Visible to the public Biblio

Filters: Author is Pistoia, Marco  [Clear All Filters]
2017-10-27
Baluda, Mauro, Pistoia, Marco, Castro, Paul, Tripp, Omer.  2016.  A Framework for Automatic Anomaly Detection in Mobile Applications. Proceedings of the International Conference on Mobile Software Engineering and Systems. :297–298.
It is standard practice in enterprises to analyze large amounts of logs to detect software failures and malicious behaviors. Mobile applications pose a major challenge to centralized monitoring as network and storage limitations prevent fine-grained logs to be stored and transferred for off-line analysis. In this paper we introduce EMMA, a framework for automatic anomaly detection that enables security analysis as well as in-the-field quality assurance for enterprise mobile applications, and incurs minimal overhead for data exchange with a back-end monitoring platform. EMMA instruments binary applications with a lightweight anomaly-detection layer that reveals failures and security threats directly on mobile devices, thus enabling corrective measures to be taken promptly even when the device is disconnected. In our empirical evaluation, EMMA detected failures in unmodified Android mobile applications.
2017-09-15
Tripp, Omer, Pistoia, Marco, Ferrara, Pietro, Rubin, Julia.  2016.  Pinpointing Mobile Malware Using Code Analysis. Proceedings of the International Conference on Mobile Software Engineering and Systems. :275–276.

Mobile malware has recently become an acute problem. Existing solutions either base static reasoning on syntactic properties, such as exception handlers or configuration fields, or compute data-flow reachability over the program, which leads to scalability challenges. We explore a new and complementary category of features, which strikes a middleground between the above two categories. This new category focuses on security-relevant operations (communcation, lifecycle, etc) –- and in particular, their multiplicity and happens-before order –- as a means to distinguish between malicious and benign applications. Computing these features requires semantic, yet lightweight, modeling of the program's behavior. We have created a malware detection system for Android, MassDroid, that collects traces of security-relevant operations from the call graph via a scalable form of data-flow analysis. These are reduced to happens-before and multiplicity features, then fed into a supervised learning engine to obtain a malicious/benign classification. MassDroid also embodies a novel reporting interface, containing pointers into the code that serve as evidence supporting the determination. We have applied MassDroid to 35,000 Android apps from the wild. The results are highly encouraging with an F-score of 95% in standard testing, and textgreater90% when applied to previously unseen malware signatures. MassDroid is also efficient, requiring about two minutes per app. MassDroid is publicly available as a cloud service for malware detection.