Data-Driven Android Malware Detection And Android App Vulnerability Discovery

The widespread use of massive mobile app is the typical phenomenon of the big data era.With the rapid development of mobile devices,mobile apps now have become the most popular way of accessing the Internet as well as performing daily tasks(e.g.,shopping,paying,chatting,and reading).Over 85% mobile devices are using Android system.Recently,more attackers moves from PC to mobile platforms.The most concerned research directions in the field of mobile app security are as follows:(1)Android malware.Attackers use malicious code to attack Android apps and achieve illegal purposes,such as stealing personal data of users and pushing advertisements.(2)Android app vulnerability.Among them,Android users are most concerned about vulnerabilities related to personal sensitive data leakage.Meanwhile,Android app vulnerabilities will also promote the development of related Android malware.Therefore,these two problems seriously affect the security of Android app ecosystem.In view of the above two aspects which significantly affect the security of Android app ecosystem,the main goal of this paper is to effectively reduce the security risk of Android app ecosystem through Android malware detection and Android app vulnerability discovery.It is not surprising that there are many types of methods for detecting Android malware.Compared with the methods based on signature matching,malicious behavior definition and data flow analysis,machine learning-based approaches achieve better results in the field of Android malware detection,and have the ability to identify variants of malware.However,there are some problems in machine learning-based approaches:(1)The current malware dataset is small,outdated,and imbalance.(2)The feature set only contains permissions and API calls,lacking of semantics.(3)The process consumes too much time and resources.(4)The process of Android malware detection is based on an ideal environment.These approaches do not consider the attack scenario in the adversarial environment.In addition,there also exist some problems in Android app vulnerability discovery.(1)Lack of a baseline of app vulnerabilities;(2)Lack of an automated sensitive data identification technique,which leads to a large number of false positives;(3)Lack of app vulnerability validation from industrial feedback.Based on the observation,we focus on Android malware detection and app vulnerability discovery,and make a depth analysis as follows.· We first propose the feature selection approach based on statistical analysis and information gain to select more semantic features.The dataset used in this paper comes from Pangu,an enterprise partner.Based on the dataset and the selected features,we propose a streaminglized machine learningbased system for detecting Android malware,which is one of benchmarks in Android malware detection.· We first propose a similarity-based system for adversarial Android malware detection,Kuafu Det.We also make our Android malware dataset publicly available.Until now,it has been attracting more than 60 researchers from academic institutes around the world.· For the first time,we propose an automated sensitive data identification technique to determine whether the data belongs to user sensitive data.Based on the result of data identification,we further combine it with data-flow analysis technique.We implemented a system,AUSERA,which helps to discover app vulnerabilities.We detected 2,157 app vulnerabilities in 693 mobile banking apps and reported them to the corresponding 60 companies.21 banking companies have been confirmed our reported vulnerabilities,52 of which have been patched.We set up several in-person or online meetings with the banking entities from UK,India,China,Singapore,and Hong Kong,e.g.,HSBC,OCBC,DBS,and BHIM,to understand the policies they follow.The experiment based on the research proves that the security risk of Android app ecosystem can be effectively and efficiently reduced through the investigation of Android malware and the discovery of Android app code vulnerabilities,thus improving the overall security of Android app ecosystem.