Potential component leaks in Android apps: an investigation into a new feature set for malware detection

Li Li; Kevin Allix; Daoyuan Li; Alexandre Bartel; Tegawendé F. Bissyandé; Jacques Klein

doi:10.1109/QRS.2015.36

Potential component leaks in Android apps: an investigation into a new feature set for malware detection

Li Li, Kevin Allix, Daoyuan Li, Alexandre Bartel, Tegawendé F. Bissyandé, Jacques Klein

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research

22 Citations (Scopus)

Abstract

We discuss the capability of a new feature set for malware detection based on potential component leaks (PCLs). PCLs are defined as sensitive data-flows that involve Android inter-component communications. We show that PCLs are common in Android apps and that malicious applications indeed manipulate significantly more PCLs than benign apps. Then, we evaluate a machine learning-based approach relying on PCLs. Experimental validations show high performance for identifying malware, demonstrating that PCLs can be used for discriminating malicious apps from benign apps.

Original language	English
Title of host publication	Proceedings - 2015 IEEE International Conference on Software Quality, Reliability and Security, QRS 2015
Editors	Jian Zhang, Bhavani Thuraisingham
Place of Publication	Piscataway NJ USA
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	195-200
Number of pages	6
ISBN (Electronic)	9781467379892, 9781467379885
DOIs	https://doi.org/10.1109/QRS.2015.36
Publication status	Published - 2015
Externally published	Yes
Event	IEEE International Conference on Software Quality, Reliability and Security 2015 - Vancouver, Canada Duration: 3 Aug 2015 → 5 Aug 2015 https://paris.utdallas.edu/qrs15/

Conference

Conference	IEEE International Conference on Software Quality, Reliability and Security 2015
Abbreviated title	QRS 2015
Country/Territory	Canada
City	Vancouver
Period	3/08/15 → 5/08/15
Internet address	https://paris.utdallas.edu/qrs15/

Access to Document

10.1109/QRS.2015.36

Cite this

Li, L., Allix, K., Li, D., Bartel, A., Bissyandé, T. F., & Klein, J. (2015). Potential component leaks in Android apps: an investigation into a new feature set for malware detection. In J. Zhang, & B. Thuraisingham (Eds.), Proceedings - 2015 IEEE International Conference on Software Quality, Reliability and Security, QRS 2015 (pp. 195-200). Article 7272932 IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/QRS.2015.36

Li, Li ; Allix, Kevin ; Li, Daoyuan et al. / Potential component leaks in Android apps : an investigation into a new feature set for malware detection. Proceedings - 2015 IEEE International Conference on Software Quality, Reliability and Security, QRS 2015. editor / Jian Zhang ; Bhavani Thuraisingham. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2015. pp. 195-200

@inproceedings{1fd30cc94ed4401b9d7e4f2caeb2e793,

title = "Potential component leaks in Android apps: an investigation into a new feature set for malware detection",

abstract = "We discuss the capability of a new feature set for malware detection based on potential component leaks (PCLs). PCLs are defined as sensitive data-flows that involve Android inter-component communications. We show that PCLs are common in Android apps and that malicious applications indeed manipulate significantly more PCLs than benign apps. Then, we evaluate a machine learning-based approach relying on PCLs. Experimental validations show high performance for identifying malware, demonstrating that PCLs can be used for discriminating malicious apps from benign apps.",

author = "Li Li and Kevin Allix and Daoyuan Li and Alexandre Bartel and Bissyand{\'e}, {Tegawend{\'e} F.} and Jacques Klein",

year = "2015",

doi = "10.1109/QRS.2015.36",

language = "English",

pages = "195--200",

editor = "Zhang, {Jian } and Thuraisingham, {Bhavani }",

booktitle = "Proceedings - 2015 IEEE International Conference on Software Quality, Reliability and Security, QRS 2015",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

address = "United States of America",

note = "IEEE International Conference on Software Quality, Reliability and Security 2015, QRS 2015 ; Conference date: 03-08-2015 Through 05-08-2015",

url = "https://paris.utdallas.edu/qrs15/",

}

Li, L, Allix, K, Li, D, Bartel, A, Bissyandé, TF & Klein, J 2015, Potential component leaks in Android apps: an investigation into a new feature set for malware detection. in J Zhang & B Thuraisingham (eds), Proceedings - 2015 IEEE International Conference on Software Quality, Reliability and Security, QRS 2015., 7272932, IEEE, Institute of Electrical and Electronics Engineers, Piscataway NJ USA, pp. 195-200, IEEE International Conference on Software Quality, Reliability and Security 2015, Vancouver, British Columbia, Canada, 3/08/15. https://doi.org/10.1109/QRS.2015.36

Potential component leaks in Android apps: an investigation into a new feature set for malware detection. / Li, Li; Allix, Kevin; Li, Daoyuan et al.
Proceedings - 2015 IEEE International Conference on Software Quality, Reliability and Security, QRS 2015. ed. / Jian Zhang; Bhavani Thuraisingham. Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers, 2015. p. 195-200 7272932.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research

TY - GEN

T1 - Potential component leaks in Android apps

T2 - IEEE International Conference on Software Quality, Reliability and Security 2015

AU - Li, Li

AU - Allix, Kevin

AU - Li, Daoyuan

AU - Bartel, Alexandre

AU - Bissyandé, Tegawendé F.

AU - Klein, Jacques

PY - 2015

Y1 - 2015

N2 - We discuss the capability of a new feature set for malware detection based on potential component leaks (PCLs). PCLs are defined as sensitive data-flows that involve Android inter-component communications. We show that PCLs are common in Android apps and that malicious applications indeed manipulate significantly more PCLs than benign apps. Then, we evaluate a machine learning-based approach relying on PCLs. Experimental validations show high performance for identifying malware, demonstrating that PCLs can be used for discriminating malicious apps from benign apps.

AB - We discuss the capability of a new feature set for malware detection based on potential component leaks (PCLs). PCLs are defined as sensitive data-flows that involve Android inter-component communications. We show that PCLs are common in Android apps and that malicious applications indeed manipulate significantly more PCLs than benign apps. Then, we evaluate a machine learning-based approach relying on PCLs. Experimental validations show high performance for identifying malware, demonstrating that PCLs can be used for discriminating malicious apps from benign apps.

UR - http://www.scopus.com/inward/record.url?scp=84962109836&partnerID=8YFLogxK

U2 - 10.1109/QRS.2015.36

DO - 10.1109/QRS.2015.36

M3 - Conference Paper

AN - SCOPUS:84962109836

SP - 195

EP - 200

BT - Proceedings - 2015 IEEE International Conference on Software Quality, Reliability and Security, QRS 2015

A2 - Zhang, Jian

A2 - Thuraisingham, Bhavani

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - Piscataway NJ USA

Y2 - 3 August 2015 through 5 August 2015

ER -

Li L, Allix K, Li D, Bartel A, Bissyandé TF, Klein J. Potential component leaks in Android apps: an investigation into a new feature set for malware detection. In Zhang J, Thuraisingham B, editors, Proceedings - 2015 IEEE International Conference on Software Quality, Reliability and Security, QRS 2015. Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers. 2015. p. 195-200. 7272932 doi: 10.1109/QRS.2015.36

Potential component leaks in Android apps: an investigation into a new feature set for malware detection

Abstract

Conference

Access to Document

Other files and links

Cite this