47 research outputs found
Towards generating transformation rules without examples for android API replacement
National Research Foundation (NRF) Singaporeauthors' own version</p
Automatic Android deprecated-API usage update by learning from single updated example
National Research Foundation (NRF) Singapor
Automated deprecated-API usage update for Android apps: How far are we?
National Research Foundation (NRF) Singapore; ANR ITrans projec
Restoring Execution Environments of Jupyter Notebooks
More than ninety percent of published Jupyter notebooks do not state
dependencies on external packages. This makes them non-executable and thus
hinders reproducibility of scientific results. We present SnifferDog, an
approach that 1) collects the APIs of Python packages and versions, creating a
database of APIs; 2) analyzes notebooks to determine candidates for required
packages and versions; and 3) checks which packages are required to make the
notebook executable (and ideally, reproduce its stored results). In its
evaluation, we show that SnifferDog precisely restores execution environments
for the largest majority of notebooks, making them immediately executable for
end users.Comment: to be published in the 43rd ACM/IEEE International Conference on
Software Engineering (ICSE 2021
Characterizing Deprecated Deep Learning Python APIs: An Empirical Study on TensorFlow
TensorFlow is a widely used machine learning platform, with millions of people using it to create and train models. It is available in a variety of programming languages, including Python, Java, C++, and JavaScript, among which Python is the most commonly used. Along with Tensor- Flowâs evolution, new Python APIs are introduced, while others may be deprecated. Although the characteristics of deprecated APIs in traditional software frameworks such as Android have been extensively researched in recent years, little attention has been paid to how deprecated APIs in TensorFlow evolve and what impact this has on deep learning. In this thesis, we conducted an em- pirical study on deprecated Python APIs in TensorFlow. Our study analyzed 20 TensorFlow releases spanning versions 1.0 to 2.3 to investigate API deprecation and its causes. In addition, we studied projects containing 12 popular deep learning models to identify deprecated API usage. Finally, in order to investigate the potential impact of deprecated APIs on deep learning models, we manually updated the deprecated APIs in these projects to compare model accuracy before and after updating. Our research seeks to provide developers with insight into how TensorFlow deprecated APIs evolve, as well as help them understand why APIs became deprecated and the implications of not updating their models by removing deprecated APIs
GAINDroid: General Automated Incompatibility Notifier for Android Applications
With the ever-increasing popularity of mobile devices over the last decade, mobile apps and the frameworks upon which they are built frequently change. This rapid evolution leads to a confusing jumble of devices and applications utilizing differing features even within the same framework. For Android apps and devices, representing over 80% of the market share, mismatches between the version of the Android operating system installed on a device and the version of the app installed, can lead to several run-time crashes, providing a poor user experience.
This thesis presents GAINDroid, an analysis approach, backed with a classloader based program analyzer, that automatically detects three types of mismatches to which an app may be vulnerable across versions of the Android API it supports. Unlike all prior techniques that focus on identifying a particular problem, such as callback APIs issues, GAINDroid has the potential to greatly increase the scope of the analysis by automatically and effectively analyzing various sources of incompatibilities that may lead an app to crash at run-time. We applied GAINDroid to 3,590 real-world apps and compared the results of our analysis against state-of-the-art tools. The experimental results demonstrate its ability to outperform the existing analysis techniques in terms of both the number and type of mismatches correctly identified as well as run-time performance of the analysis.
Adviser: Hamid Bagher
Explainable AI for Android Malware Detection: Towards Understanding Why the Models Perform So Well?
Machine learning (ML)-based Android malware detection has been one of the
most popular research topics in the mobile security community. An increasing
number of research studies have demonstrated that machine learning is an
effective and promising approach for malware detection, and some works have
even claimed that their proposed models could achieve 99\% detection accuracy,
leaving little room for further improvement. However, numerous prior studies
have suggested that unrealistic experimental designs bring substantial biases,
resulting in over-optimistic performance in malware detection. Unlike previous
research that examined the detection performance of ML classifiers to locate
the causes, this study employs Explainable AI (XAI) approaches to explore what
ML-based models learned during the training process, inspecting and
interpreting why ML-based malware classifiers perform so well under unrealistic
experimental settings. We discover that temporal sample inconsistency in the
training dataset brings over-optimistic classification performance (up to 99\%
F1 score and accuracy). Importantly, our results indicate that ML models
classify malware based on temporal differences between malware and benign,
rather than the actual malicious behaviors. Our evaluation also confirms the
fact that unrealistic experimental designs lead to not only unrealistic
detection performance but also poor reliability, posing a significant obstacle
to real-world applications. These findings suggest that XAI approaches should
be used to help practitioners/researchers better understand how do AI/ML models
(i.e., malware detection) work -- not just focusing on accuracy improvement.Comment: Accepted by the 33rd IEEE International Symposium on Software
Reliability Engineering (ISSRE 2022
Mining Android Crash Fixes in the Absence of Issue- and Change-Tracking Systems
Android apps are prone to crash. This often arises from the misuse of Android framework APIs, making it harder to debug since official Android documentation does not discuss thoroughly potential exceptions.Recently, the program repair community has also started to investigate the possibility to fix crashes automatically. Current results, however, apply to limited example cases. In both scenarios of repair, the main issue is the need for more example data to drive the fix processes due to the high cost in time and effort needed to collect and identify fix examples. We propose in this work a scalable approach, CraftDroid, to mine crash fixes by leveraging a set of 28 thousand carefully reconstructed app lineages from app markets, without the need for the app source code or issue reports. We developed a replicative testing approach that locates fixes among app versions which output different runtime logs with the exact same test inputs. Overall, we have mined 104 relevant crash fixes, further abstracted 17 fine-grained fix templates that are demonstrated to be effective for patching crashed apks. Finally, we release ReCBench, a benchmark consisting of 200 crashed apks and the crash replication scripts, which the community can explore for evaluating generated crash-inducing bug patches
Demystifying security and compatibility issues in Android Apps
Never before has any OS been so popular as Android. Existing mobile phones
are not simply devices for making phone calls and receiving SMS messages, but
powerful communication and entertainment platforms for web surfing, social
networking, etc. Even though the Android OS offers powerful communication and
application execution capabilities, it is riddled with defects (e.g., security
risks, and compatibility issues), new vulnerabilities come to light daily, and
bugs cost the economy tens of billions of dollars annually. For example,
malicious apps (e.g., back-doors, fraud apps, ransomware, spyware, etc.) are
reported [Google, 2022] to exhibit malicious behaviours, including privacy
stealing, unwanted programs installed, etc. To counteract these threats, many
works have been proposed that rely on static analysis techniques to detect such
issues. However, static techniques are not sufficient on their own to detect
such defects precisely. This will likely yield false positive results as static
analysis has to make some trade-offs when handling complicated cases (e.g.,
object-sensitive vs. object-insensitive). In addition, static analysis
techniques will also likely suffer from soundness issues because some
complicated features (e.g., reflection, obfuscation, and hardening) are
difficult to be handled [Sun et al., 2021b, Samhi et al., 2022].Comment: Thesi