A Machine-learning Approach for Classifying and Categorizing - - PowerPoint PPT Presentation

a machine learning approach for classifying and
SMART_READER_LITE
LIVE PREVIEW

A Machine-learning Approach for Classifying and Categorizing - - PowerPoint PPT Presentation

Apr 03, 2023 347 likes •535 views

A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks Siegfried Rasthofer, Steven Arzt, Eric Bodden

slide-1
SLIDE 1

 





A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks

Siegfried Rasthofer, Steven Arzt, Eric Bodden

slide-2
SLIDE 2

 





2

slide-3
SLIDE 3

 





3

sources sinks code analysis report potential privacy leaks code analysis

Dynamic Approaches:

TaintDroid [OSDI’10], Aurasium [USENIX’12], “Dr. Android and

  • Mr. Hide“[SPSM’12], etc.

Static Approaches:

ScanDroid [TR 09], DeD [SEC’11], CHEX [CCS’12], LeakMiner [WCSE’12], ScanDal [Most’12], AndroidLeaks [TRUST’12], SAAF [SAC’13], FlowDroid [PLDI’14], etc.

slide-4
SLIDE 4

 





...but wait

4

slide-5
SLIDE 5

 





5

sources sinks code analysis report potential privacy leaks

slide-6
SLIDE 6

 





6

Method TaintDroid SCanDroid DeD

Location.getLongitude() Location.getLatitude() Browser.getAllBookmarks() SmsManager.sendTextMessage Log.d() URL.openConnection()

?

slide-7
SLIDE 7

 





Extracting Sources/Sinks

7

Oracle

...

Android API

...

GoogleGlass API Chromecast API

List of Sources List of Sinks

  • Cat. 1
  • Cat. 2
  • Cat. n

...

  • Cat. 1
  • Cat. 2
  • Cat. n

...

SuSi

slide-8
SLIDE 8

 





8

Machine-Learning Approach

slide-9
SLIDE 9

 





9

Feature-Database: Classification

returns a value

„getter“

specific return-type modifier dataflow to return

slide-10
SLIDE 10

 





10

Feature-Categories:

  • Method name
  • Method has parameters
  • Method’s return type
  • Parameter type
  • Method modifiers
  • Modifiers of declaring class
  • Name of declaring class
  • Dataflow to return value
  • Dataflow from parameter to (abstract) sink

Feature-Database: Classification

slide-11
SLIDE 11

 





11

Feature-Database: Categorization

SMS/MMS Location Calendar Contact

...

SMS/MMS Bluetooth NFC Email Internet

...

slide-12
SLIDE 12

 





12

Evaluation

Ten-fold cross validation:

training

Precision =

T P T P +F P

Recall =

T P T P +F N

better

slide-13
SLIDE 13

 





13

Evaluation

GoogleGlass Chromecast

Manual validation:

  • Google Glass API:

Precision: 98% and Recall: 100%

  • Google Chromecast API:

Precision and Recall: 100%

slide-14
SLIDE 14

 





14

Evaluation

slide-15
SLIDE 15

 





15

Top Source/Sink Methods in Android-Malware

Method TaintDroid SCanDroid DeD

BluetoothAdapter.getAddress() WifiInfo.getMacAddress() Locale.getCountry() WifiInfo.getSSID() GsmCellLocation.getCid() GsmCellLocation.getLac() Location.getLongitude() Location.getLatitude() Browser.getAllBookmarks() SmsManager.sendTextMessage Log.d() URL.openConnection()

slide-16
SLIDE 16

 





16

2 % 5 % 92 %

Android 4.2 API SuSi’s categorized sources SuSi’s categorized sinks

2 % 98 %

Newly discovered sources by SuSi Previously known sources

1 % 99 %

Newly discovered sinks by SuSi Previously known sinks

slide-17
SLIDE 17

 





Open-Source on GitHub: https://github.com/secure-software-engineering/SuSi Siegfried Rasthofer Secure Software Engineering Group (EC-SPRIDE) Email: siegfried.rasthofer@cased.de Blog: http://sse-blog.ec-spride.de

17