Document Type

Thesis

Date of Award

Spring 5-31-2018

Degree Name

Master of Science in Software Engineering - (M.S.)

Department

Computer Science

First Advisor

Iulian Neamtiu

Second Advisor

Qiang Tang

Third Advisor

Xiaoning Ding

Abstract

Applications (apps) that conceal their activities are fundamentally deceptive; app marketplaces and end-users should treat such apps as suspicious. However, due to its nature and intent, activity concealing is not disclosed up-front, which puts users at risk. This study focuses on characterization and detection of such techniques, e.g., hiding the app or removing traces, known as 'self hiding' (SH) behavior. SH behavior has not been studied per se - rather it has been reported on only as a byproduct of malware investigations. This gap is addressed via a study and suite of static analyses targeted at SH in Android apps.

SH behavior ranges from hiding the app's presence or activity to covering an app's traces, e.g., by blocking phone calls/ text messages or removing calls and messages from logs. Using static analysis tools on a large dataset of 9,452 Android apps (benign as well as malicious) the frequency of 12 such SH behaviors is exposed. It has revealed that malicious apps employ 1.5 SH behaviors per app on average. Surprisingly, SH behavior is also employed by legitimate ('benign') apps, which can affect users negatively in multiple ways. The approach has high precision and recall (combined F-measure = 87.19%). This approach is also efficient, with analysis typically taking just 37 seconds per app.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.