Since their inception a decade ago, smartphones have become the pillars of our digital life, storing security-sensitive information ranging from medical and banking data to our entire electronic communication history. Due to our increasing reliance on mobile applications in daily life, there has been a steady increase in both the number and sophistication of mobile malware samples. This project's impacts are to make it easier for users and organizations to identify malicious applications and thereby prevent people from around the globe from becoming victims of mobile malware. The project's novelties are to develop advanced program analysis and natural language processing techniques to identify salient characteristics of different malware families and use them to detect previously unknown malware instances.
This project's technical effort is focused on several fronts. The first is matching of "anti-protocols", which are sequences of abstract events characterizing malicious behavior. The investigators will explore approaches for identifying anti-protocols and matching them both exactly and approximately against apps. Second, since malware instances typically disguise themselves through behavioral obfuscation, the project will investigate new techniques for reasoning precisely and accurately about obfuscated mobile applications. Finally, detecting malware may require identifying inconsistencies with behavior that might be specified in natural language. The investigators develop techniques for characterizing the alignment between a program's stated operation and its formally-analyzed fingerprint in order to spot unexpected, possibly malicious behavior.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
SaTC: CORE: Medium: Collaborative: Effective Formal Reasoning for Mobile Malware