• DocumentCode
    1606257
  • Title

    Mining Apps for Abnormal Usage of Sensitive Data

  • Author

    Avdiienko, Vitalii ; Kuznetsov, Konstantin ; Gorla, Alessandra ; Zeller, Andreas ; Arzt, Steven ; Rasthofer, Siegfried ; Bodden, Eric

  • Author_Institution
    Saarland Univ., Saarbrucken, Germany
  • Volume
    1
  • fYear
    2015
  • Firstpage
    426
  • Lastpage
    436
  • Abstract
    What is it that makes an app malicious? One important factor is that malicious apps treat sensitive data differently from benign apps. To capture such differences, we mined 2,866 benign Android applications for their data flow from sensitive sources, and compare these flows against those found in malicious apps. We find that (a) for every sensitive source, the data ends up in a small number of typical sinks; (b) these sinks differ considerably between benign and malicious apps; (c) these differences can be used to flag malicious apps due to their abnormal data flow; and (d) malicious apps can be identified by their abnormal data flow alone, without requiring known malware samples. In our evaluation, our MUDFLOW prototype correctly identified 86.4% of all novel malware, and 90.1% of novel malware leaking sensitive data.
  • Keywords
    data mining; invasive software; mobile computing; smart phones; Android application; abnormal data flow; data mining; malware; Androids; Data mining; Google; Humanoid robots; Malware; Smart phones; Twitter;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Engineering (ICSE), 2015 IEEE/ACM 37th IEEE International Conference on
  • Conference_Location
    Florence
  • Type

    conf

  • DOI
    10.1109/ICSE.2015.61
  • Filename
    7194594
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1606257