AnFlo: Detecting anomalous sensitive information flows in Android apps
Smartphone apps usually have access to sensitive user data such as contacts, geo-location, and account credentials and they might share such data to external entities through the Internet or with other apps. Confidentiality of user data could be breached if there are anomalies in the way sensitive d...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2018
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/4775 https://ink.library.smu.edu.sg/context/sis_research/article/5778/viewcontent/mobilesoft2018.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-5778 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-57782020-06-09T04:00:34Z AnFlo: Detecting anomalous sensitive information flows in Android apps DEMISSIE, Biniam Fisseha CECCATO, Mariano SHAR, Lwin Khin Smartphone apps usually have access to sensitive user data such as contacts, geo-location, and account credentials and they might share such data to external entities through the Internet or with other apps. Confidentiality of user data could be breached if there are anomalies in the way sensitive data is handled by an app which is vulnerable or malicious. Existing approaches that detect anomalous sensitive data flows have limitations in terms of accuracy because the definition of anomalous flows may differ for different apps with different functionalities; it is normal for “Health” apps to share heart rate information through the Internet but is anomalous for “Travel” apps. In this paper, we propose a novel approach to detect anomalous sensitive data flows in Android apps, with improved accuracy. To achieve this objective, we first group trusted apps according to the topics inferred from their functional descriptions. We then learn sensitive information flows with respect to each group of trusted apps. For a given app under analysis, anomalies are identified by comparing sensitive information flows in the app against those flows learned from trusted apps grouped under the same topic. In the evaluation, information flow is learned from 11,796 trusted apps. We then checked for anomalies in 596 new (benign) apps and identified 2 previously-unknown vulnerable apps related to anomalous flows. We also analyzed 18 malware apps and found anomalies in 6 of them. 2018-05-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4775 info:doi/10.1145/3197231.3197238 https://ink.library.smu.edu.sg/context/sis_research/article/5778/viewcontent/mobilesoft2018.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Android apps Geolocations Heart rates Information flows Sensitive data Smartphone apps Databases and Information Systems Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Android apps Geolocations Heart rates Information flows Sensitive data Smartphone apps Databases and Information Systems Software Engineering |
| spellingShingle |
Android apps Geolocations Heart rates Information flows Sensitive data Smartphone apps Databases and Information Systems Software Engineering DEMISSIE, Biniam Fisseha CECCATO, Mariano SHAR, Lwin Khin AnFlo: Detecting anomalous sensitive information flows in Android apps |
| description |
Smartphone apps usually have access to sensitive user data such as contacts, geo-location, and account credentials and they might share such data to external entities through the Internet or with other apps. Confidentiality of user data could be breached if there are anomalies in the way sensitive data is handled by an app which is vulnerable or malicious. Existing approaches that detect anomalous sensitive data flows have limitations in terms of accuracy because the definition of anomalous flows may differ for different apps with different functionalities; it is normal for “Health” apps to share heart rate information through the Internet but is anomalous for “Travel” apps. In this paper, we propose a novel approach to detect anomalous sensitive data flows in Android apps, with improved accuracy. To achieve this objective, we first group trusted apps according to the topics inferred from their functional descriptions. We then learn sensitive information flows with respect to each group of trusted apps. For a given app under analysis, anomalies are identified by comparing sensitive information flows in the app against those flows learned from trusted apps grouped under the same topic. In the evaluation, information flow is learned from 11,796 trusted apps. We then checked for anomalies in 596 new (benign) apps and identified 2 previously-unknown vulnerable apps related to anomalous flows. We also analyzed 18 malware apps and found anomalies in 6 of them. |
| format |
text |
| author |
DEMISSIE, Biniam Fisseha CECCATO, Mariano SHAR, Lwin Khin |
| author_facet |
DEMISSIE, Biniam Fisseha CECCATO, Mariano SHAR, Lwin Khin |
| author_sort |
DEMISSIE, Biniam Fisseha |
| title |
AnFlo: Detecting anomalous sensitive information flows in Android apps |
| title_short |
AnFlo: Detecting anomalous sensitive information flows in Android apps |
| title_full |
AnFlo: Detecting anomalous sensitive information flows in Android apps |
| title_fullStr |
AnFlo: Detecting anomalous sensitive information flows in Android apps |
| title_full_unstemmed |
AnFlo: Detecting anomalous sensitive information flows in Android apps |
| title_sort |
anflo: detecting anomalous sensitive information flows in android apps |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2018 |
| url |
https://ink.library.smu.edu.sg/sis_research/4775 https://ink.library.smu.edu.sg/context/sis_research/article/5778/viewcontent/mobilesoft2018.pdf |
| _version_ |
1770575027309117440 |