Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 30 of 32
Full-Text Articles in Physical Sciences and Mathematics
Experimental Comparison Of Features, Analyses, And Classifiers For Android Malware Detection, Lwin Khin Shar, Biniam Fisseha Demissie, Mariano Ceccato, Naing Tun Yan, David Lo, Lingxiao Jiang, Christoph Bienert
Experimental Comparison Of Features, Analyses, And Classifiers For Android Malware Detection, Lwin Khin Shar, Biniam Fisseha Demissie, Mariano Ceccato, Naing Tun Yan, David Lo, Lingxiao Jiang, Christoph Bienert
Research Collection School Of Computing and Information Systems
Android malware detection has been an active area of research. In the past decade, several machine learning-based approaches based on different types of features that may characterize Android malware behaviors have been proposed. The usually-analyzed features include API usages and sequences at various abstraction levels (e.g., class and package), extracted using static or dynamic analysis. Additionally, features that characterize permission uses, native API calls and reflection have also been analyzed. Initial works used conventional classifiers such as Random Forest to learn on those features. In recent years, deep learning-based classifiers such as Recurrent Neural Network have been explored. Considering various …
Uipdroid: Unrooted Dynamic Monitor Of Android App Uis For Fine-Grained Permission Control, Mulin Duan, Lingxiao Jiang, Lwin Khin Shar, Debin Gao
Uipdroid: Unrooted Dynamic Monitor Of Android App Uis For Fine-Grained Permission Control, Mulin Duan, Lingxiao Jiang, Lwin Khin Shar, Debin Gao
Research Collection School Of Computing and Information Systems
Proper permission controls in Android systems are important for protecting users' private data when running applications installed on the devices. Currently Android systems require apps to obtain authorization from users at the first time when they try to access users' sensitive data, but every permission is only managed at the application level, allowing apps to (mis)use permissions granted by users at the beginning for different purposes subsequently without informing users. Based on privacy-by-design principles, this paper develops a new permission manager, named UIPDroid, that (1) enforces the users' basic right-to-know through user interfaces whenever an app uses permissions, and (2) …
Androevolve: Automated Android Api Update With Data Flow Analysis And Variable Denormalization, Stefanus A. Haryono, Ferdian Thung, David Lo, Lingxiao Jiang, Julia Lawall, Hong Jin Kang, Lucas Serrano, Gilles Muller
Androevolve: Automated Android Api Update With Data Flow Analysis And Variable Denormalization, Stefanus A. Haryono, Ferdian Thung, David Lo, Lingxiao Jiang, Julia Lawall, Hong Jin Kang, Lucas Serrano, Gilles Muller
Research Collection School Of Computing and Information Systems
The Android operating system is frequently updated, with each version bringing a new set of APIs. New versions may involve API deprecation; Android apps using deprecated APIs need to be updated to ensure the apps’ compatibility with old and new Android versions. Updating deprecated APIs is a time-consuming endeavor. Hence, automating the updates of Android APIs can be beneficial for developers. CocciEvolve is the state-of-the-art approach for this automation. However, it has several limitations, including its inability to resolve out-of-method variables and the low code readability of its updates due to the addition of temporary variables. In an attempt to …
Androevolve: Automated Update For Android Deprecated-Api Usages, Stefanus A. Haryono, Ferdian Thung, David Lo, Lingxiao Jiang, Julia Lawall, Hong Jin Kang, Lucas Serrano, Gilles Muller
Androevolve: Automated Update For Android Deprecated-Api Usages, Stefanus A. Haryono, Ferdian Thung, David Lo, Lingxiao Jiang, Julia Lawall, Hong Jin Kang, Lucas Serrano, Gilles Muller
Research Collection School Of Computing and Information Systems
The Android operating system (OS) is often updated, where each new version may involve API deprecation. Usages of deprecated APIs in Android apps need to be updated to ensure the apps' compatibility with the old and new versions of the Android OS. In this work, we propose AndroEvolve, an automated tool to update usages of deprecated Android APIs, that addresses the limitations of the state-of-the-art tool, CocciEvolve. AndroEvolve utilizes data flow analysis to solve the problem of out-of-method-boundary variables, and variable denormalization to remove the temporary variables introduced by CocciEvolve. We evaluated the accuracy of AndroEvolve using a dataset of …
Looking Back! Using Early Versions Of Android Apps As Attack Vectors, Yue Zhang, Jian Weng, Jia-Si Wneg, Lin Hou, Anjia Yang, Ming Li, Yang Xiang, Deng, Robert H.
Looking Back! Using Early Versions Of Android Apps As Attack Vectors, Yue Zhang, Jian Weng, Jia-Si Wneg, Lin Hou, Anjia Yang, Ming Li, Yang Xiang, Deng, Robert H.
Research Collection School Of Computing and Information Systems
Android platform is gaining explosive popularity. This leads developers to invest resources to maintain the upward trajectory of the demand. Unfortunately, as the profit potential grows higher, the chances of these Apps getting attacked also get higher. Therefore, developers improved the security of their Apps, which limits attackers ability to compromise upgraded versions of the Apps. However, developers cannot enhance the security of earlier versions that have been released on the Play Store. The earlier versions of the App can be subject to reverse engineering and other attacks. In this paper, we find that attackers can use these earlier versions …
Security Analysis Of Permission Re-Delegation Vulnerabilities In Android Apps, Biniam Fisseha Demissie, Mariano Ceccato, Lwin Khin Shar
Security Analysis Of Permission Re-Delegation Vulnerabilities In Android Apps, Biniam Fisseha Demissie, Mariano Ceccato, Lwin Khin Shar
Research Collection School Of Computing and Information Systems
The Android platform facilitates reuse of app functionalities by allowing an app to request an action from another app through inter-process communication mechanism. This feature is one of the reasons for the popularity of Android, but it also poses security risks to the end users because malicious, unprivileged apps could exploit this feature to make privileged apps perform privileged actions on behalf of them. In this paper, we investigate the hybrid use of program analysis, genetic algorithm based test generation, natural language processing, machine learning techniques for precise detection of permission re-delegation vulnerabilities in Android apps. Our approach first groups …
Experimental Comparison Of Features And Classifiers For Android Malware Detection, Lwin Khin Shar, Biniam Fisseha Demissie, Mariano Ceccato, Wei Minn
Experimental Comparison Of Features And Classifiers For Android Malware Detection, Lwin Khin Shar, Biniam Fisseha Demissie, Mariano Ceccato, Wei Minn
Research Collection School Of Computing and Information Systems
Android platform has dominated the smart phone market for years now and, consequently, gained a lot of attention from attackers. Malicious apps (malware) pose a serious threat to the security and privacy of Android smart phone users. Available approaches to detect mobile malware based on machine learning rely on features extracted with static analysis or dynamic analysis techniques. Dif- ferent types of machine learning classi ers (such as support vector machine and random forest) deep learning classi ers (based on deep neural networks) are then trained on extracted features, to produce models that can be used to detect mobile malware. …
Automatic Android Deprecated-Api Usage Update By Learning From Single Updated Example, Stefanus A. Haryono, Ferdian Thung, Hong Jin Kang, Lucas Serrano, Gilles Muller, Julia Lawall, David Lo, Lingxiao Jiang
Automatic Android Deprecated-Api Usage Update By Learning From Single Updated Example, Stefanus A. Haryono, Ferdian Thung, Hong Jin Kang, Lucas Serrano, Gilles Muller, Julia Lawall, David Lo, Lingxiao Jiang
Research Collection School Of Computing and Information Systems
Due to the deprecation of APIs in the Android operating system, developers have to update usages of the APIs to ensure that their applications work for both the past and current versions of Android. Such updates may be widespread, non-trivial, and time-consuming. Therefore, automation of such updates will be of great benefit to developers. AppEvolve, which is the state-of-the-art tool for automating such updates, relies on having before- and after-update examples to learn from. In this work, we propose an approach named CocciEvolve that performs such updates using only a single after-update example. CocciEvolve learns edits by extracting the relevant …
Understanding The Relation Between Repeat Developer Interactions And Bug Resolution Times In Large Open Source Ecosystems: A Multisystem Study, Subhajit Datta, Reshma Roychoudhuri, Subhashis Majumder
Understanding The Relation Between Repeat Developer Interactions And Bug Resolution Times In Large Open Source Ecosystems: A Multisystem Study, Subhajit Datta, Reshma Roychoudhuri, Subhashis Majumder
Research Collection School Of Computing and Information Systems
Large‐scale software systems are being increasingly built by distributed teams of developers who interact across geographies and time zones. Ensuring smooth knowledge transfer and the percolation of skills within and across such teams remain key challenges for organizations. Towards addressing this challenge, organizations often grapple with questions around whether and how repeat collaborations between members of a team relate to outcomes of important activities. In the context of this paper, the word ‘repeat interaction’ does not imply a greater number of interactions; it refers to repeat interaction between a pair of developers who have collaborated before. In this paper, we …
Automated Deprecated-Api Usage Update For Android Apps: How Far Are We?, Ferdian Thung, Stefanus Agus Haryono, Lucas Serrano, Gilles Muller, Julia Lawall, David Lo, Lingxiao Jiang
Automated Deprecated-Api Usage Update For Android Apps: How Far Are We?, Ferdian Thung, Stefanus Agus Haryono, Lucas Serrano, Gilles Muller, Julia Lawall, David Lo, Lingxiao Jiang
Research Collection School Of Computing and Information Systems
As the Android API evolves, some API methods may be deprecated, to be eventually removed. App developers face the challenge of keeping their apps up-to-date, to ensure that the apps work in both older and newer Android versions. Currently, AppEvolve is the state-of-the-art approach to automate such updates, and it has been shown to be quite effective. Still, the number of experiments reported is moderate, involving only API usage updates in 41 usage locations. In this work, we replicate the evaluation of AppEvolve and assess whether its effectiveness is generalizable. Given the set of APIs on which AppEvolve has been …
Towards Generating Transformation Rules Without Examples For Android Api Replacement, Ferdian Thung, Hong Jin Kang, Lingxiao Jiang, David Lo
Towards Generating Transformation Rules Without Examples For Android Api Replacement, Ferdian Thung, Hong Jin Kang, Lingxiao Jiang, David Lo
Research Collection School Of Computing and Information Systems
Deprecation of APIs in software libraries is common when library maintainers make changes to a library and will no longer support certain APIs in the future. When deprecation occurs, developers whose programs depend on the APIs need to replace the usages of the deprecated APIs sooner or later. Often times, software documentation specifies which new APIs the developers should use in place of a deprecated API. However, replacing the usages of a deprecated API remains a challenge since developers may not know exactly how to use the new APIs. The developers would first need to understand the API changes before …
Tinyvisor: An Extensible Secure Framework On Android Platforms, Dong Shen, Zhoujun Li, Xiaojing Su, Jinxin Ma, Deng, Robert H.
Tinyvisor: An Extensible Secure Framework On Android Platforms, Dong Shen, Zhoujun Li, Xiaojing Su, Jinxin Ma, Deng, Robert H.
Research Collection School Of Computing and Information Systems
As the utilization of mobile platform keeps growing, the security issue of mobile platform becomes a serious threat to user privacy. The current security measures mainly focus on the application level and the framework level, with little protection on the kernel. Virtualization technologies have been used in x86 platforms to protect the security of the kernel. With a higher privilege than the guest operating system, the hypervisor can effectively detect and defend against the malicious activity inside the guest kernel. In this paper, we build a hypervisor framework called TinyVisor leveraging the ARM virtualization extensions to protect the guest system …
On Locating Malicious Code In Piggybacked Android Apps, Li Li, Daoyuan Li, Tegawende F. Bissyande, Jacques Klein, Haipeng Cai, David Lo, Yves Le Traon
On Locating Malicious Code In Piggybacked Android Apps, Li Li, Daoyuan Li, Tegawende F. Bissyande, Jacques Klein, Haipeng Cai, David Lo, Yves Le Traon
Research Collection School Of Computing and Information Systems
To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth of piggybacked apps, we are able to automatically …
Automated Android Application Permission Recommendation, Lingfeng Bao, David Lo, Xin Xia, Shanping Li
Automated Android Application Permission Recommendation, Lingfeng Bao, David Lo, Xin Xia, Shanping Li
Research Collection School Of Computing and Information Systems
The number of Android applications has increased rapidly as Android is becoming the dominant platform in the smartphone market. Security and privacy are key factors for an Android application to be successful. Android provides a permission mechanism to ensure security and privacy. This permission mechanism requires that developers declare the sensitive resources required by their applications. On installation or during runtime, users are required to agree with the permission request. However, in practice, there are numerous popular permission misuses, despite Android introducing official documents stating how to use these permissions properly. Some data mining techniques (e.g., association rule mining) have …
Toward Accurate Network Delay Measurement On Android Phones, Weichao Li, Daoyuan Wu, Rocky K. C. Chang, Ricky K. P. Mok
Toward Accurate Network Delay Measurement On Android Phones, Weichao Li, Daoyuan Wu, Rocky K. C. Chang, Ricky K. P. Mok
Research Collection School Of Computing and Information Systems
Measuring and understanding the performance of mobile networks is becoming very important for end users and operators. Despite the availability of many measurement apps, their measurement accuracy has not received sufficient scrutiny. In this paper, we appraise the accuracy of smartphone-based network performance measurement using the Android platform and the network round-trip time (RTT) as the metric. We show that two of the most popular measurement apps-Ookla Speedtest and MobiPerf-have their RTT measurements inflated. We build three test apps that cover three common measurement methods and evaluate them in a testbed. We overcome the main challenge of obtaining a complete …
Exploiting Android System Services Through Bypassing Service Helpers, Yachong Gu, Yao Cheng, Lingyun Ying, Yemian Lu, Qi Li, Purui Su
Exploiting Android System Services Through Bypassing Service Helpers, Yachong Gu, Yao Cheng, Lingyun Ying, Yemian Lu, Qi Li, Purui Su
Research Collection School Of Computing and Information Systems
Android allows applications to communicate with system service via system service helper so that applications can use various functions wrapped in the system services. Meanwhile, system services leverage the service helpers to enforce security mechanisms, e.g. input parameter validation, to protect themselves against attacks. However, service helpers can be easily bypassed, which poses severe security and privacy threats to system services, e.g., privilege escalation, function execution without users’ interactions, system service crash, and DoS attacks. In this paper, we perform the first systematic study on such vulnerabilities and investigate their impacts. We develop a tool to analyze all system services …
Android Repository Mining For Detecting Publicly Accessible Functions Missing Permission Checks, Huu Hoang Nguyen, Lingxiao Jiang, Thanh Tho Quan
Android Repository Mining For Detecting Publicly Accessible Functions Missing Permission Checks, Huu Hoang Nguyen, Lingxiao Jiang, Thanh Tho Quan
Research Collection School Of Computing and Information Systems
Android has become the most popular mobile operating system. Millions of applications, including many malware, haven been developed for it. Even though its overall system architecture and many APIs are documented, many other methods and implementation details are not, not to mention potential bugs and vulnerabilities that may be exploited. Manual documentation may also be easily outdated as Android evolves constantly with changing features and higher complexities. Techniques and tool supports are thus needed to automatically extract information from different versions of Android to facilitate whole-system analysis of undocumented code. This paper presents an approach for alleviating the challenges associated …
On The Effectiveness Of Virtualization Based Memory Isolation On Multicore Platforms, Siqi Zhao, Xuhua Ding
On The Effectiveness Of Virtualization Based Memory Isolation On Multicore Platforms, Siqi Zhao, Xuhua Ding
Research Collection School Of Computing and Information Systems
Virtualization based memory isolation has beenwidely used as a security primitive in many security systems.This paper firstly provides an in-depth analysis of itseffectiveness in the multicore setting; a first in the literature.Our study reveals that memory isolation by itself is inadequatefor security. Due to the fundamental design choices inhardware, it faces several challenging issues including pagetable maintenance, address mapping validation and threadidentification. As demonstrated by our attacks implementedon XMHF and BitVisor, these issues undermine the security ofmemory isolation. Next, we propose a new isolation approachthat is immune to the aforementioned problems. In our design,the hypervisor constructs a fully isolated micro …
Whole-System Analysis For Understanding Publicly Accessible Functions In Android, Huu Hoang Nguyen, Lingxiao Jiang, Thanh Tho Quan
Whole-System Analysis For Understanding Publicly Accessible Functions In Android, Huu Hoang Nguyen, Lingxiao Jiang, Thanh Tho Quan
Research Collection School Of Computing and Information Systems
Android has become the most popular mobile operating system. Millions of applications, including many malwares, haven been developed for it. Android itself evolves constantly with changing features and higher complexities. It is challenging for application developers to keep up with the changes and maintain the compatibility of their apps across Android versions. Therefore, there are many challenges for application analysis tools to accurately model and analyze app behaviors across Android versions. Even though the overall system architecture of Android and many APIs are documented, many other APIs and implementation details are not, not to mention potential bugs and vulnerabilities. Techniques …
H-Binder: A Hardened Binder Framework On Android Systems, Dong Shen, Zhangkai Zhang, Xuhua Ding, Zhoujun Li, Robert H. Deng
H-Binder: A Hardened Binder Framework On Android Systems, Dong Shen, Zhangkai Zhang, Xuhua Ding, Zhoujun Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
The Binder framework is at the core of Android systems due to its fundamental role for interprocess communications. Applications use the Binder to perform high level tasks such as accessing location information. The importance of the Binder makes it an attractive target for attackers. Rootkits on Android platforms can arbitrarily access any Binder transaction data and therefore have system-wide security impact. In this paper, we propose H-Binder to secure the Binder IPC channel between two applications. It runs transparently with Android and COTS applications without making changes on their binaries. In this work, we design a bare-metal ARM hypervisor with …
Demystifying And Puncturing The Inflated Delay In Smartphone-Based Wifi Network Measurement, Weichao Li, Daoyuan Wu, Rocky K. C. Chang, Ricky K. P. Mok
Demystifying And Puncturing The Inflated Delay In Smartphone-Based Wifi Network Measurement, Weichao Li, Daoyuan Wu, Rocky K. C. Chang, Ricky K. P. Mok
Research Collection School Of Computing and Information Systems
Using network measurement apps has become a very effective approach to crowdsourcing WiFi network performance data. However, these apps usually measure the user-level performancemetrics instead of the network-level performance which is important for diagnosing performance problems. In this paper we report for the first time that a major source of measurement noises comes from the periodical SDIO (Secure Digital Input Output) bus sleep inside the phone. The additional latency introduced by SDIO and Power Saving Mode can inflate and unstablize network delay measurement significantly. We carefully design and implement a scheme to wake up the phone for delay measurement by …
A Study On A Feasible No-Root Approach On Android, Yao Cheng, Yingjiu Li, Deng, Robert H., Lingyun Ying, Wei He
A Study On A Feasible No-Root Approach On Android, Yao Cheng, Yingjiu Li, Deng, Robert H., Lingyun Ying, Wei He
Research Collection School Of Computing and Information Systems
Root is the administrative privilege on Android, which is however inaccessible on stock Android devices. Due to the desire for privileged functionalities and the reluctance of rooting their devices, Android users seek for no-root approaches, which provide users with part of root privileges without rooting their devices. Existing no-root approaches require users to launch a separate service via Android Debug Bridge (ADB) on an Android device, which would perform user-desired tasks. However, it is unusual for a third-party Android application to work with a separate native service via sockets, and it requires the application developers to have extra knowledge such …
What Permissions Should This Android App Request?, Lingfeng Bao, David Lo, Xin Xia, Shanping Li
What Permissions Should This Android App Request?, Lingfeng Bao, David Lo, Xin Xia, Shanping Li
Research Collection School Of Computing and Information Systems
As Android is one of the most popular open source mobile platforms, ensuring security and privacy of Android applications is very important. Android provides a permission mechanism which requires developers to declare sensitive resources their applications need, and users need to agree with this request when they install (for Android API level 22 or lower) or run (for Android API level 23) these applications. Although Android provides very good official documents to explain how to properly use permissions, unfortunately misuses even for the most popular permissions have been reported. Recently, Karim et al. propose an association rule mining based approach …
A Feasible No-Root Approach On Android, Yao Cheng, Yingjiu Li, Robert H. Deng
A Feasible No-Root Approach On Android, Yao Cheng, Yingjiu Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
Root is the administrative privilege on Android, which is however inaccessible on stock Android devices. Due to the desire for privileged functionalities and the reluctance of rooting their devices, Android users seek for no-root approaches, which provide users with part of root privileges without rooting their devices. In this paper, we newly discover a feasible no-root approach based on the ADB loopback. To ensure such no-root approach is not misused proactively, we examine its dark side, including privacy leakage via logs and user input inference. Finally, we discuss the solutions and suggestions from different perspectives.
Iccdetector: Icc-Based Malware Detection On Android, Xu Ke, Yingjiu Li, Robert H. Deng
Iccdetector: Icc-Based Malware Detection On Android, Xu Ke, Yingjiu Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
Most existing mobile malware detection methods (e.g., Kirin and DroidMat) are designed based on the resources required by malwares (e.g., permissions, application programming interface (API) calls, and system calls). These methods capture the interactions between mobile apps and Android system, but ignore the communications among components within or cross application boundaries. As a consequence, the majority of the existing methods are less effective in identifying many typical malwares, which require a few or no suspicious resources, but leverage on inter-component communication (ICC) mechanism when launching stealthy attacks. To address this challenge, we propose a new malware detection method, named ICCDetector. …
Smartphones And Ble Services: Empirical Insights, Meera Radhakrishnan, Archan Misra, Rajesh Krishna Balan, Youngki Lee
Smartphones And Ble Services: Empirical Insights, Meera Radhakrishnan, Archan Misra, Rajesh Krishna Balan, Youngki Lee
Research Collection School Of Computing and Information Systems
Driven by the rapid market growth of sensors and beacons that offer Bluetooth Low Energy (BLE) based connectivity, this paper empirically investigates the performance characteristics of the BLE interface on multiple Android smartphones, and the consequent impact on a proposed BLE-based service: continuous indoor location. We first use extensive measurement studies with multiple Android devices to establish that the BLE interface on current smartphones is not as "low-energy" as nominally expected, and establish that continuous use of such a BLE interface is not feasible unless we choose a moderately large scan interval and a low duty cycle. We then explore …
Towards Automatic Generation Of Security-Centric Descriptions For Android Apps, Mu Zhang, Yue Duan, Qian Feng, Heng Yin
Towards Automatic Generation Of Security-Centric Descriptions For Android Apps, Mu Zhang, Yue Duan, Qian Feng, Heng Yin
Research Collection School Of Computing and Information Systems
To improve the security awareness of end users, Android markets directly present two classes of literal app information: 1) permission requests and 2) textual descriptions. Unfortunately, neither can serve the needs. A permission list is not only hard to understand but also inadequate; textual descriptions provided by developers are not security-centric and are significantly deviated from the permissions. To fill in this gap, we propose a novel technique to automatically generate security-centric app descriptions, based on program analysis. We implement a prototype system, DESCRIBEME, and evaluate our system using both DroidBench and real-world Android apps. Experimental results demonstrate that DESCRIBEME …
Understanding The Test Automation Culture Of App Developers, Pavneet Singh Kochhar, Ferdian. Thung, Nachiappan Nagappan, Thomas Zimmermann, David Lo
Understanding The Test Automation Culture Of App Developers, Pavneet Singh Kochhar, Ferdian. Thung, Nachiappan Nagappan, Thomas Zimmermann, David Lo
Research Collection School Of Computing and Information Systems
Smartphone applications (apps) have gained popularity recently. Millions of smartphone applications (apps) are available on different app stores which gives users plethora of options to choose from, however, it also raises concern if these apps are adequately tested before they are released for public use. In this study, we want to understand the test automation culture prevalent among app developers. Specifically, we want to examine the current state of testing of apps, the tools that are commonly used by app developers, and the problems faced by them. To get an insight on the test automation culture, we conduct two different …
Semantics-Aware Android Malware Classification Using Weighted Contextual Api Dependency Graphs, Mu Zhang, Yue Duan, Heng Yin, Zhiruo Zhao
Semantics-Aware Android Malware Classification Using Weighted Contextual Api Dependency Graphs, Mu Zhang, Yue Duan, Heng Yin, Zhiruo Zhao
Research Collection School Of Computing and Information Systems
The drastic increase of Android malware has led to a strong interest in developing methods to automate the malware analysis process. Existing automated Android malware detection and classification methods fall into two general categories: 1) signature-based and 2) machine learning-based. Signature-based approaches can be easily evaded by bytecode-level transformation attacks. Prior learning-based works extract features from application syntax, rather than program semantics, and are also subject to evasion. In this paper, we propose a novel semantic-based approach that classifies Android malware via dependency graphs. To battle transformation attacks, we extract a weighted contextual API dependency graph as program semantics to …
Perspectives On Task Ownership In Mobile Operating System Development [Invited Talk], Subhajit Datta
Perspectives On Task Ownership In Mobile Operating System Development [Invited Talk], Subhajit Datta
Research Collection School Of Computing and Information Systems
There can be little contention about Stroustrup's epigrammatic remark: our civilization runs on software. However a caveat is increasingly due, much of the software that runs our civilization, runs on mobile devices today. Mobile operating systems have come to play a preeminent role in the ubiquity and utility of such devices. The development ecosystem of Android - one of the most popular mobile operating systems - presents an interesting context for studying whether and how collaboration dynamics in mobile development differ from conventional software development. In this paper, we examine factors that influence task ownership in Android development. Our results …