4,204 research outputs found
Security Code Smells in Android ICC
Android Inter-Component Communication (ICC) is complex, largely
unconstrained, and hard for developers to understand. As a consequence, ICC is
a common source of security vulnerability in Android apps. To promote secure
programming practices, we have reviewed related research, and identified
avoidable ICC vulnerabilities in Android-run devices and the security code
smells that indicate their presence. We explain the vulnerabilities and their
corresponding smells, and we discuss how they can be eliminated or mitigated
during development. We present a lightweight static analysis tool on top of
Android Lint that analyzes the code under development and provides just-in-time
feedback within the IDE about the presence of such smells in the code.
Moreover, with the help of this tool we study the prevalence of security code
smells in more than 700 open-source apps, and manually inspect around 15% of
the apps to assess the extent to which identifying such smells uncovers ICC
security vulnerabilities.Comment: Accepted on 28 Nov 2018, Empirical Software Engineering Journal
(EMSE), 201
Eight years of rider measurement in the Android malware ecosystem: evolution and lessons learned
Despite the growing threat posed by Android malware,
the research community is still lacking a comprehensive
view of common behaviors and trends exposed by malware families
active on the platform. Without such view, the researchers
incur the risk of developing systems that only detect outdated
threats, missing the most recent ones. In this paper, we conduct
the largest measurement of Android malware behavior to date,
analyzing over 1.2 million malware samples that belong to 1.2K
families over a period of eight years (from 2010 to 2017). We
aim at understanding how the behavior of Android malware
has evolved over time, focusing on repackaging malware. In
this type of threats different innocuous apps are piggybacked
with a malicious payload (rider), allowing inexpensive malware
manufacturing.
One of the main challenges posed when studying repackaged
malware is slicing the app to split benign components apart from
the malicious ones. To address this problem, we use differential
analysis to isolate software components that are irrelevant to the
campaign and study the behavior of malicious riders alone. Our
analysis framework relies on collective repositories and recent
advances on the systematization of intelligence extracted from
multiple anti-virus vendors. We find that since its infancy in
2010, the Android malware ecosystem has changed significantly,
both in the type of malicious activity performed by the malicious
samples and in the level of obfuscation used by malware to avoid
detection. We then show that our framework can aid analysts
who attempt to study unknown malware families. Finally, we
discuss what our findings mean for Android malware detection
research, highlighting areas that need further attention by the
research community.Accepted manuscrip
A Multi-view Context-aware Approach to Android Malware Detection and Malicious Code Localization
Existing Android malware detection approaches use a variety of features such
as security sensitive APIs, system calls, control-flow structures and
information flows in conjunction with Machine Learning classifiers to achieve
accurate detection. Each of these feature sets provides a unique semantic
perspective (or view) of apps' behaviours with inherent strengths and
limitations. Meaning, some views are more amenable to detect certain attacks
but may not be suitable to characterise several other attacks. Most of the
existing malware detection approaches use only one (or a selected few) of the
aforementioned feature sets which prevent them from detecting a vast majority
of attacks. Addressing this limitation, we propose MKLDroid, a unified
framework that systematically integrates multiple views of apps for performing
comprehensive malware detection and malicious code localisation. The rationale
is that, while a malware app can disguise itself in some views, disguising in
every view while maintaining malicious intent will be much harder.
MKLDroid uses a graph kernel to capture structural and contextual information
from apps' dependency graphs and identify malice code patterns in each view.
Subsequently, it employs Multiple Kernel Learning (MKL) to find a weighted
combination of the views which yields the best detection accuracy. Besides
multi-view learning, MKLDroid's unique and salient trait is its ability to
locate fine-grained malice code portions in dependency graphs (e.g.,
methods/classes). Through our large-scale experiments on several datasets
(incl. wild apps), we demonstrate that MKLDroid outperforms three
state-of-the-art techniques consistently, in terms of accuracy while
maintaining comparable efficiency. In our malicious code localisation
experiments on a dataset of repackaged malware, MKLDroid was able to identify
all the malice classes with 94% average recall
The hidden image of mobile apps : geographic, demographic, and cultural factors in mobile usage
Peer reviewe
Stack Overflow in Github: Any Snippets There?
When programmers look for how to achieve certain programming tasks, Stack
Overflow is a popular destination in search engine results. Over the years,
Stack Overflow has accumulated an impressive knowledge base of snippets of code
that are amply documented. We are interested in studying how programmers use
these snippets of code in their projects. Can we find Stack Overflow snippets
in real projects? When snippets are used, is this copy literal or does it
suffer adaptations? And are these adaptations specializations required by the
idiosyncrasies of the target artifact, or are they motivated by specific
requirements of the programmer? The large-scale study presented on this paper
analyzes 909k non-fork Python projects hosted on Github, which contain 290M
function definitions, and 1.9M Python snippets captured in Stack Overflow.
Results are presented as quantitative analysis of block-level code cloning
intra and inter Stack Overflow and GitHub, and as an analysis of programming
behaviors through the qualitative analysis of our findings.Comment: 14th International Conference on Mining Software Repositories, 11
page
- …