Speaker Andreas Zeller
Host Tom Zimmermann
Affiliation Saarland University
Date recorded 11 November 2013
How do we know a program does what it claims to do? After clustering mined Android apps by their description topics, we identify outliers in each cluster with respect to their API usage. A “weather” app that sends messages thus becomes an anomaly; likewise, a “messaging” app would not be expected to access the current location. Applied on a set of 22,000+ Android applications, our approach identified several anomalies, and classified known malware accurately with high precision and recall; with the help of upcoming test generators, we will identify anomalies in terms of dynamic API usage and information flow
©2013 Microsoft Corporation. All rights reserved.