Please use this identifier to cite or link to this item:
http://hdl.handle.net/10397/105730
Title: | Revisiting the description-to-behavior fidelity in Android applications | Authors: | Yu, L Luo, X Qian, C Wang, S |
Issue Date: | 2016 | Source: | 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER), 14–18 March 2016, Osaka, Japan, v. 1, p. 415-426 | Abstract: | Since more than 96% of mobile malware targets on Android platform, various techniques based on static code analysis or dynamic behavior analysis have been proposed to detect malicious applications. As malware is becoming more complicated and stealthy, recent research proposed a promising detection approach that looks for the inconsistency between an application's permissions and its description. In this paper, we revisit this approach and find that using description and permission will lead to many false positives. Therefore, we propose employing app's privacy policy and its bytecode to enhance description and permission for malware detection. It is non-trivial to automatically analyze privacy policy and perform the cross-verification among these four kinds of software artifacts including, privacy policy, bytecode, description, and permissions. We propose a novel data flow model for analyzing privacy policy, and develop a novel system, named TAPVerifier, for carrying out investigation of individual software artifacts and conducting the cross-verification. The experimental results show that TAPVerifier can analyze privacy policy with a high accuracy and recall rate. More importantly, integrating privacy policy and code level information removes 8.1%-65.5% false positives of existing systems based on description and permission. | Publisher: | Institute of Electrical and Electronics Engineers | ISBN: | 978-1-5090-1855-0 | DOI: | 10.1109/SANER.2016.67 | Rights: | ©2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The following publication L. Yu, X. Luo, C. Qian and S. Wang, "Revisiting the Description-to-Behavior Fidelity in Android Applications," 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER), Osaka, Japan, 2016, pp. 415-426 is available at https://doi.org/10.1109/SANER.2016.67. |
Appears in Collections: | Conference Paper |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
Luo_Revisiting_Description-To-Behavior_Fidelity.pdf | Pre-Published version | 818.46 kB | Adobe PDF | View/Open |
Page views
7
Citations as of Apr 28, 2024
SCOPUSTM
Citations
25
Citations as of Apr 26, 2024
Google ScholarTM
Check
Altmetric
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.