ICSE 2022 (series) / Technical Track /
Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps
Mon 9 May 2022 21:15 - 21:20 at ICSE room 1-odd hours - Apps and App Store Analysis 1 Chair(s): John Grundy
Thu 12 May 2022 13:20 - 13:25 at ICSE room 3-odd hours - Apps and App Store Analysis 2 Chair(s): Julian Dolby
Wed 25 May 2022 14:00 - 14:05 at Room 301+302 - Papers 9: Requirements, Design and App Analysis Chair(s): Rick Kazman
Thu 12 May 2022 13:20 - 13:25 at ICSE room 3-odd hours - Apps and App Store Analysis 2 Chair(s): Julian Dolby
Wed 25 May 2022 14:00 - 14:05 at Room 301+302 - Papers 9: Requirements, Design and App Analysis Chair(s): Rick Kazman
One prominent tactic used to keep malicious behavior from being detected during dynamic test campaigns is logic bombs, where malicious operations are triggered only when specific conditions are satisfied. Defusing logic bombs remains an unsolved problem in the literature. In this work, we propose to investigate Suspicious Hidden Sensitive Operations (SHSOs) as a step towards triaging logic bombs. To that end, we develop a novel hybrid approach that combines static analysis and anomaly detection techniques to uncover SHSOs, which we predict as likely implementations of logic bombs. Concretely, Difuzer identifies SHSO entry-points using an instrumentation engine and an inter-procedural data-flow analysis. Then, it extracts trigger-specific features to characterize SHSOs and leverages One-Class SVM to implement an unsupervised learning model for detecting abnormal triggers.
We evaluate our prototype and show that it yields a precision of 99.02% to detect SHSOs among which 29.7% are logic bombs. Difuzer outperforms the state-of-the-art in revealing more logic bombs while yielding less false positives in about one order of magnitude less time. All our artifacts are released to the community.
Mon 9 MayDisplayed time zone: Eastern Time (US & Canada) change
Mon 9 May
Displayed time zone: Eastern Time (US & Canada) change
21:00 - 22:00 | Apps and App Store Analysis 1Technical Track at ICSE room 1-odd hours Chair(s): John Grundy Monash University | ||
21:00 5mTalk | JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis Technical Track Jordan Samhi University of Luxembourg, Jun Gao University of Luxembourg, Luxembourg, Nadia Daoudi SnT, University of Luxembourg, Pierre Graux University of Luxembourg, Henri Hoyez , Xiaoyu Sun Monash University, Kevin Allix University of Luxembourg, Tegawendé F. Bissyandé SnT, University of Luxembourg, Jacques Klein University of Luxembourg DOI Pre-print Media Attached | ||
21:05 5mTalk | Where is Your App Frustrating Users? Technical Track Yawen Wang Institute of Software, Chinese Academy of Sciences, Junjie Wang Institute of Software at Chinese Academy of Sciences, Hongyu Zhang University of Newcastle, Xuran Ming Institute of Software, Chinese Academy of Sciences, Lin Shi ISCAS, Qing Wang Institute of Software at Chinese Academy of Sciences DOI Pre-print Media Attached | ||
21:10 5mTalk | Towards Automatically Repairing Compatibility Issues in Published Android Apps Technical Track Yanjie Zhao Monash University, Li Li Monash University, Kui Liu Nanjing University of Aeronautics and Astronautics, China, John Grundy Monash University Pre-print Media Attached | ||
21:15 5mTalk | Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps Technical Track Jordan Samhi University of Luxembourg, Li Li Monash University, Tegawendé F. Bissyandé SnT, University of Luxembourg, Jacques Klein University of Luxembourg DOI Pre-print Media Attached | ||
Thu 12 MayDisplayed time zone: Eastern Time (US & Canada) change
Thu 12 May
Displayed time zone: Eastern Time (US & Canada) change
13:00 - 14:00 | Apps and App Store Analysis 2Technical Track at ICSE room 3-odd hours Chair(s): Julian Dolby IBM Research, USA | ||
13:00 5mTalk | DescribeCtx: Context-Aware Description Synthesis for Sensitive Behaviors in Mobile Apps Technical Track Shao Yang Case Western Reserve University, Yuehan Wang Nanjing University, Yuan Yao Nanjing University, Haoyu Wang Huazhong University of Science and Technology, China, Yanfang Ye Case Western Reserve University, Xusheng Xiao Case Western Reserve University DOI Pre-print Media Attached | ||
13:05 5mTalk | Promal: Precise Window Transition Graphs for Android via Synergy of Program Analysis and Machine Learning Technical Track Changlin Liu Case Western Reserve University, Hanlin Wang Case Western Reserve University, Tianming Liu Monash Univerisity, Diandian Gu Peking University, Yun Ma Peking University, Haoyu Wang Huazhong University of Science and Technology, China, Xusheng Xiao Case Western Reserve University DOI Pre-print Media Attached | ||
13:10 5mTalk | JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis Technical Track Jordan Samhi University of Luxembourg, Jun Gao University of Luxembourg, Luxembourg, Nadia Daoudi SnT, University of Luxembourg, Pierre Graux University of Luxembourg, Henri Hoyez , Xiaoyu Sun Monash University, Kevin Allix University of Luxembourg, Tegawendé F. Bissyandé SnT, University of Luxembourg, Jacques Klein University of Luxembourg DOI Pre-print Media Attached | ||
13:15 5mTalk | Domain-Specific Analysis of Mobile App Reviews Using Keyword-Assisted Topic Models Technical Track Miroslav Tushev Amazon, Fahimeh Ebrahimi Louisiana State University, Anas "Nash" Mahmoud Louisiana State University Pre-print Media Attached | ||
13:20 5mTalk | Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps Technical Track Jordan Samhi University of Luxembourg, Li Li Monash University, Tegawendé F. Bissyandé SnT, University of Luxembourg, Jacques Klein University of Luxembourg DOI Pre-print Media Attached | ||
Wed 25 MayDisplayed time zone: Eastern Time (US & Canada) change
Wed 25 May
Displayed time zone: Eastern Time (US & Canada) change
13:30 - 15:00 | Papers 9: Requirements, Design and App AnalysisSEIS - Software Engineering in Society / Technical Track / Journal-First Papers / NIER - New Ideas and Emerging Results at Room 301+302 Chair(s): Rick Kazman University of Hawai‘i at Mānoa | ||
13:30 5mTalk | How Templated Requirements Specifications Inhibit Creativity in Software Engineering Journal-First Papers Rahul Mohanani University of Jyväskylä, Paul Ralph Dalhousie University, Burak Turhan University of Oulu, Vladimir Mandić Faculty of Technical Sciences, University of Novi Sad Link to publication DOI Pre-print Media Attached | ||
13:35 5mTalk | How to Debug Inclusivity Bugs? A Debugging Process with Information Architecture SEIS - Software Engineering in Society Mariam Guizani Oregon State University, Igor Steinmacher Northern Arizona University, Jillian Emard Oregon State University, Abrar Fallatah Oregon State University, Margaret Burnett Oregon State University, Anita Sarma Oregon State University Pre-print Media Attached | ||
13:40 5mTalk | Towards a Reference Software Architecture for Human-AI Teaming in Smart Manufacturing NIER - New Ideas and Emerging Results Philipp Haindl Software Competence Center Hagenberg, Georg Buchgeher Software Competence Center Hagenberg, Maqbool Khan Software Competence Center Hagenberg, Bernhard Moser Software Competence Center Hagenberg Pre-print Media Attached | ||
13:45 5mTalk | The Art and Practice of Data Science Pipelines: A Comprehensive Study of Data Science Pipelines In Theory, In-The-Small, and In-The-Large Technical Track Sumon Biswas Carnegie Mellon University, Mohammad Wardat Dept. of Computer Science, Iowa State University, Hridesh Rajan Iowa State University Pre-print Media Attached | ||
13:50 5mTalk | DescribeCtx: Context-Aware Description Synthesis for Sensitive Behaviors in Mobile Apps Technical Track Shao Yang Case Western Reserve University, Yuehan Wang Nanjing University, Yuan Yao Nanjing University, Haoyu Wang Huazhong University of Science and Technology, China, Yanfang Ye Case Western Reserve University, Xusheng Xiao Case Western Reserve University DOI Pre-print Media Attached | ||
13:55 5mTalk | JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis Technical Track Jordan Samhi University of Luxembourg, Jun Gao University of Luxembourg, Luxembourg, Nadia Daoudi SnT, University of Luxembourg, Pierre Graux University of Luxembourg, Henri Hoyez , Xiaoyu Sun Monash University, Kevin Allix University of Luxembourg, Tegawendé F. Bissyandé SnT, University of Luxembourg, Jacques Klein University of Luxembourg DOI Pre-print Media Attached | ||
14:00 5mTalk | Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps Technical Track Jordan Samhi University of Luxembourg, Li Li Monash University, Tegawendé F. Bissyandé SnT, University of Luxembourg, Jacques Klein University of Luxembourg DOI Pre-print Media Attached | ||
14:05 5mTalk | FeatCompare: Feature Comparison for Competing Mobile Apps Leveraging User Reviews Journal-First Papers Maram Assi Queen's University, Safwat Hassan Thompson Rivers University, Yuan Tian Queens University, Kingston, Canada, Ying Zou Queen's University, Kingston, Ontario Link to publication Pre-print Media Attached | ||
Information for Participants
Mon 9 May 2022 21:00 - 22:00 at ICSE room 1-odd hours - Apps and App Store Analysis 1 Chair(s): John Grundy
Info for room ICSE room 1-odd hours:
Thu 12 May 2022 13:00 - 14:00 at ICSE room 3-odd hours - Apps and App Store Analysis 2 Chair(s): Julian Dolby
Info for room ICSE room 3-odd hours: