AutoCog

Qu, Zhengyang; Rastogi, Vaibhav; Zhang, Xinyi; Chen, Yan; Zhu, Tiantian; Chen, Zhong

doi:10.1145/2660267.2660287

Cited by 150 publications

(13 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In a combination of static code inspection and text analysis, Watanabe et al [14] present a keyword-based technique to correlate access to privacy-relevant resources with app descriptions. AutoCog [10] correlates permission-related API calls with frequently occurring text fragments. As a result, semantic patterns are derived that can provide an insight into why Android apps request certain permissions.…”

Section: Related Workmentioning

confidence: 99%

Code Between the Lines: Semantic Analysis of Android Applications

Feichtner

Gruber

2020

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

Static and dynamic program analysis are the key concepts researchers apply to uncover security-critical implementation weaknesses in Android applications. As it is often not obvious in which context problematic statements occur, it is challenging to assess their practical impact. While some flaws may turn out to be bad practice but not undermine the overall security level, others could have a serious impact. Distinguishing them requires knowledge of the designated app purpose. In this paper, we introduce a machine learning-based system that is capable of generating natural language text describing the purpose and core functionality of Android apps based on their actual code. We design a dense neural network that captures the semantic relationships of resource identifiers, string constants, and API calls contained in apps to derive a high-level picture of implemented program behavior. For arbitrary applications, our system can predict precise, human-readable keywords and short phrases that indicate the main use-cases apps are designed for. We evaluate our solution on 67,040 real-world apps and find that with a precision between 69% and 84% we can identify keywords that also occur in the developer-provided description in Google Play. To avoid incomprehensible black box predictions, we apply a model explaining algorithm and demonstrate that our technique can substantially augment inspections of Android apps by contributing contextual information.

show abstract

Section: Related Workmentioning

confidence: 99%

Code Between the Lines: Semantic Analysis of Android Applications

Feichtner

Gruber

2020

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

show abstract

“…Another model, AutoCog proposed by Qu et al [3] is based on explicit semantic analysis (ESA) which provides a vectoral representation of a given text, thereby giving a representation of the meaning in the text. The model uses vectoral representations of app descriptions to assess their semantic relatedness to permissions.…”

Section: Related Workmentioning

confidence: 99%

“…If the selected sentence is related to the relevant permission group, it is labeled as 1; if not, it is labeled as 0. Unlike previous studies in the literature [3], [6], AC-Net labelled application descriptions according to permission groups rather than single permission. 9 of these permission groups are belong to dangerous permissions.…”

Section: Modelmentioning

confidence: 99%

“…In this study, a new approach based on NLP and recurrent neural networks (RNNs) is employed in order to fnd inconsistencies between the requested permissions of an application and its metadata. This problem is known as description-tofdelity problem [3] in the literature. Permissions [4] is one of the important security mechanisms introduced by Android, so users have to grant dangerous permissions before their usage.…”

Section: Introduction Mobile Devices Have Become Inevitable Part Of Our Livesmentioning

confidence: 99%

“…We use Porter stemmer[17] 2. https://dynet.readthedocs.io/en/latest/tutorial.html3 The implementation will be publicly available if the paper gets accepted.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Discovering Inconsistencies between Requested Permissions and Application Metadata by using Deep Learning

Alecakir

Kabukçu

Can

et al. 2020

2020 International Conference on Information Security and Cryptology (ISCTURKEY)

View full text Add to dashboard Cite

Android gives us opportunity to extract meaningful information from metadata. From the security point of view, the missing important information in metadata of an application could be a sign of suspicious application, which could be directed for extensive analysis. Especially the usage of dangerous permissions is expected to be explained in app descriptions. The permission-to-description fdelity problem in the literature aims to discover such inconsistencies between the usage of permissions and descriptions. This study proposes a new method based on natural language processing and recurrent neural networks. The effect of user reviews on fnding such inconsistencies is also investigated in addition to application descriptions. The experimental results show that high precision is obtained by the proposed solution, and the proposed method could be used for triage of Android applications.

show abstract

Measuring the risk value of sensitive dataflow path in Android applications

Feng

2016

Security Comm Networks

View full text Add to dashboard Cite

Nowadays, smartphones carry large amounts of user privacy and sensitive data. With the popularity of the Android operating system, the cases of sensitive date leakage in Android applications are on the rise and are causing a great loss to Android users. In order to mitigate this condition, static and dynamic taint analysis are applied to precisely detect sensitive data leakages. These approaches cannot distinguish sensitive data leakages in benign apps from the ones in malicious apps. Recently, the difference on sensitive data flows between benign apps and malicious apps has been found to be significant. In this paper, we further find that there exists great difference between benign and malicious apps on the frequencies of sensitive dataflow paths. This difference can be used to enforce a risk value over every sensitive dataflow path. This risk value can guide the identification of sensitive data leakages in malicious apps. We present RISKPATH, a tool that automatically calculates the risk values for sensitive dataflow paths in Android applications. Applying the result of RISKPATH to MUDFLOW framework, we increase the true positive rate of malware detection by 3.96–6.54% on different datasets with reasonable increase in time and memory consumption. Copyright © 2017 John Wiley & Sons, Ltd.

show abstract

AutoCog

Cited by 150 publications

References 16 publications

Code Between the Lines: Semantic Analysis of Android Applications

Code Between the Lines: Semantic Analysis of Android Applications

Discovering Inconsistencies between Requested Permissions and Application Metadata by using Deep Learning

Measuring the risk value of sensitive dataflow path in Android applications

Contact Info

Product

Resources

About