Publications

All BlueSeal publications that have been released thus far

Android Malware Detection using Complex-Flows

Authors:Feng Shen, Justin Del Vecchio, Aziz Mohaisen, Steven Y Ko, Lukasz Ziarek

Proceeding of the 37th IEEE International Conference on Distributed Computing Systems(ICDCS), 2017
This paper proposes a new technique to detect mobile malware based on information flow analysis. Our approach examines the structure of information flows to identify patterns of behavior present in them and which flows are related, those that share partial computation paths. We call such flows Complex-Flows, as their structure, patterns, and relations accurately capture the complex behavior exhibited by both recent malware and benign applications. {N-gram analysis} is used to identify unique and common behavioral patterns present in Complex-Flows. The N-gram analysis is performed on sequences of API calls that occur along Complex-Flows' control flow paths. We show the precision of our technique by applying it to four different data sets totaling 8,598 apps. These data sets consist of both recent and older generation benign and malicious apps to demonstrate the effectiveness of our approach across different generations of apps.

String Analysis of Android Applications

Authors:Justin Del Vecchio, Feng Shen, Kenny M Yee, Boyu Wang, Steven Y Ko, Lukasz Ziarek

Proceeding of the 30th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2015 (New Ideas Track)
The desire to understand mobile applications has resulted in researchers adapting classical static analysis techniques to the mobile domain. Examination of data and control flows in Android apps is now a common practice to classify them. Important to these analyses is a fine-grained examination and understanding of strings, since in Android they are heavily used in intents, URLs, reflection, and content providers. Rigorous analysis of string creation, usage, and value characteristics offers additional information to increase precision of app classification. This paper shows that inter-procedural static analysis that specifically targets string construction and usage can be used to reveal valuable insights for classifying Android apps. To this end, we first present case studies to illustrate typical uses of strings in Android apps. We then present the results of our analysis on real-world malicious and benign apps. Our analysis examines how strings are created and used for URL objects, Java reflection, and Android intents, and infers the actual string values used as much as possible. Our results demonstrate that string disambiguation based on creation, usage, and value indeed provides additional information that may be used to improve precision of classifying application behaviors.

Information Flows as a Permission Mechanism

Authors: Feng Shen, Namita Vishnubhotla, Chirag Todarka, Mohit Arora, Babu Dhandapani, Eric John Lehner, Steven Y. Ko, Lukasz Ziarek

Proceeding of the 29th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2014
This project proposes Flow Permissions, an extension to the Android permission mechanism. Unlike the existing permission mechanism, designed to regulate the access to protected APIs, our permission mechanism contains semantic information based on information flows. Flow Permissions allow users to examine and grant explicit information flows within an application (e.g., a permission for reading the phone number and sending it over the network) as well as implicit information flows across multiple applications (e.g., a permission for reading the phone number and sending it to another application already installed on the user’s phone). Our goal with Flow Permissions is to provide visibility into the holistic behavior of the applications installed on a user’s phone. Our evaluation compares our approach to dynamic flow tracking techniques; our results with 600 popular applications and 1,200 malicious applications show that our approach is practical, has high coverage, and is effective in deriving Flow Permissions statically.

Flow Permissions for Android

Authors: Shashank Holavanalli, Don Manuel, Vishwas Nanjundaswamy, Brian Rosenberg, Feng Shen, Steven Y. Ko, Lukasz Ziarek

Proceeding of the 28th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2013 (New Ideas Track)
This paper proposes Flow Permissions, an extension to the Android permission mechanism. Unlike the existing permission mechanism our permission mechanism contains semantic information based on information flows. Flow Permissions allow users to examine and grant explicit information flows within an application (e.g., a permission for reading the phone number and sending it over the network) as well as implicit information flows across multiple applications (e.g., a permission for reading the phone number and sending it to another application already installed on the user’s phone). Our goal with Flow Permissions is to provide visibility into the holistic behavior of the applications installed on a user’s phone. Our evaluation compares our approach to dynamic flow tracking techniques; our results with 600 popular applications and 1,200 malicious applications show that our approach is practical and effective in deriving Flow Permissions statically.