Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Web-based Security Analysis Tool for Android Applications

483 views

Published on

a web-based security analysis tool for android applications poster session at Advanced Cyber Security Center Annual Conference 2014, Boston, Nov 5th, 2014.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Web-based Security Analysis Tool for Android Applications

  1. 1. WebVbasedhSecurityhAnalysishToolh forhAndroidhApplications ComputerhSciencehDepartmentPhMetropolitanhCollege NebiyuhFelekePhTandhyhSimanjuntakPhWenjiehShiPhYutinghZhangPhLouhChitkushevhh naberraPhtandhyPhwjshiPhdanazhPhltc@bu.edu Architecture OnNgoingIWork OurITool EveryhfifthhAndroidVbasedhdevicehwithhKasperskyhsolutionshwash attackedhbyhmalwarehduringhreportedhperiod OtherIWebNbasedIAnalysisITools Motivation www.idc.com www.kaspersky.com www.kaspersky.com Anubis AIwebIportalIofIandroidIapplicationsIsecurity ApplicationISecurityIAnalysisIbasedIonICategory ImplicitIOpenIomponentsIinIFinanceIandIMedicalIApplications PercentageIofITotalIOverIPrivilegeIApplicationsIbasedIonICategory ProposedIWork AIframeworkItoIanalyzeItheIsecurityIofIandroidIapplicationsIthroughIstaticIanalysis ProposeIandIimplementIaInumberIofImetricsIcomplementaryItoIthoseIinImanyIexistingIwebNbasedIanalysisItools: IdentifyIOverIPrivilege IdentifyIReNDelegation IdentifyIDangerousIPermissionsICombinationI IdentifyIOpenIComponents IdentifyIHiddenIFileIandICodeILoading IdentifyIRootIExploitIandIMaliciousIDomain AnalysishToolhPage SearchhToolhPage ApplicationISecurityIEvolutionIAnalysis IdentifyIandIclassifyIapplicationsIwithIsimilar functionalityIbasedIonIapplicationsEIdescriptionsIusingI keywordIanalysis InvestigateItheIassociationIbetweenIkeywordsIand otherIsecurityImetricsIsuchIasIpermissions PerformIbothIindividualIandIcollectiveIanalysis ReNdelegation OpenIComponents OverNprivilege DangerousIPermissionsICombination HiddenIFiles MaliciousIDomains RootIExploit CodeILoading TypesIofIMetricsIChangedI DistributionhofhAddedhVulnerabilities DistributionhofhDeletedhVulnerabilities ProposedIWork IdentifyImoreIsecurityImetricsIthatIcanIbe usedIforIevolutionIanalysis,IincludingIthose usedIinIotherIexistingItools InvestigateItheIpossibleIsecurityIevolution patternsIofIapplications InvestigateItheIpossibleIsecurityIpatternsIofI applicationsIwithIsimilarIfunctionality NumberIofITypesIofIMetricsIChangedI PercentageIofIDatasetI MetricsIinclude: DetailsIofIThreeIMetricsI TypeIofIMetricsI PercentageIofIDatasetI NumberIofIAddedIVulnerabilitiesI PercentageIofIApplicableIDatasetI PercentageIofIApplicableIDatasetI NumberIofIDeletedIVulnerabilitiesI TotalIDownloadedIApplicationsIbasedIonICategory IPercentageIofIRootIExploitIApplicationsIbasedIonICategory TotalINumberI Category TotalIPercentageI Category TotalIPercentageI Category InvestigateIpossibleIupdateIattacks, particularlyIthroughIanomalyIdetection

×