报告题目：Improving Mobile App Security via Detecting Intention-Behavior Discrepancy
Mobile apps have been an indispensable part in our daily life. However, there exist many potentially harmful apps that may exploit users’ privacy data, e.g., collecting the user’s information or sending messages in the background. Keeping these undesired apps away from the market is an ongoing challenge. While existing work provides techniques to determine what apps do, e.g., leaking information, little work has been done to answer, are the apps’ behaviors compatible with the intentions reflected by the app’s UI? As the user-perceivable information of apps’ UIs (i.e., texts and images) represent users’ expectation of apps’ behaviors (i.e., apps’ intentions), we aim to automatically check the compatibility between apps’ intentions and their behind-the-scene behaviors, i.e., detecting intention-behavior discrepancies. In this talk, I will first present IconIntent, that synergistically combines program analysis and icon classification to identify the intentions of the sensitive UI widgets in Android apps. Then, I will present DeepIntent, a framework that uses novel deep icon-behavior learning to learn an icon-behavior model from a large number of popular apps and detect intention-behavior discrepancies.
Xusheng Xiao is an assistant professor of Computer and Data Sciences at Case Western Reserve University. He received his Ph. D. degree in Computer Science at North Carolina State University in 2014. He was a visiting student in Computer Science department of the University of Illinois at Urbana-Champaign in 2013-2014. His research interests are in software engineering and computer security, with the focus on making software applications and computer systems more reliable and secure via program analysis, software testing, text analysis, and system monitoring. His research has been presented at top-tier venues such as ICSE, FSE, ISSTA, ASE, USENIX Security, CCS, and VLDB. His work in attack investigation for Advanced Persistent Threat (APT) attacks was selected as one of the top ten finalists for CSAW Best Applied Security Paper Award 2018. His work in mobile security was selected as one of the top ten finalists for CSAW Best Applied Security Paper Award 2015, and produced a static analysis tool that was deployed in TouchDevelop of Microsoft Research. His research is supported by NSF and Samsung. More details of his research can be found at his homepage, http://engineering.case.edu/groups/xusheng-xiao/
© 2020 Beplay官方网站beplay 版权所有