Conferences

• IFIP International Symposium on Human Aspects of Information Security & Assurance (HAISA 2021); papers due April 26, 2021
• New Security Paradigms Workshop (NSPW 2021); papers due May 21, 2021

---

My Links

• My Home Page
• Books
• Classes
• Papers
• Reports and Notes
• Research
• Security in Programming
• Service
• Students
• Talks
• Miscellaneous
• My Family
• About Me (CV and such)

---

Other Links

• Cybersecurity Club
• Computer Security Lab
• Dept. of Computer Science
• College of Engineering
• University of California, Davis
• City of Davis
• County of Yolo
• State of California
• United States of America

---

Me

• This Quarter’s Classes
• Office Hours for This Quarter
• Contacting Me
• My Personal Blog
  (Last Entry September 4, 2020; “Don’t Vote Twice”)

---

Current Time in Davis, CA, USA

LeakSemantic: Identifying Abnormal Sensitive Network Transmissions in Mobile Applications

Citation

H. Fu, Z. Zheng,S. Bose, M. Bishop, and P. Mohapatra, “LeakSemantic: Identifying Abnormal Sensitive Network Transmissions in Mobile Applications,” Proceedings of the IEEE International Conference on Computer Communications (INFOCOM 2017), to appear (May 2017).

Paper

• Published version: not yet available
• Authors’ final version:
  • Local: [PDF] [PS]
  • UC Repository: [eScholarship]

Abstract

Mobile applications (apps) often transmit sensitive data through network with various intentions. Some transmissions are needed to fulfill the app’s functionalities. However, transmissions with malicious receivers may lead to privacy leakage and tend to behave stealthily to evade detection. The problem is twofold: how does one unveil sensitive transmissions in mobile apps, and given a sensitive transmission, how does one determine if it is legitimate?

In this paper, we propose LeakSemantic, a framework that can automatically locate abnormal sensitive network transmissions from mobile apps. LeakSemantic consists of a hybrid program analysis component and a machine learning component. Our program analysis component combines static analysis and dynamic analysis to precisely identify sensitive transmissions. Compared to existing taint analysis approaches, LeakSemantic achieves better accuracy with fewer false positives and is able to collect runtime data such as network traffic for each transmission. Based on features derived from the runtime data, machine learning classifiers are built to further differentiate between the legal and illegal disclosures. Experiments show that LeakSemantic achieves 91% accuracy on 2279 sensitive connections from 1404 apps.

---

Last updated on Thursday, April 15, 2021 11:20:49 PM PDT