Revisiting the description-to-behavior fidelity in android applications

L. Yu, Xiapu Luo, C.X. Qian, S. Wang

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

Abstract

Since more than 96% of mobile malware targets on Android platform, various techniques based on static code analysis or dynamic behavior analysis have been proposed to detect malicious applications. As malware is becoming more complicated and stealthy, recent research proposed a promising detection approach that looks for the inconsistency between an application's permissions and its description. In this paper, we revisit this approach and find that using description and permission will lead to many false positives. Therefore, we propose employing app's privacy policy and its bytecode to enhance description and permission for malware detection. It is non-trivial to automatically analyze privacy policy and perform the cross-verification among these four kinds of software artifacts including, privacy policy, bytecode, description, and permissions. We propose a novel data flow model for analyzing privacy policy, and develop a novel system, named TAPVerifier, for carrying out investigation of individual software artifacts and conducting the cross-verification. The experimental results show that TAPVerifier can analyze privacy policy with a high accuracy and recall rate. More importantly, integrating privacy policy and code level information removes 8.1%-65.5% false positives of existing systems based on description and permission.
Original languageEnglish
Title of host publicationLecture notes in computer science (including subseries Lecture notes in artificial intelligence and lecture notes in bioinformatics)
PublisherSpringer
Pages415-426
Number of pages12
ISBN (Electronic)9781509018550
DOIs
Publication statusPublished - 2016
EventIEEE International Conference on Software Analysis, Evolution, and Reengineering [SANER] -
Duration: 1 Jan 2016 → …

Conference

ConferenceIEEE International Conference on Software Analysis, Evolution, and Reengineering [SANER]
Period1/01/16 → …

Keywords

  • Description-to-Behavior Fidelity
  • Android Applications
  • Privacy Policy
  • Malware Detection

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this