deepintent deep icon behavior learning for detecting
play

DeepIntent : Deep Icon-Behavior Learning for Detecting - PowerPoint PPT Presentation

Apr 24, 2023 •354 likes •758 views

DeepIntent : Deep Icon-Behavior Learning for Detecting Intention-Behavior Discrepancy in Mobile Apps Shengqu Xi 1,* , Shao Yang 2 ,* , Xusheng Xiao 2 , Yuan Yao 1 , Yayuan Xiong 1 , Fengyuan Xu 1 , HaoyuWang 3 , Peng Gao 4 , Zhuotao Liu 5 , Feng Xu

  1. DeepIntent : Deep Icon-Behavior Learning for Detecting Intention-Behavior Discrepancy in Mobile Apps Shengqu Xi 1,* , Shao Yang 2 ,* , Xusheng Xiao 2 , Yuan Yao 1 , Yayuan Xiong 1 , Fengyuan Xu 1 , HaoyuWang 3 , Peng Gao 4 , Zhuotao Liu 5 , Feng Xu 1 , Jian Lu 1 1 Nanjing University 2 Case Western Reserve University 3 Beijing University of Posts and Telecommunications 4 University of California, Berkeley 5 University of Illinois at Urbana-Champaign ∗ The first two authors contributed equally to this research DeepIntent - CCS 2019

  2. Outline • Background and Motivation • DeepIntent Approach – Icon Widget Analysis – Deep Icon-Behavior Learning – Detecting Intention-Behavior Discrepancy • Experiments • Conclusions DeepIntent - CCS 2019 1

  3. Outline • Background and Motivation • DeepIntent Approach – Icon Widget Analysis – Deep Icon-Behavior Learning – Detecting Intention-Behavior Discrepancy • Experiments • Conclusions DeepIntent - CCS 2019 2

  4. Mobile Apps • Mobile apps are playing an increasingly important role – E.g., travel, education, business • Many apps access sensitive data to meet users’ needs – E.g., camera, location, microphone • However, malicious apps may also illegally collect sensitive data – E.g., exploiting users’ private resources for advertising DeepIntent - CCS 2019 3

  5. Detecting Undesired Behaviors of Apps • Industry: permission-based access control [statista. 2017] – Cons: Difficult to decide when to use the permission • Research: undesired behavior patterns [Huang et al. USENIX Security’15, Nan et al. USENIX Security’15] – Cons: Only capture a fixed set of undesired behaviors Our observation : the UI intentions perceived by users and the undesired behaviors of apps are usually incompatible DeepIntent - CCS 2019 4

  6. Intentions and Behaviors • App's intentions to use sensitive data are often expressed via UI widgets – Mainly through icons and texts • App’s behaviors are performed by program executions – Thousands of APIs, but mainly summarized using permissions DeepIntent - CCS 2019 5

  7. Detecting Intention-Behavior Discrepancy UI Widgets Intention ✔ CALL dial a number Behavior CALL ✔ CALL call permission NONE timing filter icons texts • What are the intentions expressed from icons and contextual texts? • What are the behaviors the Apps really perform? • Are the behaviors compatible with the intentions? 6 DeepIntent - CCS 2019

  8. Challenges • C1 : UI widgets’ intentions – Difficult for computers to understand – Lack of modeling joint semantics • C2 : Program behaviors – Difficult for precise analysis – E.g., handlers, multi-threading, ICC • C3 : Discrepancies – Difficult to correlate intentions and behaviors DeepIntent - CCS 2019 7

  9. Insights • I1 : Same type of sensitive behavior should have similar looks, e.g., to be evident to users – Deep learning to identify similar UI widgets • I2 : Permission uses can be extracted by analyzing the source code of apps – Static analysis to map permissions t0 widgets • I3 : Undesired behaviors usually contradict users expected specific looks – Outlier analysis to detect undesired behaviors DeepIntent - CCS 2019 8

  10. Outline • Background and Motivation • DeepIntent Approach – Icon Widget Analysis – Deep Icon-Behavior Learning – Detecting Intention-Behavior Discrepancy • Experiments • Conclusions DeepIntent - CCS 2019 9

  11. Overview of DeepIntent Icon Widget Analysis Icon-Behavior Icon-Permission Association Mappings Deep Icon- Behavior Training Learning APKs Contextual Contextual Texts Text Extraction for Icons Detecting Intention-Behavior Discrepancy Icon-Behavior Behavior Outlier APK Model Prediction Detection Predicted Abnormal Permission Permission Use Use DeepIntent - CCS 2019 10

  12. Overview of DeepIntent Icon Widget Analysis Icon-Behavior Icon-Permission Association Mappings Deep Icon- Behavior Training Learning APKs Contextual Contextual Texts Text Extraction for Icons Detecting Intention-Behavior Discrepancy Icon-Behavior Behavior Outlier APK • Phase 1: Icon Widget Analysis Model Prediction Detection – Program analysis to extract features (i.e., icons and texts) and labels (i.e., permission uses) of icon widgets Predicted Abnormal Permission Permission Use Use DeepIntent - CCS 2019 11

  13. Overview of DeepIntent Icon Widget Analysis Icon-Behavior Icon-Permission Association Mappings Deep Icon- Behavior Training Learning APKs Contextual Contextual Texts Text Extraction for Icons Detecting Intention-Behavior Discrepancy • Phase 2: Deep Icon-Behavior Learning Icon-Behavior Behavior Outlier APK – Training icon-behavior model based on both icons and Model Prediction Detection their contextual texts, and the corresponding behaviors, i.e., permission uses Predicted Abnormal Permission Permission Use Use DeepIntent - CCS 2019 12

  14. Overview of DeepIntent Icon Widget Analysis • Phase 3: Detecting Intention-Behavior Discrepancy Icon-Behavior Icon-Permission Association Mappings Deep Icon- – Predicts permission uses for icon widgets, and detects Behavior Training abnormal permission uses Learning APKs Contextual Contextual Texts Text Extraction for Icons Detecting Intention-Behavior Discrepancy Icon-Behavior Behavior Outlier APK Model Prediction Detection Predicted Abnormal Permission Permission Use Use DeepIntent - CCS 2019 13

  15. Phase 1: Icon-Behavior Analysis Icon-Widget Association Icon- API Permission Widget-API APK Permission Checking Association Checking Extended Call Graph Construction • Icon-Widget Association • Extended Call Graph Construction • API Permission Checking • Contextual Texts Extraction for Icons DeepIntent - CCS 2019 14

  16. Icon-Widget Association • Associate the UI widgets with icons, i.e., drawable objects – Layout file: XML parsing – Source code: data flow analysis UI Widget Icon UI layout • Adopt static analysis [Xiao et al. ICSE’19] to associate icons and UI widgets DeepIntent - CCS 2019 15

  17. Extended Call Graph Construction • Associate the UI widgets with behaviors, i.e., API calls – Build call graph and patch missing links UI Widget Links Implicit caller and callee pairs captured, except for ICC methods DeepIntent - CCS 2019 16

  18. API Permission Checking • Adopt PScout mapping [Kathy et al. CCS’12] • Output the association between each icon and a set of permissions • Allow one to many mapping – An icon can invoke one or more sensitive APIs – A sensitive API maps to multiple permissions CALL CAMERA MICROPHONE permission permission permission DeepIntent - CCS 2019 17

  19. Contextual Texts Extraction for Icons • Similar icons may reflect different intentions in different UI contexts • Contextual texts – Layout texts that contained in the XML layout files – Icon-embedded texts – Resource names split by variable naming conventions DeepIntent - CCS 2019 18

  20. Phase 2: Deep Icon-Behavior Learning Icon Feature Icon Extraction Feature Behavior Combination Prediction Text Feature Text Learning Extraction Permissions • Icon Feature Extraction • Text Feature Extraction • Feature Combination • Training Icon-Behavior Model DeepIntent - CCS 2019 19

  21. Icon Feature Extraction • CNNs, e.g., DenseNet [Huang et al. CVPR’17] , are successfully used in image recognition and model the icons • Adopt DenseNet with 4 𝑣 channels ( RGBA ) Convolution 𝑔 …… & – 4 dense blocks and 3 transition Input ×3 Icon – Resize icons to 128 * 128 Dense Transition Dense Block Layer Block – Output with 16 * 16 regions DenseNet 𝒈 𝒗 = 𝑬𝒇𝒐𝒕𝒇𝑶𝒇𝒖(𝒗) DeepIntent - CCS 2019 20

  22. Text Feature Extraction • RNNs [Yang et al. NAACL’16] have been successfully applied in various natural language tasks, e.g., textual classification • Bidirectional RNNs 𝑤 send – Embed each word into vector with Embedding sms 𝑔 100 dimension 3 normal – Adopt GRU neurons text – Max length is 20 Input Text Bidirectional RNN 𝒊 𝒋 = 𝑯𝑺𝑽(𝒘 𝒋 , 𝒊 𝒋@𝟐 ) 𝒈 𝒘 = [𝒊 𝟐 , 𝒊 𝟑 , … , 𝒊 𝑶 ] 𝒊 𝒋 = [𝒊 𝒋 , 𝒊 𝒋 ] 𝒊 𝒋 = 𝑯𝑺𝑽(𝒘 𝒋 , 𝒊 𝒋@𝟐 ) DeepIntent - CCS 2019 21

  23. Feature Combination • Intuition – Icon and its text could be semantically correlated – Simultaneously update the icon features and the text features can capture the correlations • Co-Attention [Lu et al. NeurIPS’16, 𝑔 … & 𝐷 B 𝑔 𝑔 & Zhang et al. AAAI’19] B – Compute correlation matrix 𝑔 3 𝑔 3 …… – Transfer the features for each other Icon Feature Co-Attention and Text Feature 𝑵 𝑰 𝒗 = 𝒖𝒃𝒐𝒊(𝑿 𝒗 𝒈 𝒗 + 𝑿 𝒘 𝒈 𝒘 𝑫) 𝒋 𝒈 𝒗 M 𝒈 = M 𝒈 𝒗 + M 𝑼 𝑿 𝒅 𝒈 𝒗 ) 𝒋 𝑫 = 𝒖𝒃𝒐𝒊(𝒈 𝒘 𝒈 𝒗 = N 𝒃 𝒗 𝒈 𝒘 𝒃 𝒗 = 𝒕𝒑𝒈𝒖𝒏𝒃𝒚(𝑿 𝒊 𝑰 𝒗 ) 𝒋O𝟏 DeepIntent - CCS 2019 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Detecting Similar ID Documents Using Deep Learning Burkay Gur QCon.ai, Apr 2018 Our mission is

Detecting Similar ID Documents Using Deep Learning Burkay Gur QCon.ai, Apr 2018 Our mission is

Detecting Similar ID Documents Using Deep Learning Burkay Gur QCon.ai, Apr 2018 Our mission is to create an open financial system for the world Risk & Data What do we do? - Limit Coinbases exposure to risk - Fight Identity

136 views • 13 slides
Mylobot, Detecting the Undetected Using Deep Learning Yael Daihes 02 WHO AM I Yael Daihes

Mylobot, Detecting the Undetected Using Deep Learning Yael Daihes 02 WHO AM I Yael Daihes

01 Mylobot, Detecting the Undetected Using Deep Learning Yael Daihes 02 WHO AM I Yael Daihes Security Data Science Team Lead @ Akamai Technologies My things - Botnets, Traffic, Data, Algorithms, Reading, Painting and a bit of Gaming (:

533 views • 42 slides
Towards Detecting Stealthy Attacks in Power Grid using Deep Learning Mohammad Ashrafuzzaman,

Towards Detecting Stealthy Attacks in Power Grid using Deep Learning Mohammad Ashrafuzzaman,

Towards Detecting Stealthy Attacks in Power Grid using Deep Learning Mohammad Ashrafuzzaman, Yacine Chakhchoukh and Frederick T. Sheldon Departments of Computer Science and Electrical & Computer Engineering, University of Idaho, Moscow

425 views • 20 slides
Challenges in Vessel Behavior and Anomaly Detection: From Classical Machine Learning to Deep

Challenges in Vessel Behavior and Anomaly Detection: From Classical Machine Learning to Deep

Challenges in Vessel Behavior and Anomaly Detection: From Classical Machine Learning to Deep Learning Lucas May Petry 1 , Amilcar Soares 2 , Vania Bogorny 1 , Bruno Brandoli 2 , Stan Matwin 2 1 Programa de Ps-Graduao em Cincias da

1.26k views • 16 slides
A Deep Learning-based approach to VM behavior identification in cloud systems Matteo Stefanini,

A Deep Learning-based approach to VM behavior identification in cloud systems Matteo Stefanini,

A Deep Learning-based approach to VM behavior identification in cloud systems Matteo Stefanini, Riccardo Lancellotti, Lorenzo Baraldi, Simone Calderara University of Modena and Reggio Emilia Department of engineering Enzo Ferrari CLOSER

180 views • 16 slides
Runtime Behavior via Deep Sequence Learning Stephen Zekany Daniel Rings Nathan Harada Michael

Runtime Behavior via Deep Sequence Learning Stephen Zekany Daniel Rings Nathan Harada Michael

CrystalBall: Statically Analyzing Runtime Behavior via Deep Sequence Learning Stephen Zekany Daniel Rings Nathan Harada Michael A. Laurenzano Lingjia Tang Jason Mars Introduction Why analyze runtime behavior? How to analyze it for

494 views • 17 slides
ICON 8B ICON 8B MRC Clinical Trials Unit at UCL ICON 8B ICON 8B Accrual began 06/06/2011

ICON 8B ICON 8B MRC Clinical Trials Unit at UCL ICON 8B ICON 8B Accrual began 06/06/2011

ICON 8B ICON 8B MRC Clinical Trials Unit at UCL ICON 8B ICON 8B Accrual began 06/06/2011 and ICON8 pathway closed to recruitment 28/11/2014 Final recruitment figure = 1566 UK= 1397, ANZGOG= 70, GICOM= 43, KGOG= 32, ICORG= 24 MRC

301 views • 6 slides
ICON 8B ICON 8B MRC Clinical Trials Unit at UCL ICON 8B ICON 8B Accrual began 06/06/2011

ICON 8B ICON 8B MRC Clinical Trials Unit at UCL ICON 8B ICON 8B Accrual began 06/06/2011

ICON 8B ICON 8B MRC Clinical Trials Unit at UCL ICON 8B ICON 8B Accrual began 06/06/2011 and ICON8 pathway closed to recruitment 28/11/2014 Final recruitment figure = 1566 UK= 1397, ANZGOG= 70, GICOM= 43, KGOG= 32, ICORG= 24 MRC

227 views • 5 slides
An Exponential LR Schedule for Deep Learning An Exponential LR Schedule for Deep Learning

An Exponential LR Schedule for Deep Learning An Exponential LR Schedule for Deep Learning

An Exponential LR Schedule for Deep Learning An Exponential LR Schedule for Deep Learning (Strange Behavior of Normalization Layers) (Strange Behavior of Normalization Layers) Zhiyuan Li Zhiyuan Li Sanjeev Arora Sanjeev Arora Princeton

161 views • 12 slides
Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks Matthew V.

Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks Matthew V.

Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks Matthew V. Mahoney Philip K. Chan Intrusion Detection Systems. Is data x hostile? Signature - models known hostile behavior: P( x |attack) Good: low

237 views • 22 slides
Hao Su July 6, 2017 Outline Overview of 3D deep learning 3D deep learning algorithms

Hao Su July 6, 2017 Outline Overview of 3D deep learning 3D deep learning algorithms

Deep 3D Representation Learning for Visual Computing Hao Su July 6, 2017 Outline Overview of 3D deep learning 3D deep learning algorithms Conclusion 2 Outline Overview of 3D deep learning Background 3D deep learning tasks 3D deep

1.66k views • 122 slides
ACCELERATE DEEP LEARNING WITH NVIDIA'S DEEP LEARNING PLATFORM | STEPHEN JONES | GTC16 DEEP

ACCELERATE DEEP LEARNING WITH NVIDIA'S DEEP LEARNING PLATFORM | STEPHEN JONES | GTC16 DEEP

ACCELERATE DEEP LEARNING WITH NVIDIA'S DEEP LEARNING PLATFORM | STEPHEN JONES | GTC16 DEEP LEARNING EVERYWHERE INTERNET & CLOUD MEDICINE & BIOLOGY MEDIA & ENTERTAINMENT SECURITY & DEFENSE AUTONOMOUS MACHINES Image

307 views • 26 slides
Detecting and Localizing Anomalous Behavior to Discover Failures in Component-Based Internet

Detecting and Localizing Anomalous Behavior to Discover Failures in Component-Based Internet

Detecting and Localizing Anomalous Behavior to Discover Failures in Component-Based Internet Services Emre Kcman and Armando Fox {emrek, fox}@cs.stanford.edu 16th December 2003 Abstract mittently unavailable to end-users. Our conversations

804 views • 14 slides
Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice

Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice

Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice Scaling up DL 2 What is Deep Learning? 3 DEEP LEARNING EVERYWHERE INTERNET & CLOUD MEDICINE & BIOLOGY SECURITY & DEFENSE MEDIA &

1.45k views • 39 slides
3. Behavioral Perspective of Learning Behavior: Big Questions Is learning just a change of

3. Behavioral Perspective of Learning Behavior: Big Questions Is learning just a change of

3. Behavioral Perspective of Learning Behavior: Big Questions Is learning just a change of behavior? Can learning happen without intent? Can new behavior be shaped by manipulating the environment? 3.1 Classical

848 views • 37 slides
Reproducibility and Replicability in Deep Reinforcement Learning (and Other Deep Learning

Reproducibility and Replicability in Deep Reinforcement Learning (and Other Deep Learning

Reproducibility and Replicability in Deep Reinforcement Learning (and Other Deep Learning Methods) Peter Henderson Statistical Society of Canada Annual Meeting 2018 Contributors Riashat Islam Phil Bachman Doina Precup David Meger Joelle

850 views • 37 slides
Content-Centric Networking at Internet Scale through The Integration of Name Resolution and

Content-Centric Networking at Internet Scale through The Integration of Name Resolution and

Content-Centric Networking at Internet Scale through The Integration of Name Resolution and Routing J. J. Garcia-Luna-Aceves UCSC/Xerox PARC Overview q Routing to names is not better than routing to addresses in a content-centric network q

559 views • 22 slides
Case Study: Bayesian Linear Regression and Sparse Bayesian Models Piyush Rai Dept. of CSE, IIT

Case Study: Bayesian Linear Regression and Sparse Bayesian Models Piyush Rai Dept. of CSE, IIT

Case Study: Bayesian Linear Regression and Sparse Bayesian Models Piyush Rai Dept. of CSE, IIT Kanpur (Mini-course: lecture 2) Nov 05, 2015 Piyush Rai (IIT Kanpur) Bayesian Linear Regression and Sparse Bayesian Models 1 Recap Piyush Rai

1.13k views • 72 slides
Week 5 Video 2 Relationship Mining Causal Mining Causal Data Mining These slides developed in

Week 5 Video 2 Relationship Mining Causal Mining Causal Data Mining These slides developed in

Week 5 Video 2 Relationship Mining Causal Mining Causal Data Mining These slides developed in partnership with Stephen Fancsali, Carnegie Learning, Inc. Causal Data Mining Distinct from prediction or correlation mining The goal is not

490 views • 33 slides
CSC2541: Differentiable Inference and Generative Models Lecture 2: Variational autoencoders

CSC2541: Differentiable Inference and Generative Models Lecture 2: Variational autoencoders

CSC2541: Differentiable Inference and Generative Models Lecture 2: Variational autoencoders Admin: TAs: Tony Wu (ywu@cs.toronto.edu) Kamal Rai (kamal.rai@mail.utoronto.ca) Extra seminar: Model-based Reinforcement learning

268 views • 22 slides
Bailouts, Time Inconsistency, and Optimal Regulation V. V. Chari University of Minnesota and

Bailouts, Time Inconsistency, and Optimal Regulation V. V. Chari University of Minnesota and

Bailouts, Time Inconsistency, and Optimal Regulation V. V. Chari University of Minnesota and Federal Reserve Bank of Minneapolis Patrick Kehoe Federal Reserve Bank of Minneapolis, University of Minnesota, and Princeton University

713 views • 29 slides
Multiobjective Parameter Optimization of Elliptic PDEs using the Reduced Basis Method S.

Multiobjective Parameter Optimization of Elliptic PDEs using the Reduced Basis Method S.

Multiobjective Parameter Optimization of Elliptic PDEs using the Reduced Basis Method S. Banholzer, B. Gebken, M. Dellnitz, S. Peitz, S. Volkwein University of Konstanz / Paderborn University Workshop: New trends in PDE constrained optimization

652 views • 61 slides
Scientific Computing Maastricht Science Program Week 1 Frans Oliehoek

Scientific Computing Maastricht Science Program Week 1 Frans Oliehoek

Scientific Computing Maastricht Science Program Week 1 Frans Oliehoek <frans.oliehoek@maastrichtuniversity.nl> Good Choice! Let me start: Congratulations! There is virtually no branch of science that can do without scientific

959 views • 67 slides
International Development Working Group SONAL SHAH Beeck Center For Social Impact And Innovation

International Development Working Group SONAL SHAH Beeck Center For Social Impact And Innovation

Lessons from the Social Impact Investment Taskforce: International Development Working Group SONAL SHAH Beeck Center For Social Impact And Innovation RITA PERAKIS Center For Global Development NOVEMBER 24, 2014 Introduction to Working Group

460 views • 17 slides

More recommend