Publication: TriFlow: Triaging Android Applications using Speculative Information Flows
| dc.affiliation.dpto | UC3M. Departamento de Informática | es |
| dc.affiliation.grupoinv | UC3M. Grupo de Investigación: COSEC (Computer SECurity Lab) | es |
| dc.contributor.author | Mirzaei, Omid | |
| dc.contributor.author | Suarez-Tangil, Guillermo | |
| dc.contributor.author | Estévez Tapiador, Juan Manuel | |
| dc.contributor.author | Fuentes García-Romero de Tejada, José María de | |
| dc.date.accessioned | 2018-03-15T16:35:46Z | |
| dc.date.available | 2018-03-15T16:35:46Z | |
| dc.date.issued | 2017-04-02 | |
| dc.description.abstract | Information flows in Android can be effectively used to give an informative summary of an application’s behavior, showing how and for what purpose apps use specific pieces of information. This has been shown to be extremely useful to characterize risky behaviors and, ultimately, to identify unwanted or malicious applications in Android. However, identifying information flows in an application is computationally highly expensive and, with more than one million apps in the Google Play market, it is critical to prioritize applications that are likely to pose a risk. In this work, we develop a triage mechanism to rank applications considering their potential risk. Our approach, called TRIFLOW, relies on static features that are quick to obtain. TRIFLOW combines a probabilistic model to predict the existence of information flows with a metric of how significant a flow is in benign and malicious apps. Based on this, TRIFLOW provides a score for each application that can be used to prioritize analysis. TRIFLOW also provides an explanatory report of the associated risk. We evaluate our tool with a representative dataset of benign and malicious Android apps. Our results show that it can predict the presence of information flows very accurately and that the overall triage mechanism enables significant resource saving. | en |
| dc.description.sponsorship | This work was supported by the MINECO grants TIN2013-46469-R and TIN2016-79095-C2-2-R, and by the CAM grant S2013/ICE-3095. | en |
| dc.format.mimetype | application/pdf | |
| dc.identifier.bibliographicCitation | Ramesh Karri, Ozgur Sinanoglu, Ahmad-Reza Sadeghi, Xun Yi. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2017, Abu Dhabi, United Arab Emirates, April 2-6, 2017. ACM, 640-651 | |
| dc.identifier.doi | http://dx.doi.org/10.1145/3052973.3053001 | |
| dc.identifier.isbn | 978-1-4503-4944-4 | |
| dc.identifier.publicationfirstpage | 640 | |
| dc.identifier.publicationlastpage | 651 | |
| dc.identifier.publicationtitle | Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security | |
| dc.identifier.uri | https://hdl.handle.net/10016/26107 | |
| dc.identifier.uxxi | CC/0000027270 | |
| dc.language.iso | eng | |
| dc.publisher | ACM | |
| dc.relation.eventdate | 2017-04-02 | |
| dc.relation.eventplace | Emiratos Arabes Unidos | es |
| dc.relation.eventtitle | ACM Asia Conference on Computer and Communications Security (ASIACCS) 2017 | |
| dc.relation.projectID | Gobierno de España. TIN2013-46469-R/SPINY | |
| dc.relation.projectID | Comunidad de Madrid. S2013/ICE-3095/CIBERDINE | |
| dc.rights | ACM New York, NY, USA ©2017 | |
| dc.rights.accessRights | open access | |
| dc.subject.eciencia | Informática | es |
| dc.subject.other | Android security | en |
| dc.subject.other | Malware analysis | en |
| dc.subject.other | Information flow | en |
| dc.subject.other | App triage | en |
| dc.title | TriFlow: Triaging Android Applications using Speculative Information Flows | en |
| dc.type | conference proceedings | * |
| dc.type.hasVersion | AM | * |
| dspace.entity.type | Publication |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- triflow_asiaccs_2017_ps.pdf
- Size:
- 1.33 MB
- Format:
- Adobe Portable Document Format