IconChecker: Anomaly Detection of Icon-Behaviors for Android Apps

Yuxuan Li, Ruitao Feng, Sen Chen, Qianyu Guo, Lingling Fan, Xiaohong Li
{"title":"IconChecker: Anomaly Detection of Icon-Behaviors for Android Apps","authors":"Yuxuan Li, Ruitao Feng, Sen Chen, Qianyu Guo, Lingling Fan, Xiaohong Li","doi":"10.1109/APSEC53868.2021.00028","DOIUrl":null,"url":null,"abstract":"As a result of the technical evolution in network technologies and the upper applications, the reliance of mobile apps on the Internet increased heavily on the purpose of excellent service in years. However, the speedy increase brought not only conveniences but also security risks. For instance, it is unveiled that there exists a series of malicious apps, which are aiming to collect users’ private data and imperceptibly send them to remote servers under the camouflage of normal users’ behaviors. To defend against the threat, although lots of research has been proposed, it is still a challenge to capture the abnormal behaviors more precisely. In this paper, we propose IconChecker, a GUI-based anomaly detection framework, to detect icons that can cause malicious network payloads under the premise of users’ normal intentions. IconChecker can detect the abnormal icon-behaviors with the icon's semantics and triggered network traffic in relatively high precision, and further generate a security report for analysis and development. To demonstrate the effectiveness, we evaluate IconChecker from: (1) the accuracy of network traffic sniffing; (2) the accuracy of icon semantics classification; (3) the overall precision of IconChecker towards real apps; (4) comparing IconChecker with the existing tool, i.e., DeepIntent. The detection results show that IconChecker can outperform at the precision of 84% in terms of our summarized 8 categories of icon-behaviors. We remark that IconChecker is the first work, which dynamically detects abnormal icon-behaviors, to identify the malicious network payloads in Android apps.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APSEC53868.2021.00028","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

As a result of the technical evolution in network technologies and the upper applications, the reliance of mobile apps on the Internet increased heavily on the purpose of excellent service in years. However, the speedy increase brought not only conveniences but also security risks. For instance, it is unveiled that there exists a series of malicious apps, which are aiming to collect users’ private data and imperceptibly send them to remote servers under the camouflage of normal users’ behaviors. To defend against the threat, although lots of research has been proposed, it is still a challenge to capture the abnormal behaviors more precisely. In this paper, we propose IconChecker, a GUI-based anomaly detection framework, to detect icons that can cause malicious network payloads under the premise of users’ normal intentions. IconChecker can detect the abnormal icon-behaviors with the icon's semantics and triggered network traffic in relatively high precision, and further generate a security report for analysis and development. To demonstrate the effectiveness, we evaluate IconChecker from: (1) the accuracy of network traffic sniffing; (2) the accuracy of icon semantics classification; (3) the overall precision of IconChecker towards real apps; (4) comparing IconChecker with the existing tool, i.e., DeepIntent. The detection results show that IconChecker can outperform at the precision of 84% in terms of our summarized 8 categories of icon-behaviors. We remark that IconChecker is the first work, which dynamically detects abnormal icon-behaviors, to identify the malicious network payloads in Android apps.
IconChecker:图标行为的异常检测Android应用程序
由于网络技术和上层应用程序的技术发展,移动应用程序对互联网的依赖程度逐年增加,以提供优质服务为目的。然而,快速增长带来便利的同时也带来了安全风险。例如,据披露,存在一系列恶意应用程序,旨在收集用户的私人数据,并在正常用户行为的伪装下不知不觉地将其发送到远程服务器。为了防御这种威胁,尽管已经提出了许多研究,但如何更准确地捕捉异常行为仍然是一个挑战。本文提出了基于gui的异常检测框架IconChecker,在用户正常意图的前提下,检测可能导致恶意网络载荷的图标。IconChecker可以根据图标的语义和触发的网络流量,以较高的精度检测出图标的异常行为,并生成安全报告供分析和开发。为了证明IconChecker的有效性,我们从以下方面对其进行评估:(1)网络流量嗅探的准确性;(2)图标语义分类的准确性;(3) IconChecker对实际应用的整体精度;(4)对比IconChecker与现有工具DeepIntent。检测结果表明,就我们总结的8类图标行为而言,IconChecker的准确率可以达到84%。我们注意到IconChecker是第一个动态检测异常图标行为的作品,以识别Android应用程序中的恶意网络有效负载。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信