Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 22 of 22
Full-Text Articles in Physical Sciences and Mathematics
Experimental Comparison Of Features, Analyses, And Classifiers For Android Malware Detection, Lwin Khin Shar, Biniam Fisseha Demissie, Mariano Ceccato, Naing Tun Yan, David Lo, Lingxiao Jiang, Christoph Bienert
Experimental Comparison Of Features, Analyses, And Classifiers For Android Malware Detection, Lwin Khin Shar, Biniam Fisseha Demissie, Mariano Ceccato, Naing Tun Yan, David Lo, Lingxiao Jiang, Christoph Bienert
Research Collection School Of Computing and Information Systems
Android malware detection has been an active area of research. In the past decade, several machine learning-based approaches based on different types of features that may characterize Android malware behaviors have been proposed. The usually-analyzed features include API usages and sequences at various abstraction levels (e.g., class and package), extracted using static or dynamic analysis. Additionally, features that characterize permission uses, native API calls and reflection have also been analyzed. Initial works used conventional classifiers such as Random Forest to learn on those features. In recent years, deep learning-based classifiers such as Recurrent Neural Network have been explored. Considering various …
Uipdroid: Unrooted Dynamic Monitor Of Android App Uis For Fine-Grained Permission Control, Mulin Duan, Lingxiao Jiang, Lwin Khin Shar, Debin Gao
Uipdroid: Unrooted Dynamic Monitor Of Android App Uis For Fine-Grained Permission Control, Mulin Duan, Lingxiao Jiang, Lwin Khin Shar, Debin Gao
Research Collection School Of Computing and Information Systems
Proper permission controls in Android systems are important for protecting users' private data when running applications installed on the devices. Currently Android systems require apps to obtain authorization from users at the first time when they try to access users' sensitive data, but every permission is only managed at the application level, allowing apps to (mis)use permissions granted by users at the beginning for different purposes subsequently without informing users. Based on privacy-by-design principles, this paper develops a new permission manager, named UIPDroid, that (1) enforces the users' basic right-to-know through user interfaces whenever an app uses permissions, and (2) …
Androevolve: Automated Android Api Update With Data Flow Analysis And Variable Denormalization, Stefanus A. Haryono, Ferdian Thung, David Lo, Lingxiao Jiang, Julia Lawall, Hong Jin Kang, Lucas Serrano, Gilles Muller
Androevolve: Automated Android Api Update With Data Flow Analysis And Variable Denormalization, Stefanus A. Haryono, Ferdian Thung, David Lo, Lingxiao Jiang, Julia Lawall, Hong Jin Kang, Lucas Serrano, Gilles Muller
Research Collection School Of Computing and Information Systems
The Android operating system is frequently updated, with each version bringing a new set of APIs. New versions may involve API deprecation; Android apps using deprecated APIs need to be updated to ensure the apps’ compatibility with old and new Android versions. Updating deprecated APIs is a time-consuming endeavor. Hence, automating the updates of Android APIs can be beneficial for developers. CocciEvolve is the state-of-the-art approach for this automation. However, it has several limitations, including its inability to resolve out-of-method variables and the low code readability of its updates due to the addition of temporary variables. In an attempt to …
Androevolve: Automated Update For Android Deprecated-Api Usages, Stefanus A. Haryono, Ferdian Thung, David Lo, Lingxiao Jiang, Julia Lawall, Hong Jin Kang, Lucas Serrano, Gilles Muller
Androevolve: Automated Update For Android Deprecated-Api Usages, Stefanus A. Haryono, Ferdian Thung, David Lo, Lingxiao Jiang, Julia Lawall, Hong Jin Kang, Lucas Serrano, Gilles Muller
Research Collection School Of Computing and Information Systems
The Android operating system (OS) is often updated, where each new version may involve API deprecation. Usages of deprecated APIs in Android apps need to be updated to ensure the apps' compatibility with the old and new versions of the Android OS. In this work, we propose AndroEvolve, an automated tool to update usages of deprecated Android APIs, that addresses the limitations of the state-of-the-art tool, CocciEvolve. AndroEvolve utilizes data flow analysis to solve the problem of out-of-method-boundary variables, and variable denormalization to remove the temporary variables introduced by CocciEvolve. We evaluated the accuracy of AndroEvolve using a dataset of …
Looking Back! Using Early Versions Of Android Apps As Attack Vectors, Yue Zhang, Jian Weng, Jia-Si Wneg, Lin Hou, Anjia Yang, Ming Li, Yang Xiang, Deng, Robert H.
Looking Back! Using Early Versions Of Android Apps As Attack Vectors, Yue Zhang, Jian Weng, Jia-Si Wneg, Lin Hou, Anjia Yang, Ming Li, Yang Xiang, Deng, Robert H.
Research Collection School Of Computing and Information Systems
Android platform is gaining explosive popularity. This leads developers to invest resources to maintain the upward trajectory of the demand. Unfortunately, as the profit potential grows higher, the chances of these Apps getting attacked also get higher. Therefore, developers improved the security of their Apps, which limits attackers ability to compromise upgraded versions of the Apps. However, developers cannot enhance the security of earlier versions that have been released on the Play Store. The earlier versions of the App can be subject to reverse engineering and other attacks. In this paper, we find that attackers can use these earlier versions …
Experimental Comparison Of Features And Classifiers For Android Malware Detection, Lwin Khin Shar, Biniam Fisseha Demissie, Mariano Ceccato, Wei Minn
Experimental Comparison Of Features And Classifiers For Android Malware Detection, Lwin Khin Shar, Biniam Fisseha Demissie, Mariano Ceccato, Wei Minn
Research Collection School Of Computing and Information Systems
Android platform has dominated the smart phone market for years now and, consequently, gained a lot of attention from attackers. Malicious apps (malware) pose a serious threat to the security and privacy of Android smart phone users. Available approaches to detect mobile malware based on machine learning rely on features extracted with static analysis or dynamic analysis techniques. Dif- ferent types of machine learning classi ers (such as support vector machine and random forest) deep learning classi ers (based on deep neural networks) are then trained on extracted features, to produce models that can be used to detect mobile malware. …
Automatic Android Deprecated-Api Usage Update By Learning From Single Updated Example, Stefanus A. Haryono, Ferdian Thung, Hong Jin Kang, Lucas Serrano, Gilles Muller, Julia Lawall, David Lo, Lingxiao Jiang
Automatic Android Deprecated-Api Usage Update By Learning From Single Updated Example, Stefanus A. Haryono, Ferdian Thung, Hong Jin Kang, Lucas Serrano, Gilles Muller, Julia Lawall, David Lo, Lingxiao Jiang
Research Collection School Of Computing and Information Systems
Due to the deprecation of APIs in the Android operating system, developers have to update usages of the APIs to ensure that their applications work for both the past and current versions of Android. Such updates may be widespread, non-trivial, and time-consuming. Therefore, automation of such updates will be of great benefit to developers. AppEvolve, which is the state-of-the-art tool for automating such updates, relies on having before- and after-update examples to learn from. In this work, we propose an approach named CocciEvolve that performs such updates using only a single after-update example. CocciEvolve learns edits by extracting the relevant …
Understanding The Relation Between Repeat Developer Interactions And Bug Resolution Times In Large Open Source Ecosystems: A Multisystem Study, Subhajit Datta, Reshma Roychoudhuri, Subhashis Majumder
Understanding The Relation Between Repeat Developer Interactions And Bug Resolution Times In Large Open Source Ecosystems: A Multisystem Study, Subhajit Datta, Reshma Roychoudhuri, Subhashis Majumder
Research Collection School Of Computing and Information Systems
Large‐scale software systems are being increasingly built by distributed teams of developers who interact across geographies and time zones. Ensuring smooth knowledge transfer and the percolation of skills within and across such teams remain key challenges for organizations. Towards addressing this challenge, organizations often grapple with questions around whether and how repeat collaborations between members of a team relate to outcomes of important activities. In the context of this paper, the word ‘repeat interaction’ does not imply a greater number of interactions; it refers to repeat interaction between a pair of developers who have collaborated before. In this paper, we …
Automated Deprecated-Api Usage Update For Android Apps: How Far Are We?, Ferdian Thung, Stefanus Agus Haryono, Lucas Serrano, Gilles Muller, Julia Lawall, David Lo, Lingxiao Jiang
Automated Deprecated-Api Usage Update For Android Apps: How Far Are We?, Ferdian Thung, Stefanus Agus Haryono, Lucas Serrano, Gilles Muller, Julia Lawall, David Lo, Lingxiao Jiang
Research Collection School Of Computing and Information Systems
As the Android API evolves, some API methods may be deprecated, to be eventually removed. App developers face the challenge of keeping their apps up-to-date, to ensure that the apps work in both older and newer Android versions. Currently, AppEvolve is the state-of-the-art approach to automate such updates, and it has been shown to be quite effective. Still, the number of experiments reported is moderate, involving only API usage updates in 41 usage locations. In this work, we replicate the evaluation of AppEvolve and assess whether its effectiveness is generalizable. Given the set of APIs on which AppEvolve has been …
Towards Generating Transformation Rules Without Examples For Android Api Replacement, Ferdian Thung, Hong Jin Kang, Lingxiao Jiang, David Lo
Towards Generating Transformation Rules Without Examples For Android Api Replacement, Ferdian Thung, Hong Jin Kang, Lingxiao Jiang, David Lo
Research Collection School Of Computing and Information Systems
Deprecation of APIs in software libraries is common when library maintainers make changes to a library and will no longer support certain APIs in the future. When deprecation occurs, developers whose programs depend on the APIs need to replace the usages of the deprecated APIs sooner or later. Often times, software documentation specifies which new APIs the developers should use in place of a deprecated API. However, replacing the usages of a deprecated API remains a challenge since developers may not know exactly how to use the new APIs. The developers would first need to understand the API changes before …
On Locating Malicious Code In Piggybacked Android Apps, Li Li, Daoyuan Li, Tegawende F. Bissyande, Jacques Klein, Haipeng Cai, David Lo, Yves Le Traon
On Locating Malicious Code In Piggybacked Android Apps, Li Li, Daoyuan Li, Tegawende F. Bissyande, Jacques Klein, Haipeng Cai, David Lo, Yves Le Traon
Research Collection School Of Computing and Information Systems
To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth of piggybacked apps, we are able to automatically …
Automated Android Application Permission Recommendation, Lingfeng Bao, David Lo, Xin Xia, Shanping Li
Automated Android Application Permission Recommendation, Lingfeng Bao, David Lo, Xin Xia, Shanping Li
Research Collection School Of Computing and Information Systems
The number of Android applications has increased rapidly as Android is becoming the dominant platform in the smartphone market. Security and privacy are key factors for an Android application to be successful. Android provides a permission mechanism to ensure security and privacy. This permission mechanism requires that developers declare the sensitive resources required by their applications. On installation or during runtime, users are required to agree with the permission request. However, in practice, there are numerous popular permission misuses, despite Android introducing official documents stating how to use these permissions properly. Some data mining techniques (e.g., association rule mining) have …
Toward Accurate Network Delay Measurement On Android Phones, Weichao Li, Daoyuan Wu, Rocky K. C. Chang, Ricky K. P. Mok
Toward Accurate Network Delay Measurement On Android Phones, Weichao Li, Daoyuan Wu, Rocky K. C. Chang, Ricky K. P. Mok
Research Collection School Of Computing and Information Systems
Measuring and understanding the performance of mobile networks is becoming very important for end users and operators. Despite the availability of many measurement apps, their measurement accuracy has not received sufficient scrutiny. In this paper, we appraise the accuracy of smartphone-based network performance measurement using the Android platform and the network round-trip time (RTT) as the metric. We show that two of the most popular measurement apps-Ookla Speedtest and MobiPerf-have their RTT measurements inflated. We build three test apps that cover three common measurement methods and evaluate them in a testbed. We overcome the main challenge of obtaining a complete …
Exploiting Android System Services Through Bypassing Service Helpers, Yachong Gu, Yao Cheng, Lingyun Ying, Yemian Lu, Qi Li, Purui Su
Exploiting Android System Services Through Bypassing Service Helpers, Yachong Gu, Yao Cheng, Lingyun Ying, Yemian Lu, Qi Li, Purui Su
Research Collection School Of Computing and Information Systems
Android allows applications to communicate with system service via system service helper so that applications can use various functions wrapped in the system services. Meanwhile, system services leverage the service helpers to enforce security mechanisms, e.g. input parameter validation, to protect themselves against attacks. However, service helpers can be easily bypassed, which poses severe security and privacy threats to system services, e.g., privilege escalation, function execution without users’ interactions, system service crash, and DoS attacks. In this paper, we perform the first systematic study on such vulnerabilities and investigate their impacts. We develop a tool to analyze all system services …
Android Repository Mining For Detecting Publicly Accessible Functions Missing Permission Checks, Huu Hoang Nguyen, Lingxiao Jiang, Thanh Tho Quan
Android Repository Mining For Detecting Publicly Accessible Functions Missing Permission Checks, Huu Hoang Nguyen, Lingxiao Jiang, Thanh Tho Quan
Research Collection School Of Computing and Information Systems
Android has become the most popular mobile operating system. Millions of applications, including many malware, haven been developed for it. Even though its overall system architecture and many APIs are documented, many other methods and implementation details are not, not to mention potential bugs and vulnerabilities that may be exploited. Manual documentation may also be easily outdated as Android evolves constantly with changing features and higher complexities. Techniques and tool supports are thus needed to automatically extract information from different versions of Android to facilitate whole-system analysis of undocumented code. This paper presents an approach for alleviating the challenges associated …
Whole-System Analysis For Understanding Publicly Accessible Functions In Android, Huu Hoang Nguyen, Lingxiao Jiang, Thanh Tho Quan
Whole-System Analysis For Understanding Publicly Accessible Functions In Android, Huu Hoang Nguyen, Lingxiao Jiang, Thanh Tho Quan
Research Collection School Of Computing and Information Systems
Android has become the most popular mobile operating system. Millions of applications, including many malwares, haven been developed for it. Android itself evolves constantly with changing features and higher complexities. It is challenging for application developers to keep up with the changes and maintain the compatibility of their apps across Android versions. Therefore, there are many challenges for application analysis tools to accurately model and analyze app behaviors across Android versions. Even though the overall system architecture of Android and many APIs are documented, many other APIs and implementation details are not, not to mention potential bugs and vulnerabilities. Techniques …
Demystifying And Puncturing The Inflated Delay In Smartphone-Based Wifi Network Measurement, Weichao Li, Daoyuan Wu, Rocky K. C. Chang, Ricky K. P. Mok
Demystifying And Puncturing The Inflated Delay In Smartphone-Based Wifi Network Measurement, Weichao Li, Daoyuan Wu, Rocky K. C. Chang, Ricky K. P. Mok
Research Collection School Of Computing and Information Systems
Using network measurement apps has become a very effective approach to crowdsourcing WiFi network performance data. However, these apps usually measure the user-level performancemetrics instead of the network-level performance which is important for diagnosing performance problems. In this paper we report for the first time that a major source of measurement noises comes from the periodical SDIO (Secure Digital Input Output) bus sleep inside the phone. The additional latency introduced by SDIO and Power Saving Mode can inflate and unstablize network delay measurement significantly. We carefully design and implement a scheme to wake up the phone for delay measurement by …
What Permissions Should This Android App Request?, Lingfeng Bao, David Lo, Xin Xia, Shanping Li
What Permissions Should This Android App Request?, Lingfeng Bao, David Lo, Xin Xia, Shanping Li
Research Collection School Of Computing and Information Systems
As Android is one of the most popular open source mobile platforms, ensuring security and privacy of Android applications is very important. Android provides a permission mechanism which requires developers to declare sensitive resources their applications need, and users need to agree with this request when they install (for Android API level 22 or lower) or run (for Android API level 23) these applications. Although Android provides very good official documents to explain how to properly use permissions, unfortunately misuses even for the most popular permissions have been reported. Recently, Karim et al. propose an association rule mining based approach …
Smartphones And Ble Services: Empirical Insights, Meera Radhakrishnan, Archan Misra, Rajesh Krishna Balan, Youngki Lee
Smartphones And Ble Services: Empirical Insights, Meera Radhakrishnan, Archan Misra, Rajesh Krishna Balan, Youngki Lee
Research Collection School Of Computing and Information Systems
Driven by the rapid market growth of sensors and beacons that offer Bluetooth Low Energy (BLE) based connectivity, this paper empirically investigates the performance characteristics of the BLE interface on multiple Android smartphones, and the consequent impact on a proposed BLE-based service: continuous indoor location. We first use extensive measurement studies with multiple Android devices to establish that the BLE interface on current smartphones is not as "low-energy" as nominally expected, and establish that continuous use of such a BLE interface is not feasible unless we choose a moderately large scan interval and a low duty cycle. We then explore …
Perspectives On Task Ownership In Mobile Operating System Development [Invited Talk], Subhajit Datta
Perspectives On Task Ownership In Mobile Operating System Development [Invited Talk], Subhajit Datta
Research Collection School Of Computing and Information Systems
There can be little contention about Stroustrup's epigrammatic remark: our civilization runs on software. However a caveat is increasingly due, much of the software that runs our civilization, runs on mobile devices today. Mobile operating systems have come to play a preeminent role in the ubiquity and utility of such devices. The development ecosystem of Android - one of the most popular mobile operating systems - presents an interesting context for studying whether and how collaboration dynamics in mobile development differ from conventional software development. In this paper, we examine factors that influence task ownership in Android development. Our results …
Developer Involvement Considered Harmful? An Empirical Examination Of Android Bug Resolution Times, Subhajit Datta, Proshanta Sarkar, Subhashis Majumder
Developer Involvement Considered Harmful? An Empirical Examination Of Android Bug Resolution Times, Subhajit Datta, Proshanta Sarkar, Subhashis Majumder
Research Collection School Of Computing and Information Systems
In large scale software development ecosystems, there is a common perception that higher developer involvement leads to faster resolution of bugs. This is based on conjectures around more ``eyeballs" making bugs "shallow" -- whose validity and applicability are not without dispute. In this paper, we posit that the level of developer attention as well as its extent of diversity influence how quickly bugs get resolved. We report results from a study of 1,000+ Android bugs. We find statistically significant evidence that attention and diversity have contrasting relationships with the resolution time of bugs, even after controlling for factors such as …
How Many Eyeballs Does A Bug Need? An Empirical Validation Of Linus' Law, Subhajit Datta, Proshanta Sarkar, Sutirtha Das, Sonu Sreshtha, Prasanth Lade, Subhashis Majumder
How Many Eyeballs Does A Bug Need? An Empirical Validation Of Linus' Law, Subhajit Datta, Proshanta Sarkar, Sutirtha Das, Sonu Sreshtha, Prasanth Lade, Subhashis Majumder
Research Collection School Of Computing and Information Systems
Linus’ Law reflects on a key characteristic of open source software development: developers’ tendency to closely work together in the bug resolution process. In this paper we empirically examine Linus’ Law using a data-set of 1,000+ Android bugs, owned by 70+ developers. Our results indicate that encouraging developers to work closely with one another has nuanced implications; while one form of contact may help reduce bug resolution time, another form can have quite the opposite effect. We present statistically significant evidence in support of our results and discuss their relevance at the individual and organizational levels.