Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Profiler: Towards Automatic Fingerprinting of Android Apps

Published byEaster Barrett Modified over 6 years ago

Similar presentations

Presentation on theme: "Network Profiler: Towards Automatic Fingerprinting of Android Apps"— Presentation transcript:

1 Network Profiler: Towards Automatic Fingerprinting of Android Apps
Shuaifu Dai Alok Tongaonkar Xiaoyin Wang Antonio Nucci Dawn Song 4/21/2015 Deepthi Gangala

2 Outline Introduction Objective System Design Evaluation Limitations
Conclusion 4/21/2015 Deepthi Gangala

3 Introduction 488 million smartphones have been sold in year 2011, compared to 415 personal computers. 87% of the 90k android apps in the android Market requires permission for Internet access. 4/21/2015 Deepthi Gangala

4 NetworkProfiler Is a system to efficiently generate network profiles for Android apps. This is an automatic technique for extracting apps fingerprints form the network traces obtained by running these apps in an emulator in an automated fashion. 4/21/2015 Deepthi Gangala

5 Objective Objective is to extract fingerprints i.e., patterns of string within the network traces that are unique to the app and can be used to distinguish the app from other apps. The network behavior of an app different in terms of the HTTP methods, hosts connected, URL paths or queries, and so on. To illustrate this network behavior lets take an Zedge a popular android app. 4/21/2015 Deepthi Gangala

6 Zegde app 4/21/2015 Deepthi Gangala

7 4/21/2015 Deepthi Gangala

8 The invariant parts which are unique are used to identify the app.
Key Idea behind fingerprint extraction algorithm is to identify the invariant parts of the flows belonging to an app. The invariant parts which are unique are used to identify the app. 4/21/2015 Deepthi Gangala

9 4/21/2015 Deepthi Gangala

10 System Design Network Profiler is an automatic network profile generator for android apps. It has two main components Fingerprint Extractor Droid Driver 4/21/2015 Deepthi Gangala

11 Fingerprint Extractor
Fingerprint Extractor first tokenizes the HTTP flows via a parses and sends the tokenized flows to the clusterer. Tokenize or breakup the request into various components as shown in figure5 Break the request into method(m), page(P), query(q). Page can be broken into a number of page-components(pcs), filename(fn). Query can be split into key-value pairs(k-v) Initially all flows based in just method type i.e., all requests having same methods are grouped together. The clusterer then performs an agglomerative clustering of HTTP request within each group. 4/21/2015 Deepthi Gangala

12 4/21/2015 Deepthi Gangala

13 4/21/2015 Deepthi Gangala

14 Measure of Distance between two HTTP requests:
Distance between pages dp(i,j): Compute jacard index between page components of the page as a measure of similarity. Distance between queries dq(i,j): Compute jacard index between keys in the as a measure of similarity. Distance between two requests i,j as dh(i,j) =(dp(i,j)+dq(i,j))/2 4/21/2015 Deepthi Gangala

15 4/21/2015 Deepthi Gangala

16 Droid Driver Droid Driver is the component responsible for executing Android apps and collecting network traces. It has 3 main components: Random Tester Directed Tester 4/21/2015 Deepthi Gangala

17 Directed Tester system as an extension to the android testing framework ,allows users to communicate has 3 modules: Path Recorded Heuristic Path Generator Path Replayer 4/21/2015 Deepthi Gangala

18 Path Recorder It records the user events for apps running un and emulator. This is build by modifying Android tool monkeymaker and hierarchy viewer which provides information about the coordinates on the screen where and event occurred and coordinates of different viewer. 4/21/2015 Deepthi Gangala

19 Heuristic Path Generator
It is responsible for generating the unexplored paths to be executed by the app. It is based on UI fuzzing technique. The intuition behind this is to generate network paths for parallel views that have same action of another action like button clicking etc. 4/21/2015 Deepthi Gangala

20 4/21/2015 Deepthi Gangala

21 Path Replayer It is a dynamic path driven engine which forces the app to execute a given path and then capture the network trace of the app. It consists of four components : View Identification Module Identifies the views like button positions in the current activity Event Emulation Module Takes paths as input and performs actions one by one. It supports user behaviors like clicking/swiping on the screen. 4/21/2015 Deepthi Gangala

22 System APL Logging Module
Used to identify which network traffic is originating form the app under observations. Network Traffic Capture Module captures network traffic using tcpdump. 4/21/2015 Deepthi Gangala

23 Evaluation Ad traffic Non-Ad Traffic 4/21/2015 Deepthi Gangala

24 Ad Traffic Evaluated the fingerprint extraction algorithm for ad libraries. 4/21/2015 Deepthi Gangala

25 4/21/2015 Deepthi Gangala

26 Non-Ad traffic We Consider 6 popular, Flixster, ESPN, Score Center, CNET News, Pandora and Zedge to evaluate the non-ad traffic fingerprints. Manually generated a seed action path for each app and the installation package of the app to the NetworkProfiler system. 4/21/2015 Deepthi Gangala

27 4/21/2015 Deepthi Gangala

28 Limitations Can not distinguish apps which use the same service and have no distinct network behavior. Need a user seed path when login is involved Time required to download and run apps for the emulator. 4/21/2015 Deepthi Gangala

29 Conclusion And Future Work
Proposed novel system called Network Profiler for the automated generation of network profiles for android apps. In future, build a comprehensive network profile library for the apps present in the android market. Combine state analysis with dynamic analysis to improve coverage execution 4/21/2015 Deepthi Gangala

30 4/21/2015 Deepthi Gangala

Download ppt "Network Profiler: Towards Automatic Fingerprinting of Android Apps"

Similar presentations

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.
Dynodroid: Dynamic Analysis of Smartphone Apps

Dynodroid: Dynamic Analysis of Smartphone Apps
Networking Problems in Cloud Computing Projects. 2 Kickass: Implementation PROJECT 1.

Networking Problems in Cloud Computing Projects. 2 Kickass: Implementation PROJECT 1.
AUTOMATED DISCOVERY OF PARAMETER POLLUTION VULNERABILITIES IN WEB APPLICATIONS Marco Balduzzi, Carmen Torrano Gimenez, Davide Balzarotti, and Engin Kirda,

AUTOMATED DISCOVERY OF PARAMETER POLLUTION VULNERABILITIES IN WEB APPLICATIONS Marco Balduzzi, Carmen Torrano Gimenez, Davide Balzarotti, and Engin Kirda,
DSPIN: Detecting Automatically Spun Content on the Web Qing Zhang, David Y. Wang, Geoffrey M. Voelker University of California, San Diego 1.

DSPIN: Detecting Automatically Spun Content on the Web Qing Zhang, David Y. Wang, Geoffrey M. Voelker University of California, San Diego 1.
Context-aware Query Suggestion by Mining Click-through and Session Data Authors: H. Cao et.al KDD 08 Presented by Shize Su 1.

Context-aware Query Suggestion by Mining Click-through and Session Data Authors: H. Cao et.al KDD 08 Presented by Shize Su 1.
App Inventor Barb Ericson July 3, 2013.

App Inventor Barb Ericson July 3, 2013.
Fuzzing Dan Fleck CS 469: Security Engineering Sources:

Fuzzing Dan Fleck CS 469: Security Engineering Sources:
Software Testing and Quality Assurance

Software Testing and Quality Assurance
1 Software Testing and Quality Assurance Lecture 30 - Introduction to Software Testing.

1 Software Testing and Quality Assurance Lecture 30 - Introduction to Software Testing.
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
FALL 2012 DSCI5240 Graduate Presentation By Xxxxxxx.

FALL 2012 DSCI5240 Graduate Presentation By Xxxxxxx.
PhishNet: Predictive Blacklisting to Detect Phishing Attacks Pawan Prakash Manish Kumar Ramana Rao Kompella Minaxi Gupta Purdue University, Indiana University.

PhishNet: Predictive Blacklisting to Detect Phishing Attacks Pawan Prakash Manish Kumar Ramana Rao Kompella Minaxi Gupta Purdue University, Indiana University.
Dynodroid: An Input Generation System for Android Apps

Dynodroid: An Input Generation System for Android Apps
XP New Perspectives on Browser and E-mail Basics Tutorial 1 1 Browser and E-mail Basics Tutorial 1.

XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 9/19/2015Slide 1 (of 32)

Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 9/19/2015Slide 1 (of 32)
Presented by: Tom Staley. Introduction Rising security concerns in the smartphone app community Use of private data: Passwords Financial records GPS locations.

Presented by: Tom Staley. Introduction Rising security concerns in the smartphone app community Use of private data: Passwords Financial records GPS locations.
When Experts Agree: Using Non-Affiliated Experts To Rank Popular Topics Meital Aizen.

When Experts Agree: Using Non-Affiliated Experts To Rank Popular Topics Meital Aizen.
1 Characterizing Botnet from Email Spam Records Presenter: Yi-Ren Yeh ( 葉倚任 ) Authors: L. Zhuang, J. Dunagan, D. R. Simon, H. J. Wang, I. Osipkov, G. Hulten,

1 Characterizing Botnet from Spam Records Presenter: Yi-Ren Yeh ( 葉倚任 ) Authors: L. Zhuang, J. Dunagan, D. R. Simon, H. J. Wang, I. Osipkov, G. Hulten,
南台科技大學 資訊工程系 A web page usage prediction scheme using sequence indexing and clustering techniques Adviser: Yu-Chiang Li Speaker: Gung-Shian Lin Date:2010/10/15.

南台科技大學 資訊工程系 A web page usage prediction scheme using sequence indexing and clustering techniques Adviser: Yu-Chiang Li Speaker: Gung-Shian Lin Date:2010/10/15.

Similar presentations

Ads by Google