Article
Computer Science, Theory & Methods
Bin Wang, Chao Yang, Jianfeng Ma
Summary: Inter-app communication mechanism allows for improved usability and rich functionality in Android apps, but it can also be abused by malicious or inexperienced developers. This paper presents concealed inter-app communication channels that bypass existing security detection mechanisms and proposes a defense framework, IAFDroid, which combines static and taint analysis. Results show that 94.4% of Android's exposed components can be leveraged for collusion attacks, and the extracted feature set from IAFDroid improves Android malware detection accuracy. The paper also contributes a comprehensive benchmark, IACBench, and open-sources IAFDroid and IACBench under the GPL agreement.
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY
(2023)
Article
Computer Science, Information Systems
Andrea Romdhana, Alessio Merlo, Mariano Ceccato, Paolo Tonella
Summary: This paper addresses the issue of generating exploits for a subset of Android Inter-Component Communication (ICC) vulnerabilities using static analysis, Deep Reinforcement Learning-based dynamic analysis, and software instrumentation. The proposed approach, named RONIN, outperforms state-of-the-art and baseline tools in terms of the number of exploited vulnerabilities.
COMPUTERS & SECURITY
(2023)
Article
Computer Science, Artificial Intelligence
M. Grace, M. Sughasiny
Summary: This paper presents a lightweight monitoring system for detecting malicious applications through behavior analysis. By examining app activities and log files, the system evaluates app permissions and detects malicious apps based on predefined policies. Experimental results show that the system achieves an accuracy of 95%.
EXPERT SYSTEMS WITH APPLICATIONS
(2022)
Article
Computer Science, Information Systems
Mulhem Ibrahim, Bayan Issa, Muhammed Basheer Jasser
Summary: Android is dominating the global smartphone market, leading to a strong need for effective security measures. This research proposes a new method for detecting and classifying Android malware using deep learning models and static analysis, achieving high accuracy in malware detection and classification.
Review
Computer Science, Artificial Intelligence
Rosmalissa Jusoh, Ahmad Firdaus, Shahid Anwar, Mohd Zamri Osman, Mohd Faaizie Darmawan, Mohd Faizal Ab Razak
Summary: Android is a free open-source operating system widely used by manufacturers to produce mobile devices, but unethical authors often develop malware for various purposes. While practitioners conduct intrusion detection analyses like static analysis, there is a lack of review articles discussing research efforts in this area.
PEERJ COMPUTER SCIENCE
(2021)
Article
Computer Science, Hardware & Architecture
Jun Gao, Li Li, Pingfan Kong, Tegawende F. Bissyande, Jacques Klein
Summary: This study investigates vulnerabilities in Android apps by analyzing app lineages and examining how vulnerabilities are introduced, located, and whether they indicate potential malware. The findings provide valuable insights for developers and researchers to guide their vulnerability repair and research efforts, leveraging the knowledge gained from this study.
IEEE TRANSACTIONS ON RELIABILITY
(2021)
Article
Computer Science, Software Engineering
Bozhi Wu, Sen Chen, Cuiyun Gao, Lingling Fan, Yang Liu, Weiping Wen, Michael R. Lyu
Summary: This article introduces a novel and interpretable machine learning-based approach (XMal) for Android malware detection and analysis. XMal not only accurately classifies malware, but also explains the classification results and malicious behavior descriptions, addressing the gaps in existing research.
ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY
(2021)
Article
Automation & Control Systems
Sumit Kumar, S. Indu, Gurjit Singh Walia
Summary: An optimal solution for the unification of static and dynamic features in Android smartphones is proposed to detect malicious applications. Experimental results show that the suggested solution outperforms existing methods.
INTELLIGENT AUTOMATION AND SOFT COMPUTING
(2023)
Article
Computer Science, Theory & Methods
Zhaoyi Meng, Yan Xiong, Wenchao Huang, Fuyou Miao, Jianmeng Huang
Summary: AppAngio is a novel system that reveals contextual information in Android app behaviors by API-level audit logs. The system identifies paths matched with logs on the app's control-flow graphs, aiming to assist security analysts in understanding how apps work and detecting malicious behaviors. Experiment results show that AppAngio incurs negligible performance overhead on real devices and complements existing analysis schemes.
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY
(2021)
Article
Computer Science, Information Systems
Carlos Cilleruelo, Enrique-Larriba, Luis De-Marcos, Jose-Javier Martinez-Herraiz
Summary: This paper proposes a solution based on machine learning algorithms to detect PHAs in application markets, using the lifespan of applications in Google Play as a criterion to avoid the bias of antivirus engines. The solution has shown a 90% accuracy score and offers a complementary method to existing machine learning models for detecting PHAs.
Article
Computer Science, Software Engineering
Matin Katebi, Afshin RezaKhani, Saba Joudaki, Mohammad Ebrahim Shiri
Summary: This article proposes RAPSAMS, a method that extends affinity propagation clustering to robustly cluster malware streams. The approach uses AP for clustering samples and introduces adversarial examples to attack the clustering algorithm and create a robust defense. The proposed method addresses the challenges of finding appropriate representations for clustering and managing patterns with different distributions. Experimental results demonstrate the adaptability and effectiveness of the proposed methods. AP clustering is shown to be robust against label flipping attacks.
CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE
(2022)
Article
Computer Science, Hardware & Architecture
Farnood Faghihi, Mohammad Zulkernine, Steven Ding
Summary: CamoDroid is a dynamic analysis environment that fights against modern evasive Android malware detection, providing comprehensive monitoring and recording of application behavior, successfully cloaking its existence and being effective against over 96% of evasive Android malware.
JOURNAL OF SYSTEMS ARCHITECTURE
(2022)
Review
Computer Science, Information Systems
Shivi Garg, Niyati Baliyan
Summary: This paper provides a comparative analysis of Android and iOS in terms of security aspects, revealing that Android is more susceptible to security breaches and malware attacks compared to iOS. Therefore, researchers should focus on solving security issues related to Android to provide a safer mobile operating system for users.
COMPUTER SCIENCE REVIEW
(2021)
Article
Computer Science, Artificial Intelligence
Jianfei Tang, Hui Zhao
Summary: The focus of research on malware detection is on proposing and improving neural network structures. The constant updates of Android pose challenges to the proposed detection methods. This article proposes an automated platform called AmandaSystem that optimizes each process of existing malware detection methods and achieves efficient feature extraction on large malware datasets. Additionally, a new static analysis method named PerApTool is proposed to accurately map relationships between Android permissions and API calls. Tests conducted on publicly available malware datasets demonstrate the performance of AmandaSystem compared with existing methods in terms of efficiency, space occupancy, and feature extraction.
JOURNAL OF INTELLIGENT & FUZZY SYSTEMS
(2022)
Article
Computer Science, Information Systems
Borja Molina-Coronado, Usue Mori, Alexander Mendiburu, Jose Miguel-Alonso
Summary: In this paper, an analysis is conducted on ten influential research works on Android malware detection, identifying five factors that significantly affect the trained ML models and their performances. It is emphasized that generating realistic experimental scenarios and considering these factors is crucial for the development of better ML-based Android malware detection solutions.
COMPUTERS & SECURITY
(2023)
Article
Computer Science, Hardware & Architecture
Salman Ahmed, Ya Xiao, Taejoong (Tijay) Chung, Carol Fung, Moti Yung, Danfeng (Daphne) Yao
Summary: Using case studies and realistic scenarios, this analysis examines the security, privacy, and reliability of Google and Apple's COVID-19 exposure notification technology, validating the system and potentially increasing transparency.
Article
Computer Science, Software Engineering
Ying Zhang, Md Mahir Asef Kabir, Ya Xiao, Danfeng Yao, Na Meng
Summary: This study investigates the misuse of cryptographic APIs on the Java platform and finds that developers face challenges in correctly using these APIs, leading to vulnerabilities in their software. Tools have been created to detect and fix these API misuses, but their design, effectiveness, and usefulness to developers are still unknown. The empirical study conducted in this research reveals that there is a significant gap between the current tools and developers' expectations.
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING
(2023)
Article
Cardiac & Cardiovascular Systems
Chengui Zhuo, Jianqiang Zhao, Qiqi Wang, Zujin Lin, Haipeng Cai, Huili Pan, Lei Chen, Xiangyu Jin, Hong Jin, Longwei Xu, Xiyan Tao
Summary: The study found that handgrip strength is negatively associated with the risk of CAD, MI, and atrial fibrillation, but not with stroke, hypertension, or heart failure. This suggests that handgrip strength interventions may be explored as potential preventive measures for CVDs.
FRONTIERS IN CARDIOVASCULAR MEDICINE
(2022)
Article
Computer Science, Software Engineering
Xiaoyu Sun, Xiao Chen, Li Li, Haipeng Cai, John Grundy, Jordan Samhi, Tegawende Bissyande, Jacques Klein
Summary: Given the wide adoption of Android devices among consumers, security has become a key concern. Malware writers regularly update their attack mechanisms to hide malicious behavior, posing problems to current research techniques. This work proposes a static approach called HiSenDroid that specifically targets hidden sensitive operations, successfully revealing code aiming to evade detection by dynamic analysis. Experimental results show that certain hidden sensitive behaviors can lead to private data leaks. Overall, HiSenDroid helps security analysts validate potentially sensitive data operations that would have otherwise been unnoticed.
ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY
(2023)
Article
Neurosciences
Haipeng Cai, Ruonan Du, Kebing Yang, Wei Li, Zhiren Wang
Summary: This study used bibliometric and visual analyses to map the current state of global research on electroconvulsive therapy (ECT) for depressive disorder, and to predict future research trends in this area.
FRONTIERS IN HUMAN NEUROSCIENCE
(2022)
Article
Computer Science, Information Systems
Danfeng Daphne Yao, Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Miles Frantz, Ke Tian, Na Meng, Cristina Cifuentes, Yang Zhao, Nicholas Allen, Nathan Keynes, Barton Miller, Elisa Heymann, Murat Kantarcioglu, Fahad Shaon
IEEE SECURITY & PRIVACY
(2022)
Article
Computer Science, Hardware & Architecture
Sazzadur Rahaman, Haipeng Cai, Omar Chowdhury, Danfeng Yao
Summary: Cryptographic program analysis (CPA) proposes using program analysis to detect implementation flaws in cryptographic protocols at compile time. The research found that many flaws in cryptographic implementations stem from violations of meta-level properties. A tool called TaintCrypt uses static taint analysis to identify these violations in C/C++ cryptographic implementations, showing promise in avoiding high-profile flaws and generating new security insights.
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
(2022)
Article
Computer Science, Software Engineering
Yu Nong, Rainy Sharma, Abdelwahab Hamou-Lhadj, Xiapu Luo, Haipeng Cai
Summary: Open science is highly beneficial for making scientific research accessible to everyone, and the software engineering community is advocating for open science policies. However, there have been few studies on the status and issues of open science in SE. This paper fills this gap by focusing on deep learning-based vulnerability detection and providing actionable recommendations for improving open science practices.
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING
(2023)
Article
Biology
Edward J. Jacobs IV, Sabrina N. Campelo, Kenneth N. Aycock, Danfeng Yao, Rafael Davalos
Summary: The nonthermal mechanism of irreversible electroporation is important for treating tumors and cardiac tissue in anatomically sensitive areas. A temperature prediction artificial intelligence (AI) model that uses estimated tissue properties, known geometric properties, and easily measurable treatment parameters has been developed. This model accurately predicts temperature rise in various conditions, including realistic simulations and ex vivo perfused porcine livers, with minimal error.
COMPUTERS IN BIOLOGY AND MEDICINE
(2023)
Article
Computer Science, Software Engineering
Yao Li, Tao Zhang, Xiapu Luo, Haipeng Cai, Sen Fang, Dawei Yuan
Summary: This article investigates the extent to which pre-trained language models understand software engineering tasks and discovers an overinterpretation phenomenon where the models confidently make decisions without salient features. The study explores strategies to mitigate this phenomenon and highlights the importance of designing input for AI4SE tasks.
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING
(2023)
Proceedings Paper
Computer Science, Hardware & Architecture
Weimin Chen, Zihan Sun, Haoyu Wang, Xiapu Luo, Haipeng Cai, Lei Wu
Summary: WebAssembly (Wasm) smart contracts have gained popularity in the blockchain field, but they also face vulnerabilities. To address the limitations of existing methods, researchers have developed a new tool called WASAI, which can accurately detect vulnerabilities in Wasm smart contracts.
2023 IEEE 43RD INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING SYSTEMS, ICDCS
(2023)
Article
Behavioral Sciences
Haipeng Cai, Ruonan Du, Jiaqi Song, Zhiren Wang, Xin Wang, Yongjun Yu, Yanan Wang, Lan Shang, Jianxin Zhang, Kebing Yang, Wei Li
Summary: This study investigated the efficacy and safety of electroconvulsive therapy (ECT) in improving suicidal ideation and depressive symptoms in adolescents with major depressive disorder. The findings showed that ECT treatment significantly improved suicidal ideation and depressive symptoms. Although there were transient impairments in some cognitive functions, they gradually recovered after ECT.
Article
Computer Science, Software Engineering
Haipeng Cai, Xiaoqin Fu
Summary: This paper presents the D(2)ABS framework for dynamic dependence analysis of distributed programs, offering a trade-off between efficiency and precision. By ordering events and utilizing message-passing semantics, the framework can compute method-level dependencies across different processes.
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING
(2022)
Proceedings Paper
Computer Science, Information Systems
Wen Li, Jiang Ming, Xiapu Luo, Haipeng Cai
Summary: Despite the limitations of existing program analysis techniques, POLYCRUISE enables holistic dynamic information flow analysis across multiple programming languages, thereby empowering security applications for multilingual software. The evaluation of POLYCRUISE demonstrates its practical scalability and promising capabilities in discovering cross-language security vulnerabilities.
PROCEEDINGS OF THE 31ST USENIX SECURITY SYMPOSIUM
(2022)
Article
Medicine, Research & Experimental
Sharmin Afrose, Wenjia Song, Charles B. Nemeroff, Chang Lu, Danfeng (Daphne) Yao
Summary: Many clinical datasets are imbalanced, leading to errors in machine learning models that prioritize majority groups. We propose a bias correction technique that trains customized models for underrepresented racial and age groups, reducing disparities and improving prediction accuracy.
COMMUNICATIONS MEDICINE
(2022)