Vulnerability Detection on Mobile Applications Using State Machine Inference
Title | Vulnerability Detection on Mobile Applications Using State Machine Inference |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Lee, W. van der, Verwer, S. |
Conference Name | 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS PW) |
ISBN Number | 978-1-5386-5445-3 |
Keywords | Android (operating system), Androids, compositionality, finite state machines, Human Behavior, Humanoid robots, Inference algorithms, learning (artificial intelligence), machine learning, Metrics, mobile Android applications, Mobile Application, mobile application security, mobile applications, mobile computing, model inference, program testing, pubcrawl, Resiliency, security, security of data, security violations, state machine inference, state machine learning, Testing, testing methodology, vulnerability detection |
Abstract | Although the importance of mobile applications grows every day, recent vulnerability reports argue the application's deficiency to meet modern security standards. Testing strategies alleviate the problem by identifying security violations in software implementations. This paper proposes a novel testing methodology that applies state machine learning of mobile Android applications in combination with algorithms that discover attack paths in the learned state machine. The presence of an attack path evidences the existence of a vulnerability in the mobile application. We apply our methods to real-life apps and show that the novel methodology is capable of identifying vulnerabilities. |
URL | https://ieeexplore.ieee.org/document/8406555 |
DOI | 10.1109/EuroSPW.2018.00008 |
Citation Key | lee_vulnerability_2018 |
- Mobile Applications
- vulnerability detection
- testing methodology
- testing
- state machine learning
- state machine inference
- security violations
- security of data
- security
- Resiliency
- pubcrawl
- program testing
- model inference
- mobile computing
- Android (operating system)
- mobile application security
- Mobile Application
- mobile Android applications
- Metrics
- machine learning
- learning (artificial intelligence)
- Inference algorithms
- Humanoid robots
- Human behavior
- finite state machines
- Compositionality
- Androids