deepintent deep icon behavior learning for detecting
play

DeepIntent : Deep Icon-Behavior Learning for Detecting - PowerPoint PPT Presentation

Apr 24, 2023 •354 likes •758 views

DeepIntent : Deep Icon-Behavior Learning for Detecting Intention-Behavior Discrepancy in Mobile Apps Shengqu Xi 1,* , Shao Yang 2 ,* , Xusheng Xiao 2 , Yuan Yao 1 , Yayuan Xiong 1 , Fengyuan Xu 1 , HaoyuWang 3 , Peng Gao 4 , Zhuotao Liu 5 , Feng Xu

  1. DeepIntent : Deep Icon-Behavior Learning for Detecting Intention-Behavior Discrepancy in Mobile Apps Shengqu Xi 1,* , Shao Yang 2 ,* , Xusheng Xiao 2 , Yuan Yao 1 , Yayuan Xiong 1 , Fengyuan Xu 1 , HaoyuWang 3 , Peng Gao 4 , Zhuotao Liu 5 , Feng Xu 1 , Jian Lu 1 1 Nanjing University 2 Case Western Reserve University 3 Beijing University of Posts and Telecommunications 4 University of California, Berkeley 5 University of Illinois at Urbana-Champaign ∗ The first two authors contributed equally to this research DeepIntent - CCS 2019

  2. Outline • Background and Motivation • DeepIntent Approach – Icon Widget Analysis – Deep Icon-Behavior Learning – Detecting Intention-Behavior Discrepancy • Experiments • Conclusions DeepIntent - CCS 2019 1

  3. Outline • Background and Motivation • DeepIntent Approach – Icon Widget Analysis – Deep Icon-Behavior Learning – Detecting Intention-Behavior Discrepancy • Experiments • Conclusions DeepIntent - CCS 2019 2

  4. Mobile Apps • Mobile apps are playing an increasingly important role – E.g., travel, education, business • Many apps access sensitive data to meet users’ needs – E.g., camera, location, microphone • However, malicious apps may also illegally collect sensitive data – E.g., exploiting users’ private resources for advertising DeepIntent - CCS 2019 3

  5. Detecting Undesired Behaviors of Apps • Industry: permission-based access control [statista. 2017] – Cons: Difficult to decide when to use the permission • Research: undesired behavior patterns [Huang et al. USENIX Security’15, Nan et al. USENIX Security’15] – Cons: Only capture a fixed set of undesired behaviors Our observation : the UI intentions perceived by users and the undesired behaviors of apps are usually incompatible DeepIntent - CCS 2019 4

  6. Intentions and Behaviors • App's intentions to use sensitive data are often expressed via UI widgets – Mainly through icons and texts • App’s behaviors are performed by program executions – Thousands of APIs, but mainly summarized using permissions DeepIntent - CCS 2019 5

  7. Detecting Intention-Behavior Discrepancy UI Widgets Intention ✔ CALL dial a number Behavior CALL ✔ CALL call permission NONE timing filter icons texts • What are the intentions expressed from icons and contextual texts? • What are the behaviors the Apps really perform? • Are the behaviors compatible with the intentions? 6 DeepIntent - CCS 2019

  8. Challenges • C1 : UI widgets’ intentions – Difficult for computers to understand – Lack of modeling joint semantics • C2 : Program behaviors – Difficult for precise analysis – E.g., handlers, multi-threading, ICC • C3 : Discrepancies – Difficult to correlate intentions and behaviors DeepIntent - CCS 2019 7

  9. Insights • I1 : Same type of sensitive behavior should have similar looks, e.g., to be evident to users – Deep learning to identify similar UI widgets • I2 : Permission uses can be extracted by analyzing the source code of apps – Static analysis to map permissions t0 widgets • I3 : Undesired behaviors usually contradict users expected specific looks – Outlier analysis to detect undesired behaviors DeepIntent - CCS 2019 8

  10. Outline • Background and Motivation • DeepIntent Approach – Icon Widget Analysis – Deep Icon-Behavior Learning – Detecting Intention-Behavior Discrepancy • Experiments • Conclusions DeepIntent - CCS 2019 9

  11. Overview of DeepIntent Icon Widget Analysis Icon-Behavior Icon-Permission Association Mappings Deep Icon- Behavior Training Learning APKs Contextual Contextual Texts Text Extraction for Icons Detecting Intention-Behavior Discrepancy Icon-Behavior Behavior Outlier APK Model Prediction Detection Predicted Abnormal Permission Permission Use Use DeepIntent - CCS 2019 10

  12. Overview of DeepIntent Icon Widget Analysis Icon-Behavior Icon-Permission Association Mappings Deep Icon- Behavior Training Learning APKs Contextual Contextual Texts Text Extraction for Icons Detecting Intention-Behavior Discrepancy Icon-Behavior Behavior Outlier APK • Phase 1: Icon Widget Analysis Model Prediction Detection – Program analysis to extract features (i.e., icons and texts) and labels (i.e., permission uses) of icon widgets Predicted Abnormal Permission Permission Use Use DeepIntent - CCS 2019 11

  13. Overview of DeepIntent Icon Widget Analysis Icon-Behavior Icon-Permission Association Mappings Deep Icon- Behavior Training Learning APKs Contextual Contextual Texts Text Extraction for Icons Detecting Intention-Behavior Discrepancy • Phase 2: Deep Icon-Behavior Learning Icon-Behavior Behavior Outlier APK – Training icon-behavior model based on both icons and Model Prediction Detection their contextual texts, and the corresponding behaviors, i.e., permission uses Predicted Abnormal Permission Permission Use Use DeepIntent - CCS 2019 12

  14. Overview of DeepIntent Icon Widget Analysis • Phase 3: Detecting Intention-Behavior Discrepancy Icon-Behavior Icon-Permission Association Mappings Deep Icon- – Predicts permission uses for icon widgets, and detects Behavior Training abnormal permission uses Learning APKs Contextual Contextual Texts Text Extraction for Icons Detecting Intention-Behavior Discrepancy Icon-Behavior Behavior Outlier APK Model Prediction Detection Predicted Abnormal Permission Permission Use Use DeepIntent - CCS 2019 13

  15. Phase 1: Icon-Behavior Analysis Icon-Widget Association Icon- API Permission Widget-API APK Permission Checking Association Checking Extended Call Graph Construction • Icon-Widget Association • Extended Call Graph Construction • API Permission Checking • Contextual Texts Extraction for Icons DeepIntent - CCS 2019 14

  16. Icon-Widget Association • Associate the UI widgets with icons, i.e., drawable objects – Layout file: XML parsing – Source code: data flow analysis UI Widget Icon UI layout • Adopt static analysis [Xiao et al. ICSE’19] to associate icons and UI widgets DeepIntent - CCS 2019 15

  17. Extended Call Graph Construction • Associate the UI widgets with behaviors, i.e., API calls – Build call graph and patch missing links UI Widget Links Implicit caller and callee pairs captured, except for ICC methods DeepIntent - CCS 2019 16

  18. API Permission Checking • Adopt PScout mapping [Kathy et al. CCS’12] • Output the association between each icon and a set of permissions • Allow one to many mapping – An icon can invoke one or more sensitive APIs – A sensitive API maps to multiple permissions CALL CAMERA MICROPHONE permission permission permission DeepIntent - CCS 2019 17

  19. Contextual Texts Extraction for Icons • Similar icons may reflect different intentions in different UI contexts • Contextual texts – Layout texts that contained in the XML layout files – Icon-embedded texts – Resource names split by variable naming conventions DeepIntent - CCS 2019 18

  20. Phase 2: Deep Icon-Behavior Learning Icon Feature Icon Extraction Feature Behavior Combination Prediction Text Feature Text Learning Extraction Permissions • Icon Feature Extraction • Text Feature Extraction • Feature Combination • Training Icon-Behavior Model DeepIntent - CCS 2019 19

  21. Icon Feature Extraction • CNNs, e.g., DenseNet [Huang et al. CVPR’17] , are successfully used in image recognition and model the icons • Adopt DenseNet with 4 𝑣 channels ( RGBA ) Convolution 𝑔 …… & – 4 dense blocks and 3 transition Input ×3 Icon – Resize icons to 128 * 128 Dense Transition Dense Block Layer Block – Output with 16 * 16 regions DenseNet 𝒈 𝒗 = 𝑬𝒇𝒐𝒕𝒇𝑶𝒇𝒖(𝒗) DeepIntent - CCS 2019 20

  22. Text Feature Extraction • RNNs [Yang et al. NAACL’16] have been successfully applied in various natural language tasks, e.g., textual classification • Bidirectional RNNs 𝑤 send – Embed each word into vector with Embedding sms 𝑔 100 dimension 3 normal – Adopt GRU neurons text – Max length is 20 Input Text Bidirectional RNN 𝒊 𝒋 = 𝑯𝑺𝑽(𝒘 𝒋 , 𝒊 𝒋@𝟐 ) 𝒈 𝒘 = [𝒊 𝟐 , 𝒊 𝟑 , … , 𝒊 𝑶 ] 𝒊 𝒋 = [𝒊 𝒋 , 𝒊 𝒋 ] 𝒊 𝒋 = 𝑯𝑺𝑽(𝒘 𝒋 , 𝒊 𝒋@𝟐 ) DeepIntent - CCS 2019 21

  23. Feature Combination • Intuition – Icon and its text could be semantically correlated – Simultaneously update the icon features and the text features can capture the correlations • Co-Attention [Lu et al. NeurIPS’16, 𝑔 … & 𝐷 B 𝑔 𝑔 & Zhang et al. AAAI’19] B – Compute correlation matrix 𝑔 3 𝑔 3 …… – Transfer the features for each other Icon Feature Co-Attention and Text Feature 𝑵 𝑰 𝒗 = 𝒖𝒃𝒐𝒊(𝑿 𝒗 𝒈 𝒗 + 𝑿 𝒘 𝒈 𝒘 𝑫) 𝒋 𝒈 𝒗 M 𝒈 = M 𝒈 𝒗 + M 𝑼 𝑿 𝒅 𝒈 𝒗 ) 𝒋 𝑫 = 𝒖𝒃𝒐𝒊(𝒈 𝒘 𝒈 𝒗 = N 𝒃 𝒗 𝒈 𝒘 𝒃 𝒗 = 𝒕𝒑𝒈𝒖𝒏𝒃𝒚(𝑿 𝒊 𝑰 𝒗 ) 𝒋O𝟏 DeepIntent - CCS 2019 22

Recommend

Detecting Similar ID Documents Using Deep Learning Burkay Gur QCon.ai, Apr 2018 Our mission is

Detecting Similar ID Documents Using Deep Learning Burkay Gur QCon.ai, Apr 2018 Our mission is

Detecting Similar ID Documents Using Deep Learning Burkay Gur QCon.ai, Apr 2018 Our mission is to create an open financial system for the world Risk & Data What do we do? - Limit Coinbases exposure to risk - Fight Identity

136 views • 13 slides
Mylobot, Detecting the Undetected Using Deep Learning Yael Daihes 02 WHO AM I Yael Daihes

Mylobot, Detecting the Undetected Using Deep Learning Yael Daihes 02 WHO AM I Yael Daihes

01 Mylobot, Detecting the Undetected Using Deep Learning Yael Daihes 02 WHO AM I Yael Daihes Security Data Science Team Lead @ Akamai Technologies My things - Botnets, Traffic, Data, Algorithms, Reading, Painting and a bit of Gaming (:

533 views • 42 slides
Towards Detecting Stealthy Attacks in Power Grid using Deep Learning Mohammad Ashrafuzzaman,

Towards Detecting Stealthy Attacks in Power Grid using Deep Learning Mohammad Ashrafuzzaman,

Towards Detecting Stealthy Attacks in Power Grid using Deep Learning Mohammad Ashrafuzzaman, Yacine Chakhchoukh and Frederick T. Sheldon Departments of Computer Science and Electrical & Computer Engineering, University of Idaho, Moscow

425 views • 20 slides
Challenges in Vessel Behavior and Anomaly Detection: From Classical Machine Learning to Deep

Challenges in Vessel Behavior and Anomaly Detection: From Classical Machine Learning to Deep

Challenges in Vessel Behavior and Anomaly Detection: From Classical Machine Learning to Deep Learning Lucas May Petry 1 , Amilcar Soares 2 , Vania Bogorny 1 , Bruno Brandoli 2 , Stan Matwin 2 1 Programa de Ps-Graduao em Cincias da

1.26k views • 16 slides
A Deep Learning-based approach to VM behavior identification in cloud systems Matteo Stefanini,

A Deep Learning-based approach to VM behavior identification in cloud systems Matteo Stefanini,

A Deep Learning-based approach to VM behavior identification in cloud systems Matteo Stefanini, Riccardo Lancellotti, Lorenzo Baraldi, Simone Calderara University of Modena and Reggio Emilia Department of engineering Enzo Ferrari CLOSER

180 views • 16 slides
Runtime Behavior via Deep Sequence Learning Stephen Zekany Daniel Rings Nathan Harada Michael

Runtime Behavior via Deep Sequence Learning Stephen Zekany Daniel Rings Nathan Harada Michael

CrystalBall: Statically Analyzing Runtime Behavior via Deep Sequence Learning Stephen Zekany Daniel Rings Nathan Harada Michael A. Laurenzano Lingjia Tang Jason Mars Introduction Why analyze runtime behavior? How to analyze it for

494 views • 17 slides
ICON 8B ICON 8B MRC Clinical Trials Unit at UCL ICON 8B ICON 8B Accrual began 06/06/2011

ICON 8B ICON 8B MRC Clinical Trials Unit at UCL ICON 8B ICON 8B Accrual began 06/06/2011

ICON 8B ICON 8B MRC Clinical Trials Unit at UCL ICON 8B ICON 8B Accrual began 06/06/2011 and ICON8 pathway closed to recruitment 28/11/2014 Final recruitment figure = 1566 UK= 1397, ANZGOG= 70, GICOM= 43, KGOG= 32, ICORG= 24 MRC

301 views • 6 slides
ICON 8B ICON 8B MRC Clinical Trials Unit at UCL ICON 8B ICON 8B Accrual began 06/06/2011

ICON 8B ICON 8B MRC Clinical Trials Unit at UCL ICON 8B ICON 8B Accrual began 06/06/2011

ICON 8B ICON 8B MRC Clinical Trials Unit at UCL ICON 8B ICON 8B Accrual began 06/06/2011 and ICON8 pathway closed to recruitment 28/11/2014 Final recruitment figure = 1566 UK= 1397, ANZGOG= 70, GICOM= 43, KGOG= 32, ICORG= 24 MRC

227 views • 5 slides
An Exponential LR Schedule for Deep Learning An Exponential LR Schedule for Deep Learning

An Exponential LR Schedule for Deep Learning An Exponential LR Schedule for Deep Learning

An Exponential LR Schedule for Deep Learning An Exponential LR Schedule for Deep Learning (Strange Behavior of Normalization Layers) (Strange Behavior of Normalization Layers) Zhiyuan Li Zhiyuan Li Sanjeev Arora Sanjeev Arora Princeton

161 views • 12 slides
Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks Matthew V.

Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks Matthew V.

Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks Matthew V. Mahoney Philip K. Chan Intrusion Detection Systems. Is data x hostile? Signature - models known hostile behavior: P( x |attack) Good: low

237 views • 22 slides
Hao Su July 6, 2017 Outline Overview of 3D deep learning 3D deep learning algorithms

Hao Su July 6, 2017 Outline Overview of 3D deep learning 3D deep learning algorithms

Deep 3D Representation Learning for Visual Computing Hao Su July 6, 2017 Outline Overview of 3D deep learning 3D deep learning algorithms Conclusion 2 Outline Overview of 3D deep learning Background 3D deep learning tasks 3D deep

1.66k views • 122 slides
ACCELERATE DEEP LEARNING WITH NVIDIA'S DEEP LEARNING PLATFORM | STEPHEN JONES | GTC16 DEEP

ACCELERATE DEEP LEARNING WITH NVIDIA'S DEEP LEARNING PLATFORM | STEPHEN JONES | GTC16 DEEP

ACCELERATE DEEP LEARNING WITH NVIDIA'S DEEP LEARNING PLATFORM | STEPHEN JONES | GTC16 DEEP LEARNING EVERYWHERE INTERNET & CLOUD MEDICINE & BIOLOGY MEDIA & ENTERTAINMENT SECURITY & DEFENSE AUTONOMOUS MACHINES Image

307 views • 26 slides
Detecting and Localizing Anomalous Behavior to Discover Failures in Component-Based Internet

Detecting and Localizing Anomalous Behavior to Discover Failures in Component-Based Internet

Detecting and Localizing Anomalous Behavior to Discover Failures in Component-Based Internet Services Emre Kcman and Armando Fox {emrek, fox}@cs.stanford.edu 16th December 2003 Abstract mittently unavailable to end-users. Our conversations

804 views • 14 slides
Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice

Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice

Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice Scaling up DL 2 What is Deep Learning? 3 DEEP LEARNING EVERYWHERE INTERNET & CLOUD MEDICINE & BIOLOGY SECURITY & DEFENSE MEDIA &

1.45k views • 39 slides
3. Behavioral Perspective of Learning Behavior: Big Questions Is learning just a change of

3. Behavioral Perspective of Learning Behavior: Big Questions Is learning just a change of

3. Behavioral Perspective of Learning Behavior: Big Questions Is learning just a change of behavior? Can learning happen without intent? Can new behavior be shaped by manipulating the environment? 3.1 Classical

848 views • 37 slides
Reproducibility and Replicability in Deep Reinforcement Learning (and Other Deep Learning

Reproducibility and Replicability in Deep Reinforcement Learning (and Other Deep Learning

Reproducibility and Replicability in Deep Reinforcement Learning (and Other Deep Learning Methods) Peter Henderson Statistical Society of Canada Annual Meeting 2018 Contributors Riashat Islam Phil Bachman Doina Precup David Meger Joelle

850 views • 37 slides
EE-559 Deep learning 8. Under the hood Fran cois Fleuret https://fleuret.org/dlc/

EE-559 Deep learning 8. Under the hood Fran cois Fleuret https://fleuret.org/dlc/

EE-559 Deep learning 8. Under the hood Fran cois Fleuret https://fleuret.org/dlc/ [version of: June 5, 2018] COLE POLYTECHNIQUE FDRALE DE LAUSANNE Understanding a networks behavior Fran cois Fleuret EE-559 Deep

2.38k views • 197 slides
Image Classification with DIGITS NVIDIA Deep Learning Institute 1 DEEP LEARNING INSTITUTE DLI

Image Classification with DIGITS NVIDIA Deep Learning Institute 1 DEEP LEARNING INSTITUTE DLI

Image Classification with DIGITS NVIDIA Deep Learning Institute 1 DEEP LEARNING INSTITUTE DLI Mission Helping people solve challenging problems using AI and deep learning. Developers, data scientists and engineers Self-driving cars,

1.44k views • 72 slides
IMEC.ICON INFORMATION SESSION JUNE 9, 2017 AGENDA imec imec.icon What is an imec.icon project?

IMEC.ICON INFORMATION SESSION JUNE 9, 2017 AGENDA imec imec.icon What is an imec.icon project?

THIS IS THE TITLE SLIDE IMEC.ICON INFORMATION SESSION JUNE 9, 2017 AGENDA imec imec.icon What is an imec.icon project? Expected outcome of an imec.icon Examples Application procedure VLAIO and Innoviris funding IPR and Contracts imec is

993 views • 95 slides
Deep Neural Networks and Deep Reinforcement Learning Deep Learning, Goodfellow, Bengio and

Deep Neural Networks and Deep Reinforcement Learning Deep Learning, Goodfellow, Bengio and

Deep Neural Networks and Deep Reinforcement Learning Deep Neural Networks and Deep Reinforcement Learning Deep Learning, Goodfellow, Bengio and Courville [chapt. 6,7,8]; AIMA [sect. 21.1-21.3]; Sutton and Barto, Reinforcement Learning: an

527 views • 35 slides
Natural Language Processing with Deep Learning CS224N The Future of Deep Learning + NLP Kevin

Natural Language Processing with Deep Learning CS224N The Future of Deep Learning + NLP Kevin

Natural Language Processing with Deep Learning CS224N The Future of Deep Learning + NLP Kevin Clark Deep Learning for NLP 5 years ago No Seq2Seq No Attention No large-scale QA/reading comprehension datasets No TensorFlow or

1.41k views • 92 slides
An Overview of Deep Residual Learning Semih Yagcioglu 01.03.2016 Deep Residual Learning

An Overview of Deep Residual Learning Semih Yagcioglu 01.03.2016 Deep Residual Learning

An Overview of Deep Residual Learning Semih Yagcioglu 01.03.2016 Deep Residual Learning Microsoft Research Asia (MSRA) Kaiming He, Xiangyu Zhang, Shaoqing Ren, & Jian Sun. Deep Residual Learning for Image Recognition. arXiv

1.32k views • 54 slides
Faster Agreement via a Spectral Method for Detecting Malicious Behavior Valerie King Jared

Faster Agreement via a Spectral Method for Detecting Malicious Behavior Valerie King Jared

Faster Agreement via a Spectral Method for Detecting Malicious Behavior Valerie King Jared Saia Abstract to be reliable. What happens if a hidden cabal generates bits that are not truly random? Can we detect and We address the problem

340 views • 16 slides
Deep Reinforcement Learning [Mastering the Game of Go with Deep Reinforcement Learning and Tree

Deep Reinforcement Learning [Mastering the Game of Go with Deep Reinforcement Learning and Tree

Deep Reinforcement Learning [Mastering the Game of Go with Deep Reinforcement Learning and Tree Search, Nature 2016] CS 486/686 University of Waterloo Lecture 21: July 12, 2017 Outline AlphaGo Supervised Learning of Policy Networks

540 views • 15 slides

More recommend