Towards Automatic Generation of Security-Centric Descriptions for Android Apps

Zhang, Mu; Duan, Yue; Qian, Feng; Yin, Heng

doi:10.1145/2810103.2813669

Cited by 54 publications

(32 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In 2015, Zhang et al [251] argued that the descriptions given to apps contain insufficient security information. The authors presented the DescribeMe system, which generates security-centric descriptions using static analysis.…”

Section: Vulnerabilitymentioning

confidence: 99%

A Survey of App Store Analysis for Software Engineering

Martin

Sarro

Jia

et al. 2017

IIEEE Trans. Software Eng.

338

242

View full text Add to dashboard Cite

App Store Analysis studies information about applications obtained from app stores. App stores provide a wealth of information derived from users that would not exist had the applications been distributed via previous software deployment methods. App Store Analysis combines this non-technical information with technical information to learn trends and behaviours within these forms of software repositories. Findings from App Store Analysis have a direct and actionable impact on the software teams that develop software for app stores, and have led to techniques for requirements engineering, release planning, software design, security and testing. This survey describes and compares the areas of research that have been explored thus far, drawing out common aspects, trends and directions future research should take to address open problems and challenges.

show abstract

Section: Vulnerabilitymentioning

confidence: 99%

A Survey of App Store Analysis for Software Engineering

Martin

Sarro

Jia

et al. 2017

IIEEE Trans. Software Eng.

338

242

View full text Add to dashboard Cite

show abstract

“…Zhang et al [17] developed a novel approach that can use the result of static program analysis to automatically produce security-centric android application descriptions. Yu et al [18] designed AutoPPG to automatically generate correct and readable privacy policy for Android applications by applying natural language processing techniques on the result of static code analysis.…”

Section: Text Generationmentioning

confidence: 99%

Automatically Generating Malware Analysis Reports Using Sandbox Logs

Sun

Fujino

Mori

et al. 2018

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

Bo SUN †, † †a) , Member, Akinori FUJINO † †b) , Nonmember, Tatsuya MORI † †, † † †c) , Member, Tao BAN †d) , Nonmember, Takeshi TAKAHASHI †e) , and Daisuke INOUE †f) , Members SUMMARY Analyzing a malware sample requires much more time and cost than creating it. To understand the behavior of a given malware sample, security analysts often make use of API call logs collected by the dynamic malware analysis tools such as a sandbox. As the amount of the log generated for a malware sample could become tremendously large, inspecting the log requires a time-consuming effort. Meanwhile, antivirus vendors usually publish malware analysis reports (vendor reports) on their websites. These malware analysis reports are the results of careful analysis done by security experts. The problem is that even though there are such analyzed examples for malware samples, associating the vendor reports with the sandbox logs is difficult. This makes security analysts not able to retrieve useful information described in vendor reports. To address this issue, we developed a system called AMAR-Generator that aims to automate the generation of malware analysis reports based on sandbox logs by making use of existing vendor reports. Aiming at a convenient assistant tool for security analysts, our system employs techniques including template matching, API behavior mapping, and malicious behavior database to produce concise human-readable reports that describe the malicious behaviors of malware programs. Through the performance evaluation, we first demonstrate that AMAR-Generator can generate human-readable reports that can be used by a security analyst as the first step of the malware analysis. We also demonstrate that AMAR-Generator can identify the malicious behaviors that are conducted by malware from the sandbox logs; the detection rates are up to 96.74%, 100%, and 74.87% on the sandbox logs collected in 2013, 2014, and 2015, respectively. We also present that it can detect malicious behaviors from unknown types of sandbox logs.

show abstract

“…Asavoae et al describe techniques for detecting collusion of Android malware applications based on their permissions [11], but do not address the detection of attacks from a networking perspective. Similarly, Zhang et al rely on the Android permissions for automatically generating security centric descriptions of applications [12], but also do not consider the validation of networking aspects. Mariconti et al detect malware by building Markov models of the applications, but this approach requires downloading and executing the byte code of the application [13].…”

Section: Related Workmentioning

confidence: 99%

Generation of SDN policies for protecting android environments based on automata learning

Schnepf

Badonnel

Lahmadi

et al. 2018

NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium

View full text Add to dashboard Cite

Software-defined networking offers new opportunities for protecting end users and their applications. In that context, dedicated chains can be built to combine different security functions, such as firewalls, intrusion detection systems and services for preventing data leakage. To configure these security chains, it is important to have an adequate model of the patterns that end user applications exhibit when accessing the network. We propose an automated strategy for learning the networking behavior of end applications using algorithms for generating finite state models. These models can be exploited for inferring SDN policies ensuring that applications respect the observed behavior: such policies can be formally verified and deployed on SDN infrastructures in a dynamic and flexible manner. Our solution is prototypically implemented as a collection of Python scripts that extend our Synaptic verification package. The performance of our strategy is evaluated through extensive experimentations and is compared to the Synoptic and Invarimint automata learning algorithms.

show abstract

Towards Automatic Generation of Security-Centric Descriptions for Android Apps

Cited by 54 publications

References 27 publications

A Survey of App Store Analysis for Software Engineering

A Survey of App Store Analysis for Software Engineering

Automatically Generating Malware Analysis Reports Using Sandbox Logs

Generation of SDN policies for protecting android environments based on automata learning

Contact Info

Product

Resources

About