-flow analysis. Then, it extracts trigger-specific features to characterize SHSOs and leverages One-Class SVM to implement an unsupervised learning model for detecting abnormal triggers.

We evaluate our prototype and show that it yields a precision of 99.02% to detect SHSOs among which 29.7% are logic bombs. Difuzer outperforms the state-of-the-art in revealing more logic bombs while yielding less false positives in about one order of magnitude less time. All our artifacts are released to the community.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Trustworthy Software Engineering (TruX)
Fonds National de la Recherche - FnR
Researchers
http://hdl.handle.net/10993/49268
FnR ; FNR14596679 > Jordan Samhi > DIANA > Dissecting Android Applications Using Static Analysis > 01/03/2020 > 31/10/2023 > 2020

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
difuzer_preprint.pdfAuthor preprint843.57 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.