Projects per year
Abstract
Static and dynamic program analysis are the key concepts researchers apply to uncover security-critical implementation weaknesses in Android applications. As it is often not obvious in which context problematic statements occur, it is challenging to assess their practical impact. While some flaws may turn out to be bad practice but not undermine the overall security level, others could have a serious impact. Distinguishing them requires knowledge of the designated app purpose.
In this paper, we introduce a machine learning-based system that is capable of generating natural language text describing the purpose and core functionality of Android apps based on their actual code. We design a dense neural network that captures the semantic relationships of resource identifiers, string constants, and API calls contained in apps to derive a high-level picture of implemented program behavior. For arbitrary applications, our system can predict precise, human-readable keywords and short phrases that indicate the main use-cases apps are designed for.
We evaluate our solution on 67,040 real-world apps and find that with a precision between 69% and 84% we can identify keywords that also occur in the developer-provided description in Google Play. To avoid incomprehensible black box predictions, we apply a model explaining algorithm and demonstrate that our technique can substantially augment inspections of Android apps by contributing contextual information.
In this paper, we introduce a machine learning-based system that is capable of generating natural language text describing the purpose and core functionality of Android apps based on their actual code. We design a dense neural network that captures the semantic relationships of resource identifiers, string constants, and API calls contained in apps to derive a high-level picture of implemented program behavior. For arbitrary applications, our system can predict precise, human-readable keywords and short phrases that indicate the main use-cases apps are designed for.
We evaluate our solution on 67,040 real-world apps and find that with a precision between 69% and 84% we can identify keywords that also occur in the developer-provided description in Google Play. To avoid incomprehensible black box predictions, we apply a model explaining algorithm and demonstrate that our technique can substantially augment inspections of Android apps by contributing contextual information.
Original language | English |
---|---|
Title of host publication | ICT Systems Security and Privacy Protection - 35th IFIP TC 11 International Conference, SEC 2020, Proceedings |
Editors | Marko Hölbl, Tatjana Welzer, Kai Rannenberg |
Place of Publication | Cham |
Publisher | Springer International Publishing AG |
Pages | 171-186 |
Number of pages | 16 |
Volume | 580 |
ISBN (Electronic) | 978-3-030-58201-2 |
ISBN (Print) | 978-3-030-58200-5 |
DOIs | |
Publication status | Published - Sep 2020 |
Event | 35th International Conference on ICT Systems Security and Privacy Protection - Maribor, Slovenia Duration: 21 Sep 2020 → 23 Sep 2020 https://sec2020.um.si |
Publication series
Name | IFIP Advances in Information and Communication Technology |
---|---|
Volume | 580 IFIP |
ISSN (Print) | 1868-4238 |
ISSN (Electronic) | 1868-422X |
Conference
Conference | 35th International Conference on ICT Systems Security and Privacy Protection |
---|---|
Abbreviated title | IFIP SEC 2020 |
Country/Territory | Slovenia |
City | Maribor |
Period | 21/09/20 → 23/09/20 |
Internet address |
Keywords
- Android
- TF-IDF
- Deep Learning
- NLP
ASJC Scopus subject areas
- Information Systems and Management
- Information Systems
- Computer Networks and Communications
Fingerprint
Dive into the research topics of 'Code between the Lines: Semantic Analysis of Android Applications'. Together they form a unique fingerprint.Projects
- 1 Active
-
A-SIT - Secure Information Technology Center Austria
Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.
21/05/99 → 6/08/20
Project: Research area