We propose PICARD (ProbabIlistic Contract on Android), a framework to generate probabilistic contracts to detect repackaged applications for Android smart phones. A contract describes the sequences of actions that an application is allowed to perform at run-time, i.e. its legal behavior. In PICARD, contracts are generated from the set of traces that represent the usage profile of the application. Both the contract and the application's run-time behavior are represented through clustered probabilistic automata. At run-time, the PICARD monitoring system verifies the compliance of the application trace with the contract. This approach is useful in detecting repackaged applications, whose behavior is strongly similar to the original application but it differs only from small paths in the traces. In this paper, we discuss the framework of PICARD for describing and generating contracts through probabilistic automata and introduce the notion of Action Node, a cluster of related system calls, used to represent high level operations. Then, we present a first set of preliminary experiments on repackaged applications, to evaluate the viability of the proposed approach.

Probabilistic Contract Compliance for Mobile Applications

Fabio Martinelli;Andrea Saracino;Daniele Sgandurra
2013

Abstract

We propose PICARD (ProbabIlistic Contract on Android), a framework to generate probabilistic contracts to detect repackaged applications for Android smart phones. A contract describes the sequences of actions that an application is allowed to perform at run-time, i.e. its legal behavior. In PICARD, contracts are generated from the set of traces that represent the usage profile of the application. Both the contract and the application's run-time behavior are represented through clustered probabilistic automata. At run-time, the PICARD monitoring system verifies the compliance of the application trace with the contract. This approach is useful in detecting repackaged applications, whose behavior is strongly similar to the original application but it differs only from small paths in the traces. In this paper, we discuss the framework of PICARD for describing and generating contracts through probabilistic automata and introduce the notion of Action Node, a cluster of related system calls, used to represent high level operations. Then, we present a first set of preliminary experiments on repackaged applications, to evaluate the viability of the proposed approach.
2013
Istituto di informatica e telematica - IIT
Android
Malware
Probabilistic contract
Repackaging
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/247529
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact