Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps frequently need the users' permission, but many of them only a...
详细信息
ISBN:
(纸本)9798350329964
Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps frequently need the users' permission, but many of them only ask for it once-when the user uses the app for the first time-and then they keep and abuse the given permissions. Longing to enhance Android permission security and users' private data protection is the driving factor behind our approach to explore fine-grained context-sensitive permission usage analysis and thereby identify misuses in Android apps. In this work, we propose an approach for classifying the fine-grained permission uses for each functionality of Android apps that a user interacts with. Our approach, named DROIDGEM, relies on mainly three technical components to provide an in-context classification for permission (mis)uses by Android apps for each functionality triggered by users: (1) static inter-procedural control-flowgraphs and call graphs representing each functionality in an app that may be triggered by users' or systems' events through UI-linked event handlers, (2) graph embedding techniques converting graph structures into numerical encoding, and (3) supervised machine learning models classifying (mis)uses of permissions based on the embedding. We have implemented a prototype of DROIDGEM and evaluated it on 89 diverse apps. The results show that DROIDGEM can accurately classify whether permission used by the functionality of an app triggered by a UI-linked event handler is a misuse in relation to manually verified decisions, with up to 95% precision and recall. We believe that such a permission classification mechanism can be helpful in providing fine-grained permission notices in a context related to app users' actions, and improving their awareness of (mis)uses of permissions and private data in Android apps.
To exploit instruction level parallelism in programs over multiple basic blocks, programs should have reducible control flow graphs. However not all programs satisfy this property. A new method, called controlled Node...
详细信息
The malware detection methods are classified into two categories, namely, dynamic analysis (active analysis) and static analysis (passive analysis). These methods undergo unusual obstruction, and challenges that are p...
详细信息
The malware detection methods are classified into two categories, namely, dynamic analysis (active analysis) and static analysis (passive analysis). These methods undergo unusual obstruction, and challenges that are process complexity, limitation over detection accuracy. The static method serves to discover malicious applications using various parameters like permission analysis, signature verification. It can be regularly obfuscated. Dynamic techniques entail investigating the performance of an application by administering it in a restricted environment. The complex version of a portable executable often emerges with an intervention by hardening the dynamic analysis centric malware detection methods. The various constraints of these dynamic and static models contribute to this manuscript represents a Multi-Level Malware detection using Triad Scale (MLMTS) built on regression coefficients. The proposed method MLMTS spans into three levels, such that the first and second level performs static analysis, and the third level performs the dynamic analysis. The second and third levels of the hierarchy invoke upon the ambiguous decision of their respective predecessor level. The proposed work is based on the Machine Learning (ML) model that determines the triad scale by applying linear regression for each level of malware detection. The call sequences of the portable executable, arguments passed to these call sequences and their fallouts (resultant values) in respective order of three levels of the MLMTS method. The experimental study manifests the significance of the proposal compared to the other recent malware detection methods.
An algorithm is given for finding where the variables of a program are active or live. While the algorithm is modeled after that of Kennedy, it is based on the flow graph straightening procedure of Earnest, Balke, and...
详细信息
An algorithm is given for finding where the variables of a program are active or live. While the algorithm is modeled after that of Kennedy, it is based on the flow graph straightening procedure of Earnest, Balke, and Anderson, rather than on Cocke-Allen intervals. Thus it can be applied to any program, without appeal to any additional mechanism such as node splitting.
Source code similarity are increasingly used in application development to identify clones, isolate bugs, and find copy-rights violations. Similar code fragments can be very problematic due to the fact that errors in ...
详细信息
Source code similarity are increasingly used in application development to identify clones, isolate bugs, and find copy-rights violations. Similar code fragments can be very problematic due to the fact that errors in the original code must be fixed in every copy. Other maintenance changes, such as extensions or patches, must be applied multiple times. Furthermore, the diversity of coding styles and flexibility of modern languages makes it difficult and cost ineffective to manually inspect large code repositories. Therefore, detection is only feasible by automatic techniques. We present an efficient and scalable approach for similar code fragment identification based on source code control flow graphs fingerprinting. The source code is processed to generate control flow graphs that are then hashed to create a unique fingerprint of the code capturing semantics as well as syntax similarity. The fingerprints can then be efficiently stored and retrieved to perform similarity search between code fragments. Experimental results from our prototype implementation supports the validity of our approach and show its effectiveness and efficiency in comparison with other solutions.
Software Testing is the most time consuming activity in the software development lifecycle. It is impossible to test everything. Hence, several automated test data generation techniques have been introduced in recent ...
详细信息
ISBN:
(纸本)9781509014903
Software Testing is the most time consuming activity in the software development lifecycle. It is impossible to test everything. Hence, several automated test data generation techniques have been introduced in recent times in order to reduce the effort spent during testing. Search based techniques have been found to be more efficient than normal or random testing. In this paper, we propose to demonstrate the designing framework, implementation and explore the capabilities of a tool to aid in the generation of test data. Our tool is based on generating the optimal set of test cases based on the user defined coverage criteria. We have implemented the system in C++ language and have restricted ourselves to the use of command line interface. We provide the path as well as the test cases generated to the tester making his work of testing a lot easier.
暂无评论