Characterizing malicious Android apps by mining topic-specific data flow signatures

Context: State-of-the-art works on automated detection of Android malware have leveraged app descriptions to spot anomalies w.r.t the functionality implemented, or have used data flow information as a feature to discriminate malicious from benign apps. Although these works have yielded promising performance, we hypothesize that these performances can be improved by a better understanding of malicious behavior. Objective: To characterize malicious apps, we take into account both information on app descriptions, which are indicative of apps’ topics, and information on sensitive data flow, which can be relevant to discriminate malware from benign apps. Method: In this paper, we propose a topic-specific approach to malware comprehension based on app descriptions and data-flow information. First, we use an advanced topic model, adaptive LDA with GA, to cluster apps according to their descriptions. Then, we use information gain ratio of sensitive data flow information to build so-called “topic-specific data flow signatures”. Results: We conduct an empirical study on 3691 benign and 1612 malicious apps. We group them into 118 topics and generate topic-specific data flow signature. We verify the effectiveness of the topic-specific data flow signatures by comparing them with the overall data flow signature. In addition, we perform a deeper analysis on 25 representative topic-specific signatures and yield several implications. Conclusion: Topic-specific data flow signatures are efficient in highlighting the malicious behavior, and thus can help in characterizing malware

Low-Coders, No-Coders, and Citizen Developers in Demand: Examining Knowledge, Skills, and Abilities Through a Job Market Analysis

The emergence of low-code/no-code (LCNC) platform technologies and the resulting increase in citizen development programs are facilitating the democratization of the design, development, and deployment of digital solutions. Citizen developers, non-technical employees who leverage LCNC platforms, are at the heart of this trend. While many firms perceive LCNC and citizen development as a crucial component of their digital transformation strategy, little is known about the evolving roles in this field or the necessary knowledge, skills, and abilities (KSA). To address this knowledge gap, we processed 113,106 job postings published on Indeed.com. Our topic modeling methodology identified 34 KSA topics and classified them into the three domains platform, business, and technology. We contribute to research by empirically demonstrating which competencies are required to successfully work in the LCNC field. Our findings can guide individual professionals and organizations alike