Android Security Research

We conduct research to apply static analysis on Dalvik byte code of both Android applications and libraries, for the purpose of identifying potential malicious behaviors or program vulnerabilities. Our goal is two-fold: 1) the analysis needs to be generic and flexible to be customizable to address new security problems; 2) the analysis needs to capture inter-component communication and the associated control/data flows. Both goals are important to yield practical Android app vetting tools that can be used by app market operators or companies to prevent potentially dangerous apps from getting onto users' devices.

Faculty: Collaborator:
  • Marc Eisenbarth (Arbor Networks)
Students: Papers and Presentations:
  • Android malware clustering through malicious payload mining. Yuping Li, Jiyong Jang, Xin Hu, and Xinming Ou. In 20th International Symposium on Research on Attacks, Intrusions and Defenses (RAID 2017) Atlanta, GA, September 18-20, 2017.
  • Deep Ground Truth Analysis of Current Android Malware. Fengguo Wei, Yuping Li, Sankardas Roy, Xinming Ou, and Wu Zhou. In 14th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2017) Bonn, Germany. July, 2017.
  • Experimental Study with Real-world Data for Android App Security Analysis using Machine Learning. Sankardas Roy, Jordan DeLoach, Yuping Li, Nic Herndon, Doina Caragea, Xinming Ou, Venkatesh Prasad Ranganath, Hongmin Li, and Nicolais Guevara. In Annual Computer Security Applications Conference (ACSAC), Los Angeles, CA, USA, 2015.
  • Amandroid: A precise and general inter-component data flow analysis framework for security vetting of Android apps. Fengguo Wei, Sankardas Roy, Xinming Ou, and Robby. In 21st ACM Conference on Computer and Communications Security (CCS 2014), Scottsdale, AZ, USA, Nov, 2014.
Software Release: Argus-SAF (Previously known as Amandroid.) Dataset Release: AMD

Acknowledgment:
This research is supported by the National Science Foundation under Grant No. 0644288, 0954138 and 1018703, and the U.S. Air Force Office of Scientific Research under award no. FA9550-09-1-0138. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the sponsors.