Improving Logic Bomb Identification in Android Apps via Context-Aware Anomaly Detection
Authors: 
Marco Alecci, 
Jordan Samhi, 
Li Li, Tegawendé F. Bissyandé, 
Jacques KleinAuthors Info & Claims
Marco Alecci, Jordan Samhi, Li Li, Tegawendé F. Bissyandé, Jacques KleinAuthors Info & ClaimsPages 4735 - 4753
Abstract
One prominent tactic used to keep malicious behavior from being detected during dynamic test campaigns is <italic>logic bombs</italic>, where malicious operations are triggered only when specific conditions are satisfied. Defusing logic bombs remains an unsolved problem in the literature. In this work, we propose to investigate Suspicious Hidden Sensitive Operations (SHSOs) as a step toward triaging logic bombs. To that end, we develop a novel hybrid approach that combines static analysis and context-aware anomaly detection techniques to uncover SHSOs, which we predict as likely implementations of logic bombs. Concretely, <sc>Difuzer++</sc> identifies SHSO entry-points using an instrumentation engine and conducting an inter-procedural data-flow analysis. Subsequently, it extracts trigger-specific features to characterize SHSOs. To detect abnormal triggers, we utilize multiple One-Class SVM models, each trained on distinct sets of similar apps to more effectively capture normal behavior patterns. To assess the added value of the context-aware analysis, we compare <sc>Difuzer++</sc> against a baseline approach with no context (that we name <sc>Difuzer</sc>). We show that the context-aware analysis leads to a significant improvement in both the precision and F1 score. Furthermore, the probability of successfully triaging logic bombs among SHSOs increases from 29.7% to 58.8%. All our artifacts are released to the community.
References
[1]
IDC, Smartphone market share. Accessed: Jan., 2021. [Online]. Available: https://www.idc.com/promo/smartphone-market-share/os
[2]
C. Cimpanu, Play store identified as main distribution vector for most android malware. Accessed: Feb., 2021. [Online]. Available: https://www.zdnet.com
[3]
K. Allix, T. F. Bissyandé, J. Klein, and Y. Le Traon, “Androzoo: Collecting millions of android apps for the research community,” in Proc. 13th Int. Conf. Mining Softw. Repositories, 2016, pp. 468–471. [Online]. Available: http://doi.acm.org/10.1145/2901739.2903508
[4]
V. Total, “Virus total free online virus, malware and url scanner,” 2020. [Online]. Available: https://www.virustotal.com/en
[5]
H. Fereidooni, M. Conti, D. Yao, and A. Sperduti, “Anastasia: Android malware detection using static analysis of applications,” in Proc. 8th IFIP Int. Conf. New Technol. Mobility Secur., 2016, pp. 1–5.
[6]
H. Kang, J. wook Jang, A. Mohaisen, and H. K. Kim, “Detecting and classifying android malware using static analysis along with creator information,” Int. J. Distrib. Sensor Netw., vol. 11, no. 6, 2015, Art. no. [Online]. Available: https://doi.org/10.1155/2015/479174
[7]
Y. Fratantonio, A. Bianchi, W. Robertson, E. Kirda, C. Kruegel, and G. Vigna, “Triggerscope: Towards detecting logic bombs in android applications,” in Proc. IEEE Symp. Secur. Privacy, 2016, pp. 377–396.
[8]
D. Papp, L. Buttyán, and Z. Ma, “Towards semi-automated detection of trigger-based behavior for software security assurance,” in Proc. 12th Int. Conf. Availability Rel. Secur., 2017, pp. 1–6.
[9]
Q. Zhao, C. Zuo, B. Dolan-Gavitt, G. Pellegrino, and Z. Lin, “Automatic uncovering of hidden behaviors from input validation in mobile apps,” in Proc. IEEE Symp. Secur. Privacy, 2020, pp. 1106–1120.
[10]
J. Samhi et al., “Jucify: A step towards android code unification for enhanced static analysis,” in Proc. IEEE/ACM 44th Int. Conf. Softw. Eng., 2022, pp. 1232–1244. [Online]. Available: https://doi.ieeecomputersociety.org/10.1145/3510003.3512766
[11]
T. Petsas, G. Voyatzis, E. Athanasopoulos, M. Polychronakis, and S. Ioannidis, “Rage against the virtual machine: Hindering dynamic analysis of android malware,” in Proc. ACM 7th Eur. Workshop Syst. Secur., 2014. [Online]. Available: https://doi.org/10.1145/2592791.2592796
[12]
V. Van Der Veen, H. Bos, and C. Rossow, “Dynamic analysis of android malware,” Internet Web Technol., Master thesis, VU Univ. Amsterdam, 2013. [Online]. Available: https://www.vvdveen.com/publications/MSc.pdf
[13]
C. Zheng et al., “Smartdroid: An automatic system for revealing UI-based trigger conditions in android applications,” in Proc. 2nd ACM Workshop Secur. Privacy Smartphones Mobile Devices, 2012, pp. 93–104.
[14]
L. Xu, D. Zhang, N. Jayasena, and J. Cavazos, “HADM: Hybrid analysis for detection of malware,” in Proc. SAI Intell. Syst. Conf., Y. Bi, S. Kapoor, and R. Bhatia, Eds. Berlin, Germany, Springer International Publishing, 2018, pp. 702–724.
[15]
M. Choudhary and B. Kishore, “Haamd: Hybrid analysis for android malware detection,” in Proc. Int. Conf. Comput. Commun. Inform., 2018, pp. 1–4.
[16]
D. Brumley, C. Hartwig, Z. Liang, J. Newsome, D. Song, and H. Yin, “Automatically identifying trigger-based behavior in malware,” in Botnet Detection. Berlin, Germany: Springer, 2008, pp. 65–88.
[17]
J. Sahs and L. Khan, “A machine learning approach to android malware detection,” in Proc. Eur. Intell. Secur. Inform. Conf., 2012, pp. 141–147.
[18]
N. Peiravian and X. Zhu, “Machine learning for android malware detection using permission and API calls,” in Proc. IEEE 25th Int. Conf. Tools Artif. Intell., 2013, pp. 300–305.
[19]
S. Dong et al., “Understanding android obfuscation techniques: A large-scale investigation in the wild,” in Security and Privacy in Communication Networks, R. Beyah, B. Chang, Y. Li, and S. Zhu Eds., Berlin, Germany: Springer International Publishing, 2018, pp. 172–192.
[20]
E. Erturk, “A case study in open source software security and privacy: Android adware,” in Proc. IEEE World Congr. Internet Secur., 2012, pp. 189–191.
[21]
H. Pieterse and M. S. Olivier, “Android botnets on the rise: Trends and characteristics,” in Proc. IEEE Inf. Secur. South Afr., 2012, pp. 1–5.
[22]
T. Yang, Y. Yang, K. Qian, D. C.-T. Lo, Y. Qian, and L. Tao, “Automated detection and analysis for android ransomware,” in Proc. IEEE 17th Int. Conf. High Perform. Comput. Commun., IEEE 7th Int. Symp. Cyberspace Saf. Secur., IEEE 12th Int. Conf. Embedded Softw. Syst., 2015, pp. 1338–1343.
[23]
M. H. Saad, A. Serageldin, and G. I. Salama, “Android spyware disease and medication,” in Proc. IEEE 2nd Int. Conf. Inf. Secur. Cyber Forensics, 2015, pp. 118–125.
[24]
Y. Zhou and X. Jiang, “Dissecting android malware: Characterization and evolution,” in Proc. IEEE Symp. Secur. Privacy, 2012, pp. 95–109.
[25]
W. Zhou, X. Zhang, and X. Jiang, “Appink: Watermarking android apps for repackaging deterrence,” in Proc. 8th ACM SIGSAC Symp. Inf. Comput. Commun. Secur., 2013, pp. 1–12. [Online]. Available: https://doi.org/10.1145/2484313.2484315
[26]
L. Li, T. F. Bissyande, and J. Klein, “Rebooting research on detecting repackaged android apps: Literature review and benchmark,” IEEE Trans. Softw. Eng., vol. 47, no. 4, pp. 676–693, Apr. 2021.
[27]
L. Li, T. F. Bissyandé, and J. Klein, “Simidroid: Identifying and explaining similarities in android apps,” in Proc. IEEE Trustcom/BigDataSE/ICESS, 2017, pp. 136–143.
[28]
O. Gadyatskaya, A.-L. Lezza, and Y. Zhauniarovich, “Evaluation of resource-based app repackaging detection in android,” in Secure IT Systems, B. B. Brumley and J. Röning, Eds., Berlin, Germany: Springer International Publishing, 2016, pp. 135–151.
[29]
H. G. Rice, “Classes of recursively enumerable sets and their decision problems,” Trans. Amer. Math. Soc., vol. 74, no. 2, pp. 358–366, 1953. [Online]. Available: http://www.jstor.org/stable/1990888
[30]
H. Agrawal et al., “Detecting hidden logic bombs in critical infrastructure software,” in Proc. Int. Conf. Inf. Warfare Secur. Academic Conf. Int. Limited, 2012, pp. 1–11.
[31]
X. Pan, X. Wang, Y. Duan, X. Wang, and H. Yin, “Dark hazard: Learning-based, large-scale discovery of hidden sensitive operations in android apps,” in Proc. Netw. Distrib. Syst. Secur. Symp., 2017, pp. 1–15.
[32]
Y. Fratantonio, A. Bianchi, W. Robertson, E. Kirda, C. Kruegel, and G. Vigna, “Triggerscope: Towards detecting logic bombs in android applications,” in Proc. IEEE Symp. Secur. Privacy, 2016, pp. 377–396.
[33]
A. Gorla, I. Tavecchia, F. Gross, and A. Zeller, “Checking app behavior against app descriptions,” in Proc. ACM 36th Int. Conf. Softw. Eng., 2014, pp. 1025–1035. [Online]. Available: https://doi.org/10.1145/2568225.2568276
[34]
X. Yang, D. Lo, L. Li, X. Xia, T. F. Bissyandé, and J. Klein, “Characterizing malicious android apps by mining topic-specific data flow signatures,” Inf. Softw. Technol., vol. 90, pp. 27–39, 2017. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S095058491730366X
[35]
J. Samhi, L. Li, T. F. Bissyande, and J. Klein, “Difuzer: Uncovering suspicious hidden sensitive operations in android apps,” in Proc. IEEE/ACM 44th Int. Conf. Softw. Eng., 2022, pp. 723–735. [Online]. Available: https://doi.ieeecomputersociety.org/10.1145/3510003.3510135
[36]
V. Chandola, A. Banerjee, and V. Kumar, “Anomaly detection: A survey,” ACM Comput. Surv., vol. 41, no. 3, pp. 1–58, Jul. 2009. [Online]. Available: https://doi.org/10.1145/1541880.1541882
[37]
B. Schölkopf, J. C. Platt, J. Shawe-Taylor, A. J. Smola, and R. C. Williamson, “Estimating the support of a high-dimensional distribution,” Neural Comput., vol. 13, no. 7, pp. 1443–1471, 2001. [Online]. Available: https://doi.org/10.1162/089976601750264965
[38]
D. M. Blei, A. Y. Ng, and M. I. Jordan, “Latent dirichlet allocation,” J. Mach. Learn. Res., vol. 3, pp. 993–1022, 2003. [Online]. Available: http://portal.acm.org/citation.cfm?id=944937
[39]
J. B. MacQueen, “Some methods for classification and analysis of multivariate observations,” in Proc. 5th Berkeley Symp. Math. Statist. Probability, 1967, pp. 281–297.
[40]
O. Topgul, Android malware evasion techniques - emulator detection. Accessed: Dec., 2020. [Online]. Available: https://www.oguzhantopgul.com/2014/12/android-malware-evasion-techniques.html
[41]
S. Alexander-Bown, Android security: Adding tampering detection to your app. Accessed: Feb., 2021. [Online]. Available: https://www.airpair.com/android/posts/adding-tampering-detection-to-your-android-app#4–1-emulator
[42]
H. Dharmdasani, Android.hehe: Malware now disconnects phone calls. Accessed: Dec., 2020. [Online]. Available: https://www.fireeye.com/blog/threat-research/2014/01/android-hehe-malware-now-disconnects-phone-calls.html
[43]
T. Micro, Hacking team spying tool listens to calls. Accessed: Feb., 2021. [Online]. Available: https://www.trendmicro.com
[44]
S. Arzt, S. Rasthofer, and E. Bodden, “Susi: A tool for the fully automated classification and categorization of android sources and sinks,” Univ. of Darmstadt, Tech. Rep. TUDCS-2013–0114, 2013.
[45]
L. Luo, E. Bodden, and J. Späth, “A qualitative analysis of android taint-analysis results,” in Proc. 34th IEEE/ACM Int. Conf. Automated Softw. Eng., 2019, pp. 102–114.
[46]
Y. Nan, Z. Yang, X. Wang, Y. Zhang, D. Zhu, and M. Yang, “Finding clues for your secrets: Semantics-driven, learning-based privacy discovery in mobile apps,” in Proc. Netw. Distrib. Syst. Secur. Symp., 2018, pp. 1–15.
[47]
M. Junaid, D. Liu, and D. Kung, “Dexteroid: Detecting malicious behaviors in android apps using reverse-engineered life cycle models,” Comput. Secur., vol. 59, pp. 92–117, 2016.
[48]
M. Stone, “The path to the payload: Android edition,” 2019. Accessed: Dec., 2020. [Online]. Available: https://cfp.recon.cx/reconmtl2019/talk/TMHQGV/
[49]
C. Gibler, J. Crussell, J. Erickson, and H. Chen, “AndroidLeaks: Automatically detecting potential privacy leaks in android applications on a large scale,” in Trust and Trustworthy Computing, S. Katzenbeisser, E. Weippl, L. J. Camp, M. Volkamer, M. Reiter, and X. Zhang, Eds., Berlin, Germany: Springer, 2012, pp. 291–307.
[50]
S. Arzt et al., “FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps,” SIGPLAN Not., vol. 49, no. 6, pp. 259–269, Jun. 2014. [Online]. Available: https://doi.org/10.1145/2666356.2594299
[51]
F. Wei, S. Roy, X. Ou, and D. Robby, “Amandroid: A precise and general inter-component data flow analysis framework for security vetting of Android apps,” in Proc. ACM SIGSAC Conf. Comput. Commun. Secur., 2014, pp. 1329–1341. [Online]. Available: https://doi.org/10.1145/2660267.2660357
[52]
R. Vallee-Rai and L. J. Hendren, “Jimple: Simplifying java bytecode for analyses and transformations,” McGill University, Tech. Rep., 1998.
[53]
R. Vallée-Rai, P. Co, E. Gagnon, L. Hendren, P. Lam, and V. Sundaresan, “Soot: A Java bytecode optimization framework,” in Proc. CASCON 1st Decade High Impact Papers, 2010, pp. 214–224. [Online]. Available: https://doi.org/10.1145/1925805.1925818
[54]
M. Alecci, J. Samhi, T. F. Bissyandé, and J. Klein, “Revisiting android app categorization,” 2023,.
[55]
W. Martin, F. Sarro, Y. Jia, Y. Zhang, and M. Harman, “A survey of app store analysis for software engineering,” IEEE Trans. Softw. Eng., vol. 43, no. 9, pp. 817–847, Sep. 2017.
[56]
A. Gorla, I. Tavecchia, F. Gross, and A. Zeller, “Checking app behavior against app descriptions,” in Proc. Int. Conf. Softw. Eng., 2014, pp. 292–302.
[57]
D. Surian, S. Seneviratne, A. Seneviratne, and S. Chawla, “App miscategorization detection: A case study on Google play,” IEEE Trans. Knowl. Data Eng., vol. 29, no. 8, pp. 1591–1604, Aug. 2017.
[58]
OpenAI, 2022. [Online]. Available: https://openai.com/blog/introducing-text-and-code-embeddings
[59]
OpenAI, 2023. [Online]. Available: https://github.com/openai/openai-cookbook/blob/main/examples/How_to_count_tokens_with_tiktoken.ipynb
[60]
Google play scraper library, 2019. [Online]. Available: https://pypi.org/project/google-play-scraper/
[61]
Langdetect library, 2015. [Online]. Available: https://pypi.org/project/langdetect/
[62]
S. Ma, S. Wang, D. Lo, R. H. Deng, and C. Sun, “Active semi-supervised approach for checking app behavior against its description,” in Proc. IEEE 39th Annu. Comput. Softw. Appl. Conf., 2015, pp. 179–184.
[63]
C. Zhang, H. Wang, R. Wang, Y. Guo, and G. Xu, “Re-checking app behavior against app description in the context of third-party libraries,” in Proc. Int. Conf. Softw. Eng. Knowl. Eng., 2018, pp. 665–710.
[64]
F. Pedregosa et al., “Scikit-learn: Machine learning in Python,” J. Mach. Learn. Res., vol. 12, pp. 2825–2830, 2011.
[65]
J. D. Team, “Joblib: Running python functions as pipeline jobs,” 2020. [Online]. Available: https://joblib.readthedocs.io/
[66]
S. B. Kotsiantis, I. Zaharakis, and P. Pintelas, “Supervised machine learning: A review of classification techniques,” Emerg. Artif. Intell. Appl. Comput. Eng., vol. 160, no. 1, pp. 3–24, 2007.
[67]
V. N. Vapnik, “An overview of statistical learning theory,” IEEE Trans. Neural Netw., vol. 10, no. 5, pp. 988–999, Sep. 1999.
[68]
H. Xu, C. Caramanis, and S. Mannor, “Robustness and regularization of support vector machines,” J. Mach. Learn. Res., vol. 10, no. 7, pp. 1485–1510, 2009.
[69]
Y. Chen, X. S. Zhou, and T. S. Huang, “One-class SVM for learning in image retrieval,” in Proc. Int. Conf. Image Process., 2001, pp. 34–37.
[70]
L. Li et al., “Understanding android app piggybacking: A systematic study of malicious code grafting,” IEEE Trans. Inf. Forensics Secur., vol. 12, no. 6, pp. 1269–1284, Jun. 2017.
[71]
S. Alam, Z. Qu, R. Riley, Y. Chen, and V. Rastogi, “Droidnative: Automating and optimizing detection of android native code malware variants,” Comput. Secur., vol. 65, pp. 230–246, 2017. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S016740481630164X
[72]
S. Rasthofer, I. Asrar, S. Huber, and E. Bodden, “How current android malware seeks to evade automated code analysis,” in Information Security Theory and Practice, R. N. Akram and S. Jajodia, Eds., Berlin, Germany: Springer International Publishing, 2015, pp. 187–202.
[73]
M. Zheng, M. Sun, and J. C. S. Lui, “DroidTrace: A ptrace based android dynamic analysis system with forward execution capability,” in Proc. Int. Wirel. Commun. Mobile Comput. Conf., 2014, pp. 128–133.
[74]
K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, “Pscout: Analyzing the android permission specification,” in Proc. ACM Conf. Comput. Commun. Secur., 2012, pp. 217–228. [Online]. Available: https://doi.org/10.1145/2382196.2382222
[75]
L. Li et al., “Static analysis of android apps: A systematic literature review,” Inf. Softw. Technol., vol. 88, pp. 67–95, 2017. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S0950584917302987
[76]
O. Lhoták and L. Hendren, “Scaling java points-to analysis using spark,” in Compiler Construction, G. Hedin, Ed., Berlin, Germany: Springer, 2003, pp. 153–169.
[77]
L. Li, T. F. Bissyandé, J. Klein, and Y. L. Traon, “An investigation into the use of common libraries in android apps,” in Proc. IEEE 23rd Int. Conf. Softw. Anal. Evol. Reengineering, 2016, pp. 403–414.
[78]
K. Chen et al., “Following devil's footprints: Cross-platform analysis of potentially harmful libraries on android and IoS,” in Proc. IEEE Symp. Secur. Privacy, 2016, pp. 357–376.
[79]
J. Samhi and A. Bartel, “On the (in)effectiveness of static logic bomb detector for android apps,” in IEEE Trans. Dependable Secure Comput., Aug. 2021. [Online]. Available: https://ieeexplore.ieee.org/document/9524530
[80]
L. Li, T. F. Bissyandé, D. Octeau, and J. Klein, “Droidra: Taming reflection to support whole-program analysis of android apps,” in Proc. 25th Int. Symp. Softw. Testing Anal., 2016, pp. 318–329.
[81]
Y. Xue et al., “Auditing anti-malware tools by evolving android malware and dynamic loading technique,” IEEE Trans. Inf. Forensics Secur., vol. 12, no. 7, pp. 1529–1544, Jul. 2017.
[82]
P. Maiya, A. Kanade, and R. Majumdar, “Race detection for android applications,” ACM SIGPLAN Notices, vol. 49, no. 6, pp. 316–325, 2014.
[83]
C.-M. Lin, J.-H. Lin, C.-R. Dow, and C.-M. Wen, “Benchmark dalvik and native code for android system,” in Proc. IEEE 2nd Int. Conf. Innov. Bio-Inspired Comput. Appl., 2011, pp. 320–323.
[84]
X. Chen, J. Andersen, Z. M. Mao, M. Bailey, and J. Nazario, “Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware,” in Proc. IEEE Int. Conf. Dependable Syst. Netw. FTCS DCC, 2008, pp. 177–186.
[85]
D. Shi, X. Tang, and Z. Ye, “Detecting environment-sensitive malware based on taint analysis,” in Proc. IEEE 8th Int. Conf. Softw. Eng. Serv. Sci., 2017, pp. 322–327.
[86]
X. Jia, G. Zhou, Q. Huang, W. Zhang, and D. Tian, “FindEvasion: An effective environment-sensitive malware detection system for the cloud,” in Proc. Int. Conf. Digit. Forensics Cyber Crime, Springer, 2017, pp. 3–17.
[87]
M. Lindorfer, C. Kolbitsch, and P. M. Comparetti, “Detecting environment-sensitive malware,” in Proc. Int. Workshop Recent Adv. Intrusion Detection, Springer, 2011, pp. 338–357.
[88]
D. Kirat, G. Vigna, and C. Kruegel, “Barecloud: Bare-metal analysis-based evasive malware detection,” in Proc. 23rd USENIX Secur. Symp., 2014, pp. 287–301.
[89]
D. Balzarotti, M. Cova, C. Karlberger, E. Kirda, C. Kruegel, and G. Vigna, “Efficient detection of split personalities in malware,” in Proc. Netw. Distrib. Syst. Secur. Symp., Citeseer, 2010, pp. 1–16.
[90]
L. Bello and M. Pistoia, “Ares: Triggering payload of evasive android malware,” in Proc. IEEE/ACM 5th Int. Conf. Mobile Softw. Eng. Syst., 2018, pp. 2–12.
[91]
V. Avdiienko et al., “Mining apps for abnormal usage of sensitive data,” in Proc. IEEE/ACM 37th IEEE Int. Conf. Softw. Eng., 2015, pp. 426–436.
[92]
I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, “Crowdroid: Behavior-based malware detection system for android,” in Proc. 1st ACM Workshop Secur. Privacy Smartphones Mobile Devices, 2011, pp. 15–26.
[93]
M. Lindorfer, M. Neugschwandtner, L. Weichselbaum, Y. Fratantonio, V. Van Der Veen, and C. Platzer, “Andrubis–1,000,000 apps later: A view on current android malware behaviors,” in Proc. IEEE 3rd Int. Workshop Building Anal. Datasets Gathering Experience Returns Secur., 2014, pp. 3–17.
[94]
K. Tam, S. J. Khan, A. Fattori, and L. Cavallaro, “Copperdroid: Automatic reconstruction of android malware behaviors,” in Proc. Netw. Distrib. Syst. Secur. Symp., 2015.
[95]
A. Mahindru and P. Singh, “Dynamic permissions based android malware detection using machine learning techniques,” in Proc. 10th Innov. Softw. Eng. Conf., 2017, pp. 202–210.
[96]
J. Sahs and L. Khan, “A machine learning approach to android malware detection,” in Proc. IEEE Eur. Intell. Secur. Inform. Conf., 2012, pp. 141–147.
[97]
N. McLaughlin et al., “Deep android malware detection,” in Proc. 7th ACM Conf. Data Appl. Secur. Privacy, 2017, pp. 301–308.
[98]
Y. Feng, S. Anand, I. Dillig, and A. Aiken, “Apposcopy: Semantics-based detection of android malware through static analysis,” in Proc. 22nd ACM SIGSOFT Int. Symp. Found. Softw. Eng., 2014, pp. 576–587.
[99]
L. Li et al., “IccTA: Detecting inter-component privacy leaks in android apps,” in Proc. IEEE/ACM 37th IEEE Int. Conf. Softw. Eng., 2015, pp. 280–291.
[100]
J. Samhi, A. Bartel, T. F. Bissyande, and J. Klein, “RAICC: Revealing atypical inter-component communication in android apps,” in Proc. IEEE/ACM 43rd Int. Conf. Softw. Eng., 2021, pp. 1398–1409. [Online]. Available: https://doi.ieeecomputersociety.org/10.1109/ICSE43902.2021.00126
[101]
W. Enck et al., “TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones,” ACM Trans. Comput. Syst., vol. 32, no. 2, pp. 1–29, 2014.
Index Terms
- Improving Logic Bomb Identification in Android Apps via Context-Aware Anomaly Detection
Index terms have been assigned to the content through auto-classification.
Recommendations
Context-aware Trajectory Anomaly Detection
GeoAnomalies '24: Proceedings of the 1st ACM SIGSPATIAL International Workshop on Geospatial Anomaly DetectionTrajectory anomaly detection is crucial for effective decision-making in urban and human mobility management. Existing methods of trajectory anomaly detection generally focus on training a trajectory generative model and evaluating the likelihood of ...
Robust Anomaly Detection and Localization via Simulated Anomalies
VRCAI '22: Proceedings of the 18th ACM SIGGRAPH International Conference on Virtual-Reality Continuum and its Applications in IndustryAnomaly detection refers to identifying abnormal images and localizing anomalous regions. Reconstruction-based anomaly detection is a commonly used method; however, traditional reconstruction-based methods perform poorly as deep models generalize ...
Pixel-Level Anomaly Detection via Uncertainty-aware Prototypical Transformer
MM '22: Proceedings of the 30th ACM International Conference on MultimediaPixel-level visual anomaly detection, which aims to recognize the abnormal areas from images, plays an important role in industrial fault detection and medical diagnosis. However, it is a challenging task due to the following reasons: i) the large ...
Comments
Information & Contributors
Information
Published In
© 2024 The Authors. This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
Publisher
IEEE Computer Society Press
Washington, DC, United States
Publication History
Published: 26 January 2024
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 06 Jan 2025