This month CSI Ph.D. students Xiaorui Pan and Xueqiang Wang attended the Network and Distributed System Security Symposium 2017 in San Diego, California. There, among leaders in university research, Chief Technology and Privacy Officers, Security Analysts and Administrators, Xiaorui presented their research, “Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps”.
The NDSS symposium is a national gathering that aims to improve security through information exchange between experts in the security field. Our students’ research was presented by Xiaorui Pan and addresses hidden operations within Android applications that are sensitive and present a security threat.
Hidden sensitive operations (HSO) such as stealing privacy user data upon receiving an SMS message are increasingly utilized by mobile malware and other potentially-harmful apps (PHAs) to evade detection. Identification of such behaviors is hard, due to the challenge in triggering them during an app s runtime. Current static approaches rely on the trigger conditions or hidden behaviors known beforehand and therefore cannot capture previously unknown HSO activities. Also these techniques tend to be computationally intensive and therefore less suitable for analyzing a large number of apps. As a result, our understanding of real-world HSO today is still limited, not to mention effective means to mitigate this threat.
Detection methods for HSO triggers constituted the bulk of the presentation. These methods required the strong knowledge of the landscape of the Android that our researchers brought to bear. Towards detection the team applied a combination of machine learning and lightweight program analysis. First steps were shown towards generic evasion detection techniques as was the prevalence of HSO's and the need for further work in countermeasures.
Xiaorui Pan is a Ph.D student at the School of Informatics and Computing, Indiana University Bloomington. His current research interests are applying analysis technologies (data and programming analysis) into malware detection and vulnerability discovery. Xueqiang Wang, also a Ph.D student working in mobile security.