neural augmented static analysis of android communication
play

Neural-Augmented Static Analysis of Android Communication Jinman - PowerPoint PPT Presentation

Dec 15, 2023 •452 likes •850 views

Neural-Augmented Static Analysis of Android Communication Jinman Zhao , Aws Albarghouthi, Vaibhav Rastogi, Somesh Jha, Damien Octeau University of Wisconsin-Madison, Google Use machine learning Key Idea to refine results from static

  1. Neural-Augmented Static Analysis of Android Communication Jinman Zhao , Aws Albarghouthi, Vaibhav Rastogi, Somesh Jha, Damien Octeau University of Wisconsin-Madison, Google

  2. Use machine learning Key Idea to refine results from static analysis.

  3. Static Analysis: False Positives Program & Property Static Analyzer Must True Unsure... Must False False Positives Ranking problem

  4. Machine Learning to Augment Program & Property Static Analyzer Must True Likelihood ∈ [0, 1] Unsure... Must False Train Model Predict

  5. Link Inference for Android Communication Inter-Component Communication Links Program & Property Static Analyzer Must True May Must False Must True Likelihood ∈ [0, 1] Must False Links Links Links Train Model Predict

  6. Task Link Inference in Android Communication

  7. Android ICC: A User’s Experience (xxx) xxx-xxxx Restaurant Malicious APP 1234 Alice St. Orlando, FL Send a message I’d like to make a reservation ... Inter-Component Intent Component Communication w/ Filter

  8. Android ICC: An Example Code View (part of) the resolution logic Intent ICC link? Yes! Filter

  9. (Bigger part of) the resolution logic (Octeau et al., POPL’16)

  10. Previous Work: PRIMO PRIMO (Octeau et al., POPL’16) uses a hand-crafted ● probabilistic model that assigns probabilities to ICC links inferred by static analysis. Laborious, error-prone and requiring expert domain knowledge. ○ Difficulty catching up with constantly evolving Android system. ○

  11. Questions

  12. #1 How can we triage may links with minimal expert domain knowledge? Neural networks.

  13. #2 How can we process inputs of complex data types in a systematic way? Type-directed encoder.

  14. #3 How do our models perform? Very good!

  15. #4 Are the models learning the right things? Seems like so.

  16. We are not trying to… We are trying to… Propose new NN Propose systematic way ● ● module to construct NN Eliminate use of domain Provide decent ● ● knowledge performance without Rule out manual effort expert knowledge ● Use less labour with ● more automation

  17. How can we triage may Approach links with minimal expert domain knowledge? Part 1

  18. Link-Inference Neural Network LINN: An end-to-end encoder-and-classifier architecture. Must Train Model True Links [0,1] May Classifier Links Predict Encoder Encoder Must True Intent Filter Links

  19. How can we process inputs Approach of complex data types in a systematic way? Part 2

  20. Model [0,1] Classifier Encoder Encoder Intent Filter

  21. Type-Directed Encoder TDE: mapping type signature to neural network architecture. Rules Instan TDE Input Type TDE tiation Template Type signature Neural network Neural network template

  22. An example: Encoding Product Types Instance t := (a, b) t-en : R l Type T := tuple(A, B) encT comb R n ⨉ R m ➝ R l a-en : R n b-en : R m encA encB encA encB a : A b : A t : T

  23. Rules for type-directed encoding

  24. Android ICC: Our Abstraction intent Type signatures tuple Intent intent := tuple(act, cats) act cats Action act := optional(string) Categories cats := set(string) optional set Filter filter := tuple(acts, cats) string string Actions acts := set(string) list Categories cats := set(string) list char char

  25. Type-Directed Encoder intent-en intent comb act-en cats-en tuple act cats union aggr Rules optional set str-en str-en string string flat flat list char-en list char-en char char enum enum char char Type signature Neural network template

  26. Type-Directed Encoder: Instantiation intent-en comb TreeLSTM act-en cats-en union aggr switch TreeLSTM Instantiation str-en str-en flat flat CNN CNN char-en char-en enum enum lookup lookup char char Neural network Neural network template ( typed-tree )

  27. Type-Directed Encoder: Instantiation intent-en comb concat act-en cats-en union aggr switch max Instantiation str-en str-en flat flat RNN RNN char-en char-en enum enum lookup lookup char char Neural network Neural network template ( str-rnn )

  28. A systematic way to build and explore structured NN.

  29. Are our models correctly Experiments predicting links?

  30. Setup ● Dataset of 10,500 Android APPs from Google Play. ● IC3 (Octeau et al., ICSE’15) for static analysis. ● PRIMO’s abstract matching for may/must partition. ● Simulated ground truth for may links. ● 4 instantiations of the TDE architecture. # pairs # positive # negative training set 105,108 63,168 41,940 testing set 43,680 29,260 14,420

  31. All instantiated models perform as good as PRIMO.

  32. Correlation Our best model ( typed-tree ) fills the correlation gap by 72% compared to PRIMO despite the harder setting.

  33. More Results for Our Best Model ROC (left) and the distribution of predicted likelihood (right) from typed-tree model. Distribution Correlation

  34. How do we know the model Interpretability is learning the right thing?

  35. Sensitivity to Masking Picking distinctive values Ignoring less useful parts

  36. default Learned Encodings (.*) Semantically closer values receive more similar encodings. None Visualized by t-SNE.

  37. ● Neural-augmented static analysis ● Type-directed encoder Conclusion ● Increased accuracy with less domain knowledge ● Interpretability study

  38. ● Apply to other analysis tasks Future Works ● Push machine learning into static analysis procedure

  39. Thanks for listening! Q & A

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

I NTELLI D ROID A Targeted Input Generator for the Dynamic Analysis of Android Malware Michelle Y. Wong and David Lie University of Toronto Department of Electrical and Computer Engineering NDSS Symposium 2016 ! ! ! B ACKGROUND Static vs.

1.02k views • 32 slides
Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al

Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al

Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al [FSE 14] Presented by Maaz Ahmad The Malware Problem (Feb, 2015) Motive Security Labs estimates 16 million infected mobile devices. [1]

828 views • 30 slides
Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And

Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And

Android Framework Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android Alexandre Bartel University of Luxembourg September 8, 2014 Supervisor: Yves Le Traon Advisors:

992 views • 77 slides
Kotlin Static Analysis with Android Lint Tor Norbye @tornorbye Outline Lint Philosophy

Kotlin Static Analysis with Android Lint Tor Norbye @tornorbye Outline Lint Philosophy

Kotlin Static Analysis with Android Lint Tor Norbye @tornorbye Outline Lint Philosophy Lint Features How to write a lint check Basics Testing Kotlin Lint Infrastructure Features Gotchas Futures Android Lint

1.79k views • 137 slides
Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android

Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android

Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android Applications Daniele Gallingani, Rigel Gjomemo , V.N. Venkatakrishnan, Stefano Zanero Android Message Passing Mechanism Android apps are composed of

566 views • 23 slides
Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting insights at compile time Full branch coverage Terminates Doesnt rely on a test suite Types are static analysis. Lets talk about

784 views • 39 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
Static Analysis for Secure Development Introduction Static analysis : What , and why ?

Static Analysis for Secure Development Introduction Static analysis : What , and why ?

Static Analysis for Secure Development Introduction Static analysis : What , and why ? Basic analysis ! Example : Flow analysis ! Increasing precision ! Context -, flow -, and path sensitivity Scaling it up !

527 views • 27 slides
The Potential of Memory Augmented Neural Networks Dalton Caron Montana Technological University

The Potential of Memory Augmented Neural Networks Dalton Caron Montana Technological University

The Potential of Memory Augmented Neural Networks Dalton Caron Montana Technological University November 15, 2019 Overview Review of Perceptron and Feed Forward Networks Recurrent Neural Networks Neural Turing Machines

1.27k views • 57 slides
1 Analysis Information Where Do Facts Hold? How much information depends on the client

1 Analysis Information Where Do Facts Hold? How much information depends on the client

711? CS711 Advanced Programming Languages Topics in Program Analysis Radu Rugina Fall 2005 CS711 Overview 2 Program Analysis Static vs. Dynamic Static analysis: inspect programs at compile-time Static analysis: Work done at

282 views • 4 slides
A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical

A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical

A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical problem and how to ignore it An example static analysis What is static analysis used for? Commercial successes Free static analysis tools you should

488 views • 37 slides
Static Analysis Static Analysis they are read? Will the current value of a variable ever be

Static Analysis Static Analysis they are read? Will the current value of a variable ever be

Interesting Questions Interesting Questions Is every statement reachable? Does every non- void method return a value? Compilation 2007 Compilation 2007 Will local variables definitely be assigned before Static Analysis Static

169 views • 13 slides
Locus Innovative Augmented Reality Communication Overview Locus is an augmented reality app

Locus Innovative Augmented Reality Communication Overview Locus is an augmented reality app

Locus Innovative Augmented Reality Communication Overview Locus is an augmented reality app that allows its users to write text in real world locations It superimposes your stylized text messages onto the real world in which: Anybody

649 views • 6 slides
Portfolio of Work (9 pages) T H E N E X T R E V O L U T I O N I N R E T A I L AUGMENTED

Portfolio of Work (9 pages) T H E N E X T R E V O L U T I O N I N R E T A I L AUGMENTED

T H E N E X T R E V O L U T I O N I N R E T A I L AUGMENTED REALITY (AR) What is Augmented Reality Augmented Leads in Technology Visual Methodology Augmented Reality Forecast Multi-sided Marketing Model

280 views • 25 slides
Static and dynamic verification Software inspections Concerned with analysis of the static

Static and dynamic verification Software inspections Concerned with analysis of the static

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis Software

430 views • 12 slides
CuriousDroid: Automated User Interface Interaction for Android Application Analysis

CuriousDroid: Automated User Interface Interaction for Android Application Analysis

CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, Engin Kirda 02/23/2016 Android 2015 Q3 Market Share Android iOS

774 views • 26 slides
Who are we? Key project of the International Chamber of Commerce (ICC) the worlds business

Who are we? Key project of the International Chamber of Commerce (ICC) the worlds business

Who are we? Key project of the International Chamber of Commerce (ICC) the worlds business organization - Established to promulgate international rules with unrivalled authority in governing business - Network of over 6.5 million

259 views • 14 slides
Context for Efficient Recognition from Large-Scale Topographic Map Series Johannes H. Uhl 1

Context for Efficient Recognition from Large-Scale Topographic Map Series Johannes H. Uhl 1

ICC 2017 Washington D.C, USA July 02-07, 2017 Implementing the Concept of Geographic Context for Efficient Recognition from Large-Scale Topographic Map Series Johannes H. Uhl 1 Research Team: Stefan Leyk 1 , Yao-Yi Chiang 2 , Weiwei Duan 3 ,

1.25k views • 87 slides
The Random In Intercept Model PSYC 575 August 6, 2020 (updated: 29 August 2020) Week Learning

The Random In Intercept Model PSYC 575 August 6, 2020 (updated: 29 August 2020) Week Learning

The Random In Intercept Model PSYC 575 August 6, 2020 (updated: 29 August 2020) Week Learning Objectives Explain the components of a random intercept model Interpret intraclass correlations Use the design effect to decide whether MLM

506 views • 48 slides
Introduction to Game Theory Part II Tyler Moore Computer Science & Engineering Department,

Introduction to Game Theory Part II Tyler Moore Computer Science & Engineering Department,

Notes Introduction to Game Theory Part II Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX Slides are modified from version written by Benjamin Johnson, UC Berkeley November 13, 2012 Miscellania Coordination games

345 views • 6 slides
Wendy Thompson Fast, Consolidated Companies Carol Mattey, Mattey Consulting LLC September 18,

Wendy Thompson Fast, Consolidated Companies Carol Mattey, Mattey Consulting LLC September 18,

Ken Pfister, Great Plains Communications Wendy Thompson Fast, Consolidated Companies Carol Mattey, Mattey Consulting LLC September 18, 2018 1 Budget Changes with Inflation Assuming inflation consistent with $3,000 historical average,

139 views • 10 slides
Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications Amiangshu

Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications Amiangshu

Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications Amiangshu Bosu, Fang Liu, Danfeng (Daphne) Yao, & Gang Wang http://mashable.com/2013/10/30/department-of-defense-app-store/#iJuBpfyLJaq4

466 views • 29 slides
Combined Iterative and Model-driven Optimization in an Automatic Parallelization Framework

Combined Iterative and Model-driven Optimization in an Automatic Parallelization Framework

Combined Iterative and Model-driven Optimization in an Automatic Parallelization Framework Louis-Nol Pouchet 1 Uday Bondhugula 2 Cdric Bastoul 3 Albert Cohen 3 J. Ramanujam 4 P . Sadayappan 1 1 The Ohio State University 2 IBM T.J. Watson

490 views • 30 slides
IMSI-Catch Me If You Can: IMSI-Catcher-Catchers Adrian Dabrowski, Nicola Pianta, Thomas Klepp

IMSI-Catch Me If You Can: IMSI-Catcher-Catchers Adrian Dabrowski, Nicola Pianta, Thomas Klepp

IMSI-Catch Me If You Can: IMSI-Catcher-Catchers Adrian Dabrowski, Nicola Pianta, Thomas Klepp Martin Mulazzani, Edgar Weippl CS 598 AB Fall 2016 November 10 Presented by: Simon Kim 1 IMSI Catcher 2 IMSI Catcher MITM fake base station

354 views • 22 slides

More recommend