2013 International Conference on Availability, Reliability and Security (2013)
Regensburg, Germany Germany
Sept. 2, 2013 to Sept. 6, 2013
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2013.79
We propose PICARD (ProbabIlistic Contract on Android), a framework to generate probabilistic contracts to detect repackaged applications for Android smart phones. A contract describes the sequences of actions that an application is allowed to perform at run-time, i.e. its legal behavior. In PICARD, contracts are generated from the set of traces that represent the usage profile of the application. Both the contract and the application's run-time behavior are represented through clustered probabilistic automata. At run-time, the PICARD monitoring system verifies the compliance of the application trace with the contract. This approach is useful in detecting repackaged applications, whose behavior is strongly similar to the original application but it differs only from small paths in the traces. In this paper, we discuss the framework of PICARD for describing and generating contracts through probabilistic automata and introduce the notion of Action Node, a cluster of related system calls, used to represent high level operations. Then, we present a first set of preliminary experiments on repackaged applications, to evaluate the viability of the proposed approach.
Repackaging, Probabilistic contract, Android, Malware
G. Dini, F. Martinelli, A. Saracino and D. Sgandurra, "Probabilistic Contract Compliance for Mobile Applications," 2013 International Conference on Availability, Reliability and Security(ARES), Regensburg, Germany Germany, 2013, pp. 599-606.