Upload File

detecting potentially malicious behavior in mobile apps

  • Home
  • Documents
  • Detecting Potentially Malicious Behavior in Mobile Apps
of 32 /32
Detecting Potentially Malicious Behavior in Mobile Apps with Static Code Analysis on Android OS Pascal Gadient AS2016 Seminar Software Composition University of Bern

Author: others

Post on 09-Jan-2022

8 views

Category:

Documents


0 download

Report

Embed Size (px)

TRANSCRIPT

PowerPoint-PräsentationMobile Apps
Pascal Gadient
2AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
4. Evaluation
6. Conclusions
3AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
1.1 Introduction -
Problem Statement
- Many security issues in media / web frameworks
- Many security issues in HW drivers
- Evolving «Freemium» apps
- Collection of personal data
- Phishing
4AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
1.1 Introduction -
Problem Statement
(SCAFME)
5AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
1.2 Introduction -
Static Code Analysis - Applied on Android apps with FlowDroid[1]
Feature Model - Methods / Classes
6AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
2
Workflows
7AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
2.1 Workflows -
8AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
Ubelix
- ZIP integrity (TOC validity)
9AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
2.3 Workflows -
Data Extraction
System overview
10AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
Front End
Job Engine
2.4 Workflows -
Data Filtering
- ORCA outlier removal
CSV file creation
11AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
2.5 Workflows -
Data Analysis
12AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
2.6 Workflows -
Data Consolidation
- Calculation of final scores
13AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
3
Measures
14AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
3.1 Measures -
15AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
3.2 Measures -
16AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
Source Class : Source Method
- Categorization of flows
17AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
4
Evaluation
18AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
4.1 Evaluation -
Computational Complexity
Testbed configuration: - 8 CPU cores (x64)
- 80 GB RAM
- 3 hours runtime
Still insufficient memory and CPU
# There is insufficient memory for the Java Runtime Environment to continue. # Native memory allocation (malloc) failed to allocate 4088 bytes for AllocateHeap # Possible reasons: # The system is out of physical RAM or swap space # In 32 bit mode, the process size limit was hit
19AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
4.2 Evaluation -
Data Set
- Includes 2,800 benign apps
- Includes 15,097 malign apps
20AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
4.3 Evaluation -
MudFlow - Low-quality settings
21AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
4.4 Evaluation -
SVM Parameters
- Predicts each SuSi category count
- Comparison of measured and predicted value
Method "one-classifier" - Traditional classification model for novelty detection
- Settings from MudFlow
- Classifies measured values into "similar" or "not similar"
22AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
5
Results
23AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
5.1 Results -
24AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
5.2 Results -
25AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
5.3 Results -
26AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
6
Conclusions
27AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
6.1 Conclusions -
Real-World Applications
Behavorial anti-malware rankings
Malware evolution analysis
Malware trend prediction
28AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
6.2 Conclusions -
Future Work
Work on current analysis - Optimization of feature selection / SVM parameters
- More comprehensive source / sink lists
- Speed improvements
- Evaluation of in-app-string features
29AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
7
References
30AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps
7.1 References
"FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android
Apps", PLDI 2014, 2014
[2] S. D. Bay, M. Schwabacher
"Mining Distance-Based Outliers in Near Linear Time with Randomization and a Simple Pruning Rule",
Proceedings of The Ninth ACM SIGKDD International Conference on Knowledge Discovery and Data
Mining, 2003
https://www.st.cs.uni-saarland.de/appmining/mudflow/icse2015-mudflow.pdf
[4] Steven Arzt, Siegfried Rasthofer, and Eric Bodden
"SuSi: A tool for the fully automated classification and categorization of android sources and sinks",
Technical Report TUD-CS-2013-0114, EC SPRIDE, 2013
https://www.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_CASED/Publikationen/TUD-CS-2013-
0114.pdf
31AS2016 – Seminar SC – Detecting Potentially Malicious Behavior in Mobile Apps

FRAppE: Detecting Malicious Facebook Applicationsconferences.sigcomm.org/co-next/2012/eproceedings/conext/p313.pdf · FRAppE: Detecting Malicious Facebook Applications Md Sazzadur
Detecting Malicious SMB Activity Bro. | GIAC
FRAppE : Detecting Malicious Facebook Applications
FRAppE: Detecting Malicious Facebook Applicationsweb.eecs.umich.edu/~harshavm/papers/frappe_conext12.pdfFRAppE: Detecting Malicious Facebook Applications Md Sazzadur Rahman, Ting-Kai
Adaptively Detecting Malicious Queries in Web Attacks
Detecting malicious web pages with MonkeyWrench
Detecting Malicious Packet Losses - seminor topic
Intrusion Detection System for Detecting Malicious Nodes in …dspace.nitrkl.ac.in/dspace/bitstream/2080/1540/1/SKJENA...Intrusion Detection System for Detecting Malicious Nodes in
Detecting Malicious Accounts in Online Developer ...user.informatik.uni-goettingen.de/~ychen/papers/GitSec...Detecting Malicious Accounts in Online Developer Communities Using Deep
FRAppE: Detecting Malicious Facebook Applications fileFRAppE: Detecting Malicious Facebook Applications Md Sazzadur Rahman, Ting-Kai Huang, Harsha V. Madhyastha, and Michalis Faloutsos
Detecting malicious tampering in digital imagespacific.jour.auth.gr/wp-content/uploads/2017/11/Zampoglou.pdf · Detecting malicious tampering in digital images Markos Zampoglou -
Lessons from running potentially malicious code inside containers
Detecting Malicious Accounts in Social -Network -Based ... · Detecting Malicious Accounts in Social -Network -Based Online Promotions 1Dr M Praveen Kumar, Professor, Department of
Detecting Malicious Packet Losses PPT
DETECTING AND CHARACTERIZING MALICIOUS WEBSITES
Detecting malicious facebook applicationsi
DETECTING MALICIOUS USAGE OF ONLINE SOCIAL NETWORK
Detecting Malicious Routers - UCSD CSEamizrak/papers/dissertation07/Mizrak... · Chapter 5 Detecting Malicious Routers ... Transit packet byte counters ... tecting and Isolating Malicious
Guilt-by-Association: Detecting Malicious Entities via
Detecting malicious facebook applications
Detecting malicious network activity using flow data and
FRAppE: Detecting Malicious Facebook Applicationsrahmanm/papers/frappe.pdfFRAppE: Detecting Malicious Facebook Applications Md Sazzadur Rahman, Ting-Kai Huang, Harsha V. Madhyastha,
Detecting Malicious Social Bots Based on Clickstream Sequenceszzhang/papers/Detecting Malicious Social Bots ba… · INDEX TERMS Online social network, social bots, user behavior,
DETECTING MALICIOUS CLIENTS IN ISP NETWORKS USING …
A Survey on Detecting Malicious Facebook Applications using
Detecting Malicious Accounts in Online Developer ...ychen/papers/GitSec-CIKM… · Detecting Malicious Accounts in Online Developer Communities Using Deep Learning Qingyuan Gong1,2,
EvilCohort: Detecting Communities of Malicious Accounts on
FRAppE: Detecting Malicious Facebook Applicationsalumni.cs.ucr.edu/~rahmanm/papers/frappe.pdf · FRAppE: Detecting Malicious Facebook Applications Md Sazzadur Rahman, Ting-Kai Huang,
Detecting Malicious Packet Losses
RESEARCH Open Access Detecting unknown malicious code by
Detecting Malicious Apps on Online Social Network's
Detecting Malicious Js With Snort Razorback
PlatPal: Detecting Malicious Documents with Platform Diversity
Detecting Malicious Executables
Intrusion Detection System for Detecting Malicious Nodes in