We use cookies to improve your experience with our site.

Indexed in:

SCIE, EI, Scopus, INSPEC, DBLP, CSCD, etc.

Submission System
(Author / Reviewer / Editor)
Le-Jun Fan, Yuan-Zhuo Wang, Jing-Yuan Li, Xue-Qi Cheng, Chuang Lin. Privacy Petri Net and Privacy Leak Software[J]. Journal of Computer Science and Technology, 2015, 30(6): 1318-1343. DOI: 10.1007/s11390-015-1601-7
Citation: Le-Jun Fan, Yuan-Zhuo Wang, Jing-Yuan Li, Xue-Qi Cheng, Chuang Lin. Privacy Petri Net and Privacy Leak Software[J]. Journal of Computer Science and Technology, 2015, 30(6): 1318-1343. DOI: 10.1007/s11390-015-1601-7

Privacy Petri Net and Privacy Leak Software

Funds: This work is supported by the National Natural Science Foundation of China under Grant Nos. 61402124, 61402022, 61173008, 60933005, and 61572469, the National Key Technology Research and Development Program of China under Grant No. 2012BAH39B02, the 242 Projects of China under Grant No. 2011F45, and Beijing Nova Program under Grant No. Z121101002512063.
More Information
  • Author Bio:

    Le-Jun Fan received his B.S. and M.S. degrees in circuit and system from the University of Science and Technology of China, Hefei, in 2004 and 2007 respectively. He received his Ph.D. degree in information security in 2013 from the Research Center of Web Data Science & Engineering of the Institute of Computing Technology, Chinese Academy of Sciences, Beijing. His research interests include software malicious behavior analysis, data privacy and Petri nets. He is a member of IEEE. He is now working at National Computer Network Emergency Response Technical Team/Coordination Center of China.

  • Corresponding author:

    Yuan-Zhuo Wang E-mail: wangyuanzhuo@ict.ac.cn

  • Received Date: March 26, 2014
  • Revised Date: June 01, 2015
  • Published Date: November 04, 2015
  • Private information leak behavior has been widely discovered in malware and suspicious applications. We refer to such software as privacy leak software (PLS). Nowadays, PLS has become a serious and challenging problem to cyber security. Previous methodologies are of two categories: one focuses on the outbound network traffic of the applications; the other dives into the inside information flow of the applications. We present an abstract model called Privacy Petri Net (PPN) which is more applicable to various applications and more intuitive and vivid to users. We apply our approach to both malware and suspicious applications in real world. The experimental result shows that our approach can effectively find categories, content, procedure, destination and severity of the private information leaks for the target software.
  • [1]
    Backes M, Kopf B, Rybalchenko A. Automatic discovery and quantification of information leaks. In Proc. the 30th IEEE Symposium on Security and Privacy, May 2009, pp.141-153.
    [2]
    Borders K, Prakash A. Quantifying information leaks in outbound Web traffic. In Proc. the 30th IEEE Symposium on Security and Privacy, May 2009, pp.129-140.
    [3]
    Jung J, Sheth A, Greenstein B, Wetherall D, Maganis G, Kohno T. Privacy oracle: A system for finding application leaks with black box differential testing. In Proc. the 15th ACM Conference on Computer and Communications Security, Oct. 2008, pp.279-288.
    [4]
    Egele M, Kruegel C, Kirda E, Vigna G. PiOS: Detecting privacy leaks in IOS applications. In Proc. the 18th Annual Network & Distributed System Security Symposium, Feb. 2011.
    [5]
    Enck W, Gilbert P, Chun B G, Cox L P, Jung J, McDaniel P, Sheth A. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proc. the 9th USENIX Symposium on Operating Systems Design and Implementation, Oct. 2010, pp.393-407.
    [6]
    Kirda E, Kruegel C. Behavior-based spyware detection. In Proc. the 15th USENIX Security Symposium, July 31- August 4, 2006.
    [7]
    Egele M, Kruegel C, Kirda E, Yin H, Song D. Dynamic spyware analysis. In Proc. the 2007 USENIX Annual Technical Conference, June 2007, pp.233-246.
    [8]
    Kruegel C, Kirda E, Mutz D, Robertson W, Vigna G. Polymorphic worm detection using structural information of executables. In Proc. the 8th International Symposium on Recent Advances in Intrusion Detection, Sept. 2005, pp.207- 226.
    [9]
    Kinder J, Katzenbeisser S, Schallhart C, Veith H. Detecting malicious code by model checking. In Proc. the 2nd International Conference on Detection of Intrusions and Malware and Vulnerability Assessment, July 2005, pp.174-187.
    [10]
    Kruegel C, Robertson W, Vigna G. Detecting kernel-level rootkits through binary analysis. In Proc. the 20th Annual Computer Security Applications Conference, Dec. 2004, pp.91-100.
    [11]
    Christodorescu M, Jha S. Static analysis of executables to detect malicious patterns. In Proc. the 12th USENIX Security Symposium, Aug. 2003.
    [12]
    Moser A, Kruegel C, Kirda E. Limits of static analysis for malware detection. In Proc. the 23rd Annual Computer Security Applications Conference, Dec. 2007, pp.421-430.
    [13]
    Sharif M, Lanzi A, Giffin J, Lee W. Impeding malware analysis using conditional code obfuscation. In Proc. the 15th Annual Network and Distributed System Security Symposium, Feb. 2008.
    [14]
    Sharif M, Lanzi A, Giffin J, Lee W. Automatic reverse engineering of malware emulators. In Proc. the 30th IEEE Symposium on Security and Privacy, May 2009, pp.94-109.
    [15]
    Rhee J, Riley R, Xu D, Jiang X. Kernel malware analysis with un-tampered and temporal views of dynamic kernel memory. In Proc. the 13th International Symposium on Recent Advances in Intrusion Detection, Sept. 2010, pp.178- 197.
    [16]
    Lanzi A, Sharif M, Lee W. K-tracer: A system for extracting kernel malware behavior. In Proc. the 16th Annual Network & Distributed System Security Symposium, Feb. 2009.
    [17]
    Yin H, Liang Z, Song D. HookFinder: Identifying and understanding malware hooking behaviors. In Proc. the 15th Annual Network & Distributed System Security Symposium, Feb. 2008.
    [18]
    Moser A, Kruegel C, Kirda E. Exploring multiple execution paths for malware analysis. In Proc. the 28th IEEE Symposium on Security and Privacy, May 2007, pp.231-245.
    [19]
    Comparetti P M, Salvaneschi G, Kirda E, Kolbitsch C, Kruegel C, Zanero S. Identifying dormant functionality in malware programs. In Proc. the 31st IEEE Symposium on Security and Privacy, May 2010, pp.61-76.
    [20]
    Christodorescu M, Jha S, Seshia S A, Song D, Bryant R E. Semantics-aware malware detection. In Proc. the 26th IEEE Symposium on Security and Privacy, May 2005, pp.32-46.
    [21]
    Bruschi D, Martignoni L, Monga M. Detecting selfmutating malware using control-flow graph matching. In Proc. the 3rd International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 2006, pp.129-143.
    [22]
    Christodorescu M, Jha S, Kruegel C. Mining specifications of malicious behavior. In Proc. the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, Sept. 2007, pp.5-14.
    [23]
    Martignoni L, Stinson E, Fredrikson M, Jha S, Mitchell J. A layered architecture for detecting malicious behaviors. In Proc. the 11th International Symposium on Recent Advances in Intrusion Detection, Sept. 2008, pp.78-97.
    [24]
    Fredrikson M, Jha S, Christodorescu M, Sailer R, Yan X. Synthesizing near-optimal malware specifications from suspicious behaviors. In Proc. the 31st IEEE Symposium on Security and Privacy, May 2010, pp.45-60.
    [25]
    Wang Y, Lin C, Ungsunan P D, Huang X. Modeling and survivability analysis of service composition using Stochastic Petri Nets. The Journal of Supercomputing, 2011, 56(1): 79-105.
    [26]
    Yu M, Wang Y, Liu L, Cheng X. Modeling and analysis of email worm propagation based on stochastic game nets. In Proc. the 12th International Conference on Parallel and Distributed Computing, Applications and Technologies, Oct. 2011, pp.381-386.
    [27]
    Fan L,Wang Y, Jin X, Li J, Cheng X, Jin S. Comprehensive quantitative analysis on privacy leak behavior. PloS One, 2013, 8(9): e73410.
    [28]
    Fan L,Wang Y, Cheng X, Li J, Jin S. Privacy theft malware multi-process collaboration analysis. Security and Communication Networks, 2015, 8(1): 51-67.
    [29]
    Wang Y, Lin C, Meng K, Yang H, Lv J. Security analysis for online banking system using hierarchical stochastic game nets model. In Proc. IEEE Global Communications Conference, Nov. 30-Dec. 4, 2009.
    [30]
    Wang Y, Lin C, Wang Y, Meng K. Security analysis of enterprise network based on stochastic game nets model. In Proc. IEEE International Conference on Communications, June 2009.
    [31]
    Wang Y, Lin C, Meng K, Lv J. Analysis of attack actions for e-commerce based on stochastic game nets model. Journal of Computers, 2009, 4(6): 461-468.
    [32]
    Wang Y, Yu M, Li J, Meng K, Lin C, Cheng X. Stochastic game net and applications in security analysis for enterprise network. International Journal of Information Security, 2012, 11(1): 41-52.
    [33]
    Gao H, Wang Y, Wang L, Liu L, Li J, Cheng X. Trojan characteristics analysis based on Stochastic Petri Nets. In Proc. IEEE International Conference on Intelligence and Security Informatics, July 2011, pp.213-215.
    [34]
    Tokhtabayev A, Skormin V, Dolgikh A. Dynamic, resilient detection of complex malicious functionalities in the system call domain. In Proc. Military Communications Conference, Oct. 31-Nov. 3, 2010, pp.1349-1356.
    [35]
    Tokhtabayev A, Skormin V, Dolgikh A. Expressive, efficient and obfuscation resilient behavior based IDs. In Proc. the 15th European Symposium on Research in Computer Security, Sept. 2010, pp.698-715.
    [36]
    Liu P, Wang J, He D. Worm detection using CPN. In Proc. IEEE International Conference on Systems, Man and Cybernetics, Oct. 2004, pp.4941-4946.
    [37]
    Ho Y, Frincke D, Tobin D. Planning, Petri nets, and intrusion detection. In Proc. the 21st National Information Systems Security Conference, Oct. 1998.
    [38]
    Johnson N M, Caballero J, Chen K Z, McCamant S, Poosankam P, Reynaud D, Song D. Differential slicing: Identifying causal execution differences for security applications. In Proc. the 32nd IEEE Symposium on Security and Privacy, May 2011, pp.347-362.
    [39]
    Jacob G, Debar H, Filiol E. Malware behavioral detection by attribute-automata using abstraction from platform and language. In Proc. the 12th International Symposium on Recent Advances in Intrusion Detection, Sept. 2009, pp.81- 100.
    [40]
    Lanzi A, Balzarotti D, Kruegel C, Christodorescu M, Kirda E. AccessMiner: Using system-centric models for malware protection. In Proc. the 17th ACM Conference on Computer and Communications Security, Oct. 2010, pp.399- 412.
    [41]
    Lou W, Ren K. Security, privacy, and accountability in wireless access networks. IEEE Wireless Communications, 2009, 16(4): 80-87.
    [42]
    Liu X, Zhao H, Pan M, Yue H, Li X, Fang Y. Traffic-aware multiple mix zone placement for protecting location privacy. In Proc. INFOCOM, Mar. 2012, pp.972-980.
    [43]
    Lin X, Lu R, Liang X, Shen X. STAP: A social-tier-assisted packet forwarding protocol for achieving receiver-location privacy preservation in VANETs. In Proc. INFOCOM, Apr. 2011, pp.2147-2155.
    [44]
    Gilbert P, Chun B G, Cox L P, Jung J. Automating privacy testing of smartphone applications. Technical Report, TR-CS-2011-02, Duke University, 2011.
    [45]
    Enck W, Ongtang M, McDaniel P. Understanding Android security. IEEE Security & Privacy, 2009, 7(1): 50-57.
  • Related Articles

    [1]Mohammad Y. Mhawish, Manjari Gupta. Predicting Code Smells and Analysis of Predictions: Using Machine Learning Techniques and Software Metrics[J]. Journal of Computer Science and Technology, 2020, 35(6): 1428-1445. DOI: 10.1007/s11390-020-0323-7
    [2]Sara Elmidaoui, Laila Cheikhi, Ali Idri, Alain Abran. Machine Learning Techniques for Software Maintainability Prediction: Accuracy Analysis[J]. Journal of Computer Science and Technology, 2020, 35(5): 1147-1174. DOI: 10.1007/s11390-020-9668-1
    [3]Li Li, Tegawend&#233 F. Bissyand&#233, Hao-Yu Wang, Jacques Klein. On Identifying and Explaining Similarities in Android Apps[J]. Journal of Computer Science and Technology, 2019, 34(2): 437-455. DOI: 10.1007/s11390-019-1918-8
    [4]Mert Ozkaya. Visual Specification and Analysis of Contract-Based Software Architectures[J]. Journal of Computer Science and Technology, 2017, 32(5): 1025-1043. DOI: 10.1007/s11390-017-1779-y
    [5]Jian Chen, Manar H. Alalfi, Thomas R. Dean, Ying Zou. Detecting Android Malware Using Clone Detection[J]. Journal of Computer Science and Technology, 2015, 30(5): 942-956. DOI: 10.1007/s11390-015-1573-7
    [6]Tao Xie, Lu Zhang, Xusheng Xiao, Ying-Fei Xiong, Dan Hao. Cooperative Software Testing and Analysis:Advances and Challenges[J]. Journal of Computer Science and Technology, 2014, 29(4): 713-723. DOI: 10.1007/s11390-014-1461-6
    [7]Wei-Feng Pan, Bing Li, Yu-Tao Ma, Ye-Yi Qin, Xiao-Yan Zhou. Measuring Structural Quality of Object-Oriented Softwares via Bug Propagation Analysis on Weighted Software Networks[J]. Journal of Computer Science and Technology, 2010, 25(6): 1202-1213. DOI: 10.1007/s11390-010-1095-2
    [8]Thandar Thein, Jong Sou Park. Availability Analysis of Application Servers Using Software Rejuvenation and Virtualization[J]. Journal of Computer Science and Technology, 2009, 24(2): 339-346.
    [9]Xin Peng, Seok-Won Lee, Wen-Yun Zhao. Feature-Oriented Nonfunctional Requirement Analysis for Software Product Line[J]. Journal of Computer Science and Technology, 2009, 24(2): 319-338.
    [10]Vasileios Karyotis, Anastasios Kakalis, Symeon Papavassiliou. Malware-Propagative Mobile Ad Hoc Networks: Asymptotic Behavior Analysis[J]. Journal of Computer Science and Technology, 2008, 23(3): 389-399.

Catalog

    Article views (34) PDF downloads (1268) Cited by()
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return