How do we know a program does what it claims to do? In this talk I will present our techniques to detect suspicious behavior in Android apps or similar ecosystems. We first cluster apps according to their advertised behavior, which we extract either by analyzing the natural language description on the Google Play or by analyzing the graphical user interface. We later identify outliers in each cluster with respect to their usage of sensitive Android APIs. A “weather” app that sends messages thus becomes an anomaly; likewise, a button labelled “Cancel” in an app would typically not be expected to retrieve the current location. Applied on a large set of Android apps, our techniques identify several anomalies, most of them highlighting malicious behavior.
Alessandra Gorla received her Bachelor’s and Master’s degrees in computer science from the University of Milano-Bicocca in Italy. She completed her Ph.D. in informatics at the Universita’ della Svizzera Italiana in Lugano (USI), Switzerland in 2011. In her Ph.D. thesis she defined and developed the notion of Automatic Workarounds, a self-healing technique to recover Web applications from field failures, a work for which she received the Fritz Kutter Award for the best industry related Ph.D. thesis in computer science in Switzerland. Before joining IMDEA Software Institute in December 2014 as assistant research professor, she has been a postdoctoral researcher in the software engineering group at Saarland University in Germany.