Navigation-aware and Personalized Prefetching of Network Requests in Android Apps [ICSE 2019 NIER track]

•

0 likes•445 views

Slides of my presentation at the NIER track of the 41th International Conference on Software Engineering (ICSE 2019). The paper is available here: http://www.ivanomalavolta.com/files/papers/ICSE_2019_NAPPA.pdf

Technology

Navigation-aware and Personalized
Prefetching of Network Requests in
Android Apps
Ivano Malavolta, Vrije Universiteit Amsterdam
Francesco Nocera, Polytechnic University of Bari
Patricia Lago, Vrije Universiteit Amsterdam
Marina Mongiello, Polytechnic University of Bari

Network prefetching
2
▣ Most apps interact with backend services
via HTTP-based RESTful interactions
▣ à ~800 ms of latency before showing the
actual data for each request
▣ PREFETCHING = loading data before it is
required to decrease the user-perceived
waiting time
Backend

NAPPA at development time
5
Original
app
Extract
activities
Inject navigation
probes
Inject extra
probes
ENG
instrumentation
Instantiate
network
interceptor

NAPPA at run-time
6
Prefetching-enabled app
Instrumented
code
Extras
monitor
Prefetcher
Backend
Network
interceptor
0.8
0.10.1
0.5
0.5
URL map
ENG
triggers
populates
fetches
fetches
analyses
Navigation
monitor
fetches
update

What’s next?
7
▣ Empirical evaluation
▣ Different prefetching algorithms
□ Greedy algorithm à ENG as a Markov chain?
▣ Detecting dynamic URL fragments beyond intent extras
□ URL fragments emerging from user input, local DBs, shared preferences,
etc.
□ Dynamic taint analysis?
▣ Extend the current prototype
□ https://github.com/S2-group/NAPPA
DATASET OF REAL
USAGE SCENARIOS
NEEDED!

 What is SPYWARE?  Spyware is a type of malware that's hard to detect.  It collects information about your surfing habits, browsing history, or personal information (such as credit card numbers), and often uses the internet to pass this information along to third parties without you knowing. o Key loggers are a type of spyware that monitors your key strokes.  Spyware is mostly classified into four types:  1.System monitors  2.Trojans  3.Adware  4.Tracking Cookies spyware is mostly used for the purposes of tracking and storing internet users' movements on the web and serving up pop-up ads to internet users.  History and development of spyware.  The first recorded on October 16, 1995 in a UseNet post that poked fun at microsoft's business model.  Spyware at first denoted software meant for espionage purposes.  However, in early 2000 the founder of zone labs, gregor freund, used the term in a press release for the zone alarm personal firewall.  Use of exploits in JavaScript, internet explorer and windows to install.  Effect and behavior.  Unwanted behavior and degradation of system performance.  Unwanted CPU activity, disk usage, and network traffic.  Stability issues:-  Application's freezing.  Failure to boot.  System-wide crashes.  Difficulty connecting to the internet.  Disable software firewalls and anti-virus software.  Routes of infection.  Installed when you open an email attachment.  Spyware installs itself  Install by using deceptive tactics  Common tactics are using a Trojan horse.  USB Keylogger.  browser forces the download and installation of spyware.  Security Practices. • Installing anti-spyware programs. • Network firewalls and web proxies to block access to web sites known to install spyware • Individual users can also install firewalls. • Install a large hosts file. • It Install shareware programs offered for download. • Downloading programs only from reputable sources can provide some protection from this source of attack  Anti-spyware Programs • Products dedicated to remove or block spyware. • Programs such as pc tool’s spyware doctor, lava soft's ad-aware se and patrick kolla's spybot - search & destroy.  Legal Issues.  Criminal law  US FTC actions  Netherlands OPTA  Civil law  Libel suits by spyware developers  Webcam Gate Thank You! Stay Connected Stay connected with me at Facebook :- https://www.facebook.com/mangesh.wadibhasme Follow at Instagram: - @mangesh_hkr

Mobile Penetration Testing: Episode 1 - The Forensic Menace

NowSecure

Webinar On Ethical Hacking & Cybersecurity - Day2

Mohammed Adam

Basics of getting Into Bug Bounty Hunting

Muhammad Khizer Javed

Preparing for the Internet Zombie Apocalypse

Pantheon

This presentation talks about OWASP Mobile Risk M2 i.e. Insecure Data Storage. The agenda of the presentation is to understand the Data Storage and effect of insecure data storage. Then it also had demo's of known insecure data storage flaws. Methods to identify this flaw and various precautions that a developer should take to prevent this flaw. The presentation was done as part of null/OWASP/G4H Monthly Meet

Spyware by Sahibe Alam

sahibe alam

Content Management System Security

Samvel Gevorgyan

Content Management System Security. How to secure your CMS? Common rules: + Choose your CMS with both functionality and security in mind + Update with urgency + Use a strong password (admin dashboard access, database users, etc.) + Have a firewall in place (detect or prevent suspicious requests) + Keep track of the changes to your site and their source code + Give the user permissions (and their levels of access) a lot of thought + Limit the type of files to non-executables and monitor them closely + Backup your CMS (daily backups of your files and databases) + Uninstall plugins you do not use or trust.

Viruses Spyware and Spam, Oh My!Joel May

Web tools ppt

Tamara Pia Agavi

Spywareguest6fde72

Web Application Penetration Testing Introductiongbud7

Teaching Your Staff About Phishing

Legal Services National Technology Assistance Project (LSNTAP)

Owasp advanced mobile-application-code-review-techniques-v0.2drewz lin

Web security: concepts and tools used by attackers

tomasperezv

Owasp top 10 vulnerabilities

OWASP Delhi

technical-information-gathering-slides.pdf

MarceloCunha571649

The evolving threat in the face of increased connectivity

APNIC

What's hot

SpywareKardan university, kabul , Afghanistan

The Quiet Rise of Account Takeover

IMMUNIO

spyware

maaza mohammed

A5: Security Misconfiguration

Tariq Islam

Vulnerabilidades en sitios web (english)Miguel de la Cruz

Web Site vulnerability Sales and Consultingguest4cee27ac

DEFINING A SPYWARE

unnecessary34

Web application Security tools

Nico Penaredondo

Spyware and key loggers

Ganeshdev Chavhan

Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014

Anant Shrivastava

Spyware by Sahibe Alam

sahibe alam

Content Management System Security

Samvel Gevorgyan

Viruses Spyware and Spam, Oh My!Joel May

Web tools ppt

Tamara Pia Agavi

Spywareguest6fde72

Web Application Penetration Testing Introductiongbud7

Teaching Your Staff About Phishing

Legal Services National Technology Assistance Project (LSNTAP)

Owasp advanced mobile-application-code-review-techniques-v0.2drewz lin

Web security: concepts and tools used by attackers

tomasperezv

Owasp top 10 vulnerabilities

OWASP Delhi

What's hot (20)

Spyware

The Quiet Rise of Account Takeover

spyware

A5: Security Misconfiguration

Vulnerabilidades en sitios web (english)

Web Site vulnerability Sales and Consulting

DEFINING A SPYWARE

Web application Security tools

Spyware and key loggers

Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014

Spyware by Sahibe Alam

Content Management System Security

Viruses Spyware and Spam, Oh My!

Web tools ppt

Spyware

Web Application Penetration Testing Introduction

Teaching Your Staff About Phishing

Owasp advanced mobile-application-code-review-techniques-v0.2

Web security: concepts and tools used by attackers

Owasp top 10 vulnerabilities

Similar to Navigation-aware and Personalized Prefetching of Network Requests in Android Apps [ICSE 2019 NIER track]

technical-information-gathering-slides.pdf

MarceloCunha571649

The evolving threat in the face of increased connectivity

APNIC

Demystify Information Security & Threats for Data-Driven Platforms With Cheta...

Chetan Khatri

Computer security

Mohamed Abdo

Secret Performance Metric - Armada JS.pdf

Anna Migas

During this talk, she will give an insight on her work with the app that is dedicated towards the users who are working with it in not-so-ideal conditions with an unreliable connection and how to guide them through this experience. We will chat about the cases when web performance metrics as we know it will not be applicable and what can we do to ensure the user will be able to successfully navigate the app using the well designed information and some performance tricks. She will also share details about the background of users in Africa and how their perception might differ from the users we typically develop for—since these are the fastest growing markets, it is possible that the audience will stumble upon these issues sooner than later.

The secret web performance metric no one is talking about

Anna Migas

As presented as JSConf Korea. https://2022.jsconf.kr/en/speakers/anna-migas Web performance and its impact on the user experience has been a huge topic over past few years. After working for over a year on a project directed towards emerging markets (namely Nigeria and Kenya), I came to realise that the popular web performance metrics are all centred around a specific type of person: someone who is used to the fast and reliable connection. In my talk I want to share my experience on how to look at the overall web performance with the new metric in mind - user’s patience. During my talk, I want to give an insight on my work with the app that is dedicated towards the users who are working with it in not-so-ideal conditions with an unreliable connection and how to guide them through this experience. I want to chat about the cases when web performance metrics as we know it will not be applicable and what can we do to ensure the user will be able to successfully navigate the app using the well designed information and some performance tricks. I will also share details about the background of users in Africa and how their perception might differ from the users we typically develop for—since these are the fastest growing markets, maybe soon this knowledge come useful to you too

Wenger Replacing IP Filtering: Challenges for Academic Libraries

National Information Standards Organization (NISO)

OSINT Social Media Techniques - Macau social mediat lc

Cyber Threat Intelligence Network

Secret Web Performance Metric - DevDayBe

Anna Migas

After working for over a year on a project directed towards emerging markets (namely Nigeria and Kenya), I came to realise that the popular web performance metrics are all centred around a specific type of person: someone who is used to the fast and reliable connection. In my talk I want to share my experience on how to look at the overall web performance with the new metric in mind - user’s patience. I have a set of tips and tricks how to prepare for the scenario where the loading time is going to be an issue.

bh-usa-07-grossman-WP.pdf

cyberhacker7

APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol

apidays

APIsecure 2023 - The world's first and only API security conference March 14 & 15, 2023 Android Applications and API Hacking Gabrielle Botbol, Ethical Hacker |Award-winning Pentester | Artemis Red Team | Board Member | Speaker | Mentor ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...

IRJET Journal

PersoApp - Secure and User-Friendly Internet Applications

Sven Wohlgemuth

Secret performance metric - Modern Frontends

Anna Migas

Hacking Client Side Insecuritiesamiable_indian

Web performance optimisations for the harsh conditions - Anna Migas

Wey Wey Web

Web performance optimisations for the harsh conditions.pdf

Anna Migas

Small web performance tweaks and optimisations might not make a difference for some of the users: there can be physical barriers that will make it impossible to achieve the fast page load and the smooth browsing. After working for over a year on a project directed towards emerging markets (namely Nigeria and Kenya), I came to realise that the popular web performance metrics are all centred around a specific type of person: someone who is used to the fast and reliable connection. But when the conditions are not ideal on daily basis, what are our choices? In my talk we will chat about the improvements that will have real impact on the user experience for users browsing the web in the harsh conditions. I will also share details about the background of users in Africa and how their perception might differ from the users we typically develop for.

End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)

BAKOTECH

Palo Alto Networks - инновационная платформа сетевой безопасности ядром которой является next generation firewall, на базе уникальной, разработанной PA Networks технологии App-ID, обеспечивает безопасность сети на уровне приложений, пользователей и контента с использованием как физической так и виртуальной архитектуры. Решения сетевой защиты PAN соответствуют самым высоким требованиям к сетевой безопасности, как по производительности так и по функциональности, и являются безусловными лидерами отрасли, что подтверждено отчетами Gartner, количеством пользователей и растущим объемом продаж компании.

End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...

BAKOTECH

OSINT Basics for Threat Hunters and Practitioners

Megan DeBlois

This presentation was created for the SWIFT Tech Symposium at Calpoly Pomona. Learn the basics of OSINT, but for hunting Internet infrastructure. -OSINT Basics: Let’ s talk about what it is, why it’s important, how it’s used in the world of Internet infrastructure. -Understanding Different Use Cases: We’ll take a quick look at examples of how this is valuable for threat hunters, security practitioners, as well as researchers. -Practice, practice, practice: I’ll end this talk by sharing out some good resources and ideas for how you can sharpen your OSINT skills for security research or for better organization defense.

Similar to Navigation-aware and Personalized Prefetching of Network Requests in Android Apps [ICSE 2019 NIER track] (20)

technical-information-gathering-slides.pdf

The evolving threat in the face of increased connectivity

Demystify Information Security & Threats for Data-Driven Platforms With Cheta...

Computer security

Secret Performance Metric - Armada JS.pdf

The secret web performance metric no one is talking about

Wenger Replacing IP Filtering: Challenges for Academic Libraries

OSINT Social Media Techniques - Macau social mediat lc

Secret Web Performance Metric - DevDayBe

bh-usa-07-grossman-WP.pdf

APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol

IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...

PersoApp - Secure and User-Friendly Internet Applications

Secret performance metric - Modern Frontends

Hacking Client Side Insecurities

Web performance optimisations for the harsh conditions - Anna Migas

Web performance optimisations for the harsh conditions.pdf

End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)

End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...

OSINT Basics for Threat Hunters and Practitioners

More from Ivano Malavolta

Conducting Experiments on the Software Architecture of Robotic Systems (QRARS...

Navigation-aware and Personalized Prefetching of Network Requests in Android Apps [ICSE 2019 NIER track]

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Navigation-aware and Personalized Prefetching of Network Requests in Android Apps [ICSE 2019 NIER track]

Similar to Navigation-aware and Personalized Prefetching of Network Requests in Android Apps [ICSE 2019 NIER track] (20)

More from Ivano Malavolta

More from Ivano Malavolta (20)

Recently uploaded

Recently uploaded (20)

Navigation-aware and Personalized Prefetching of Network Requests in Android Apps [ICSE 2019 NIER track]