SaTC: CORE: Small: Automated Dynamic Analysis for Smart Device Malware Hiding Mechanisms

SaTC：核心：小型：智能设备恶意软件隐藏机制的自动动态分析

• 批准号: 2154483
• 负责人: Zhiyong Shan
• 金额: $ 18.93万
• 依托单位: Wichita State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-06-01 至 2025-05-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2154483&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Automated; Dynamic

Smart devices range from smartphone to smart watch and tablets. While smart devices bring new functions and possibilities to users, they also open a “Pandora’s Box” of potential problems, from eavesdropping attacks to erasing data on a user’s storage device. There has been a significant increase in the number of malicious apps as our daily life increasingly relies on mobile applications. The project's novelties are to develop automated techniques to comprehensively uncover distinguishing behaviors of malicious apps. The project's broader significance and importance are to help billions of users of smart devices to recognize malicious apps and thereby prevent them from becoming victims of cyber-attacks. Moreover, the project generates an empirical experimental platform for the research community and includes educational activities involving high school students.This project's technical efforts involve two steps. The first is developing a multimedia-based automated testbot, which exploits multimedia (e.g., vision, audio, vibration) recognition algorithms to mimic the user to automatically test applications and find self-hiding behaviors on smart devices. With analysis results from the testbot, the second step creates natural language processing and static program analysis algorithms to find code snippets of unknown self-hiding behaviors of smart device malware and generates technique descriptions based on these code snippets, which in turn benefits the research and industry communities.This project is jointly funded by the Secure & Trustworthy Cyberspace program (SaTC) and the Established Program to Stimulate Competitive Research (EPSCoR).This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

智能设备从智能手机到智能手表和平板电脑。在智能设备为用户带来新功能和可能性的同时，它们也打开了潜在问题的“潘多拉盒子”，从窃听攻击到擦除用户存储设备上的数据。随着我们的日常生活越来越依赖于移动的应用程序，恶意应用程序的数量显著增加。该项目的新颖之处在于开发自动化技术，以全面揭示恶意应用程序的不同行为。该项目更广泛的意义和重要性在于帮助数十亿智能设备用户识别恶意应用程序，从而防止他们成为网络攻击的受害者。此外，该项目还为研究界提供了一个经验性的实验平台，并包括涉及高中生的教育活动。第一个是开发一个基于多媒体的自动测试机器人，它利用多媒体（例如，视觉、音频、振动）识别算法，模仿用户自动测试应用程序并发现智能设备上的自我隐藏行为。利用测试机器人的分析结果，第二步创建自然语言处理和静态程序分析算法，以发现智能设备恶意软件未知的自我隐藏行为的代码片段，并基于这些代码片段生成技术描述，从而使研究和行业社区受益。&该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

An Approach to Reveal Unknown Malware Hiding Techniques

揭示未知恶意软件隐藏技术的方法

• DOI: 10.1109/bcd57833.2023.10466287
• 发表时间: 2023
• 期刊: Networking and Parallel/Distributed Computing
• 作者: Shan, Zhiyong;Channu, Harsha Vardhan
• 通讯作者: Channu, Harsha Vardhan

AR-Extractor: Automatically Extracting Constraints from Android Documentation using NLP Techniques

AR-Extractor：使用 NLP 技术自动从 Android 文档中提取约束

• 发表时间: 2022
• 期刊: The 20th International Conference on Software Engineering Research & Practice (SERP'22
• 作者: Preethi Santhanam, Padmapriya Sakthivel