neural augmented static analysis of android communication
play

Neural-Augmented Static Analysis of Android Communication Jinman - PowerPoint PPT Presentation

Dec 15, 2023 •452 likes •850 views

Neural-Augmented Static Analysis of Android Communication Jinman Zhao , Aws Albarghouthi, Vaibhav Rastogi, Somesh Jha, Damien Octeau University of Wisconsin-Madison, Google Use machine learning Key Idea to refine results from static

  1. Neural-Augmented Static Analysis of Android Communication Jinman Zhao , Aws Albarghouthi, Vaibhav Rastogi, Somesh Jha, Damien Octeau University of Wisconsin-Madison, Google

  2. Use machine learning Key Idea to refine results from static analysis.

  3. Static Analysis: False Positives Program & Property Static Analyzer Must True Unsure... Must False False Positives Ranking problem

  4. Machine Learning to Augment Program & Property Static Analyzer Must True Likelihood ∈ [0, 1] Unsure... Must False Train Model Predict

  5. Link Inference for Android Communication Inter-Component Communication Links Program & Property Static Analyzer Must True May Must False Must True Likelihood ∈ [0, 1] Must False Links Links Links Train Model Predict

  6. Task Link Inference in Android Communication

  7. Android ICC: A User’s Experience (xxx) xxx-xxxx Restaurant Malicious APP 1234 Alice St. Orlando, FL Send a message I’d like to make a reservation ... Inter-Component Intent Component Communication w/ Filter

  8. Android ICC: An Example Code View (part of) the resolution logic Intent ICC link? Yes! Filter

  9. (Bigger part of) the resolution logic (Octeau et al., POPL’16)

  10. Previous Work: PRIMO PRIMO (Octeau et al., POPL’16) uses a hand-crafted ● probabilistic model that assigns probabilities to ICC links inferred by static analysis. Laborious, error-prone and requiring expert domain knowledge. ○ Difficulty catching up with constantly evolving Android system. ○

  11. Questions

  12. #1 How can we triage may links with minimal expert domain knowledge? Neural networks.

  13. #2 How can we process inputs of complex data types in a systematic way? Type-directed encoder.

  14. #3 How do our models perform? Very good!

  15. #4 Are the models learning the right things? Seems like so.

  16. We are not trying to… We are trying to… Propose new NN Propose systematic way ● ● module to construct NN Eliminate use of domain Provide decent ● ● knowledge performance without Rule out manual effort expert knowledge ● Use less labour with ● more automation

  17. How can we triage may Approach links with minimal expert domain knowledge? Part 1

  18. Link-Inference Neural Network LINN: An end-to-end encoder-and-classifier architecture. Must Train Model True Links [0,1] May Classifier Links Predict Encoder Encoder Must True Intent Filter Links

  19. How can we process inputs Approach of complex data types in a systematic way? Part 2

  20. Model [0,1] Classifier Encoder Encoder Intent Filter

  21. Type-Directed Encoder TDE: mapping type signature to neural network architecture. Rules Instan TDE Input Type TDE tiation Template Type signature Neural network Neural network template

  22. An example: Encoding Product Types Instance t := (a, b) t-en : R l Type T := tuple(A, B) encT comb R n ⨉ R m ➝ R l a-en : R n b-en : R m encA encB encA encB a : A b : A t : T

  23. Rules for type-directed encoding

  24. Android ICC: Our Abstraction intent Type signatures tuple Intent intent := tuple(act, cats) act cats Action act := optional(string) Categories cats := set(string) optional set Filter filter := tuple(acts, cats) string string Actions acts := set(string) list Categories cats := set(string) list char char

  25. Type-Directed Encoder intent-en intent comb act-en cats-en tuple act cats union aggr Rules optional set str-en str-en string string flat flat list char-en list char-en char char enum enum char char Type signature Neural network template

  26. Type-Directed Encoder: Instantiation intent-en comb TreeLSTM act-en cats-en union aggr switch TreeLSTM Instantiation str-en str-en flat flat CNN CNN char-en char-en enum enum lookup lookup char char Neural network Neural network template ( typed-tree )

  27. Type-Directed Encoder: Instantiation intent-en comb concat act-en cats-en union aggr switch max Instantiation str-en str-en flat flat RNN RNN char-en char-en enum enum lookup lookup char char Neural network Neural network template ( str-rnn )

  28. A systematic way to build and explore structured NN.

  29. Are our models correctly Experiments predicting links?

  30. Setup ● Dataset of 10,500 Android APPs from Google Play. ● IC3 (Octeau et al., ICSE’15) for static analysis. ● PRIMO’s abstract matching for may/must partition. ● Simulated ground truth for may links. ● 4 instantiations of the TDE architecture. # pairs # positive # negative training set 105,108 63,168 41,940 testing set 43,680 29,260 14,420

  31. All instantiated models perform as good as PRIMO.

  32. Correlation Our best model ( typed-tree ) fills the correlation gap by 72% compared to PRIMO despite the harder setting.

  33. More Results for Our Best Model ROC (left) and the distribution of predicted likelihood (right) from typed-tree model. Distribution Correlation

  34. How do we know the model Interpretability is learning the right thing?

  35. Sensitivity to Masking Picking distinctive values Ignoring less useful parts

  36. default Learned Encodings (.*) Semantically closer values receive more similar encodings. None Visualized by t-SNE.

  37. ● Neural-augmented static analysis ● Type-directed encoder Conclusion ● Increased accuracy with less domain knowledge ● Interpretability study

  38. ● Apply to other analysis tasks Future Works ● Push machine learning into static analysis procedure

  39. Thanks for listening! Q & A

Recommend

Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

I NTELLI D ROID A Targeted Input Generator for the Dynamic Analysis of Android Malware Michelle Y. Wong and David Lie University of Toronto Department of Electrical and Computer Engineering NDSS Symposium 2016 ! ! ! B ACKGROUND Static vs.

1.02k views • 32 slides
Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al

Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al

Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al [FSE 14] Presented by Maaz Ahmad The Malware Problem (Feb, 2015) Motive Security Labs estimates 16 million infected mobile devices. [1]

828 views • 30 slides
Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And

Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And

Android Framework Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android Alexandre Bartel University of Luxembourg September 8, 2014 Supervisor: Yves Le Traon Advisors:

992 views • 77 slides
Kotlin Static Analysis with Android Lint Tor Norbye @tornorbye Outline Lint Philosophy

Kotlin Static Analysis with Android Lint Tor Norbye @tornorbye Outline Lint Philosophy

Kotlin Static Analysis with Android Lint Tor Norbye @tornorbye Outline Lint Philosophy Lint Features How to write a lint check Basics Testing Kotlin Lint Infrastructure Features Gotchas Futures Android Lint

1.79k views • 137 slides
Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android

Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android

Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android Applications Daniele Gallingani, Rigel Gjomemo , V.N. Venkatakrishnan, Stefano Zanero Android Message Passing Mechanism Android apps are composed of

566 views • 23 slides
Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting insights at compile time Full branch coverage Terminates Doesnt rely on a test suite Types are static analysis. Lets talk about

784 views • 39 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
Static Analysis for Secure Development Introduction Static analysis : What , and why ?

Static Analysis for Secure Development Introduction Static analysis : What , and why ?

Static Analysis for Secure Development Introduction Static analysis : What , and why ? Basic analysis ! Example : Flow analysis ! Increasing precision ! Context -, flow -, and path sensitivity Scaling it up !

527 views • 27 slides
The Potential of Memory Augmented Neural Networks Dalton Caron Montana Technological University

The Potential of Memory Augmented Neural Networks Dalton Caron Montana Technological University

The Potential of Memory Augmented Neural Networks Dalton Caron Montana Technological University November 15, 2019 Overview Review of Perceptron and Feed Forward Networks Recurrent Neural Networks Neural Turing Machines

1.27k views • 57 slides
1 Analysis Information Where Do Facts Hold? How much information depends on the client

1 Analysis Information Where Do Facts Hold? How much information depends on the client

711? CS711 Advanced Programming Languages Topics in Program Analysis Radu Rugina Fall 2005 CS711 Overview 2 Program Analysis Static vs. Dynamic Static analysis: inspect programs at compile-time Static analysis: Work done at

282 views • 4 slides
A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical

A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical

A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical problem and how to ignore it An example static analysis What is static analysis used for? Commercial successes Free static analysis tools you should

490 views • 37 slides
Static Analysis Static Analysis they are read? Will the current value of a variable ever be

Static Analysis Static Analysis they are read? Will the current value of a variable ever be

Interesting Questions Interesting Questions Is every statement reachable? Does every non- void method return a value? Compilation 2007 Compilation 2007 Will local variables definitely be assigned before Static Analysis Static

169 views • 13 slides
Locus Innovative Augmented Reality Communication Overview Locus is an augmented reality app

Locus Innovative Augmented Reality Communication Overview Locus is an augmented reality app

Locus Innovative Augmented Reality Communication Overview Locus is an augmented reality app that allows its users to write text in real world locations It superimposes your stylized text messages onto the real world in which: Anybody

649 views • 6 slides
Portfolio of Work (9 pages) T H E N E X T R E V O L U T I O N I N R E T A I L AUGMENTED

Portfolio of Work (9 pages) T H E N E X T R E V O L U T I O N I N R E T A I L AUGMENTED

T H E N E X T R E V O L U T I O N I N R E T A I L AUGMENTED REALITY (AR) What is Augmented Reality Augmented Leads in Technology Visual Methodology Augmented Reality Forecast Multi-sided Marketing Model

280 views • 25 slides
Static and dynamic verification Software inspections Concerned with analysis of the static

Static and dynamic verification Software inspections Concerned with analysis of the static

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis Software

430 views • 12 slides
CuriousDroid: Automated User Interface Interaction for Android Application Analysis

CuriousDroid: Automated User Interface Interaction for Android Application Analysis

CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, Engin Kirda 02/23/2016 Android 2015 Q3 Market Share Android iOS

774 views • 26 slides
Static analysis and all that Martin Steffen IfI UiO Spring 2014 Static analysis and all that

Static analysis and all that Martin Steffen IfI UiO Spring 2014 Static analysis and all that

Static analysis and all that Martin Steffen IfI UiO Spring 2014 Static analysis and all that Martin Steffen IfI UiO Spring 2014 Plan approx. 15 lectures, details see web-page flexible time-schedule, depending on progress/interest

2.15k views • 194 slides
CS7038 - Malware Analysis - Wk04.1 Static Analysis Introduction Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk04.1 Static Analysis Introduction Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk04.1 Static Analysis Introduction Coleman Kane kaneca@mail.uc.edu February 1, 2017 Static Analysis Static Analysis is the process of documenting your observations about what identifying characteristics a

575 views • 8 slides
Static and dynamic verification Software inspections Concerned with analysis of the

Static and dynamic verification Software inspections Concerned with analysis of the

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis

310 views • 12 slides
Static analysis and all that Martin Steffen IfI UiO Spring 2014 uio Static analysis and all

Static analysis and all that Martin Steffen IfI UiO Spring 2014 uio Static analysis and all

Static analysis and all that Martin Steffen IfI UiO Spring 2014 uio Static analysis and all that Martin Steffen IfI UiO Spring 2014 uio Plan approx. 15 lectures, details see web-page flexible time-schedule, depending on

938 views • 69 slides
Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis of Programs with Dynamic Memory Mihaela Sighireanu IRIF, University Paris Diderot & CNRS VTSA 2015 1 / 99 Static Analysis Establish

2.15k views • 186 slides
Whats Coverity static analysis ever done for us? Philip Withnall Endless Mobile

Whats Coverity static analysis ever done for us? Philip Withnall Endless Mobile

Whats Coverity static analysis ever done for us? Philip Withnall Endless Mobile philip@tecnocode.co.uk July 30, 2017 MANCHESTER What is static analysis? Compile-time testing of all possible code paths. Whats Coverity static analysis

236 views • 12 slides
Outline t t Why static analysis? t t What is it? Underlying technology t Some

Outline t t Why static analysis? t t What is it? Underlying technology t Some

2005-05-04 Static Analysis methods and tools An industrial study t Pr Emanuelsson Ericsson AB and LiU Prof Ulf Nilsson LiU t itle Outline t t Why static analysis? t t What is it? Underlying technology t Some tools

438 views • 19 slides
Scalable and Precise Taint Analysis for Android Wei Huang 12 , Yao Dong 1 , Ana Milanova 1 ,

Scalable and Precise Taint Analysis for Android Wei Huang 12 , Yao Dong 1 , Ana Milanova 1 ,

Scalable and Precise Taint Analysis for Android Wei Huang 12 , Yao Dong 1 , Ana Milanova 1 , Julian Dolby 3 1 Rensselaer Polytechnic Institute 2 Google 3 IBM Research 1 Taint Analysis for Android Tracks flow of private data Controlled at

629 views • 35 slides

More recommend