Shaoyin Cheng

DroidFuzzer: Fuzzing the Android Apps with Intent-Filter Tag

The Android system is getting more and more popular on the mobile devices. Thus, lots of apps have sprung up to facilitate peoples daily life. However, many of the apps are released without sufficient testing work, so the users encounter a sudden app crash now and then. This will undoubtedly impact the users experience and even lead to economic loss. Because current testing tools on Android apps mainly focus on the motion event on the screen, like click event, bugs concerned with data handling module in an app is neglected. In this paper, we propose an automated testing method to fuzz testing the Android apps. The test targets are the Activities which accept outside MIME data. These Activities are picked out by analyzing the Intent-filter tag in the AndroidManifest.xml file. An automated fuzzing tool, DroidFuzzer, is implemented based on the method. Finally, experiments are conducted to prove the effectiveness of it.

An efficient SVM-based method for multi-class network traffic classification

Multi-class network traffic classification is a fundamental function for network services and management. Support vector machine (SVM) based network traffic classification has recently attracted increasing interest, for its high accuracy and low training sample size requirement. However, to better fit applications with delay requirements, it is desirable to reduce the high computation cost of existing SVM-based traffic classifiers. In this paper, we propose a novel scheme for SVM-based traffic classification (called fuzzy tournament). Experiment results based on real network traffic traces show that our proposed scheme can reduce computation cost by as much as 7.65 times; in the mean time, misclassification ratio is consistently reduced by up to 2.35 times as well.

Novel user influence measurement based on user interaction in microblog

With the development of science and technology, various social networks have emerged in recent years and microblog is a prevailing one. This paper focuses on how to identify the most influential users quantitatively in microblog and proposes a new ranking method which employs the fact that a followers contribution to the influences of his/her followees varies and depends greatly on the interactions between them. We consider bidirectional interactions from perspectives of followees and followers, and measure the interactive degree by four factors comprised of retweeting strength, commenting intensity, mentioning density and a special indicator to the potential interactions called keyword similarity. The experimental results show that our method based on user interaction is better in calculating the user influence.

LoongChecker: Practical Summary-Based Semi-simulation to Detect Vulnerability in Binary Code

The automatic detection of security vulnerabilities in binary code is challenging and lacks efficient tools. This paper presents a novel semi-simulation approach to statically detect potential vulnerabilities in binary code. The semi-simulation approach simulates address related instructions accurately using value set analysis, and only traces data dependence on other instructions using data dependence analysis. We have implemented this approach on a tool called LoongChecker, and evaluate it on three real world programs, and detect three known vulnerabilities and two zero-day vulnerabilities. The results show our approach is practical and can be applied to large real world software.

Static Detection of Dangerous Behaviors in Android Apps

This paper presents a scheme to detect dangerous behaviors in Android apps. In order to identify different kinds of dangerous behaviors, we designed two analysis engines. On the one hand, taint analysis engine mainly detects privacy leak by tracking how user’s sensitive data is used by an app; On the other hand, constant analysis engine focuses on the constant information in an app to identify other dangerous behaviors such as SP services ordering, phone bill consuming, and so on. We have implemented these two engines in a system called ApkRiskAnalyzer which identifies the dangerous behaviors by simulating the running process of an Android app statically. Furthermore, we analyzed 1260 malicious apps and found out dangerous behaviors in 1246 (98.9%) apps. Then we downloaded 630 normal apps from Google Play and identified dangerous behaviors in 575(91.3%) apps. These results demonstrate the effectiveness of ApkRiskAnalyzer.

ADKAM: A-Diversity K-Anonymity Model via Microaggregation

A great challenge in privacy preservation is to trade off two important issues: data utility and privacy preservation, in publication of dataset which usually contains sensitive information. Anonymization is a well-represent approach to achieve this, and there exist several anonymity models. Most of those models mainly focuses on protecting privacy exerting identical protection for the whole table with pre-defined parameters. As a result, it could not meet the diverse requirements of protection degrees varied with different sensitive values.Motivated by this, this paper firstly introduces an a-diversity k-anonymity model (ADKAM) to satisfy the diversity deassociation for sensitive values, ant then designs a framework based on an improved microaggregation algorithm, as an alternative to generalization/ suppression to achieve anonymization. By using this framework, we improve the data utility and disclosure risk of privacy disclosure. We conduct several experiments to validate our schemes.

Find Referral Social Networks

With the generalizing of Electronic Medical Records lots of facilities such as hospitals, insurance companies and some other government sections, accumulate large amounts of electronic data. Generally, data analysis technologies used in health insurance claims data are statistical and data mining. To get some new information from the data, the social network analysis (SNA) is proposed as a new way to explore the patientstransferring data held by Medical Insurance Bureau. In this paper, we first describe the condition of the basic medical insurance for urban and rural residents in China, then we demonstrate that the method of SNA used in the health insurance claims data can better understand the corporation among hospitals relating to patients-transferring. Particularly, this paper applies social network analysis to mine the data in three aspects: (a) community detection of hospitals network using different models. (b) the relationship among networks characteristics and healthcare quality including Length of stay(Los) in hospital, medicare cost and treatment results. (c)some interesting rules about the patients-transferring correlated with the Los and Cost.

Software vulnerability analysis framework based on uniform intermediate representation

Building secure software nowadays is a dominant goal in software development. Consequently, analyzing software vulnerabilities in order to determine how they can be prevented is the pivot of computer security. This paper presents a static analysis framework based on uniform intermediate representation to detect software vulnerabilities, and we have implemented an analysis tool called Melon based on the Microsoft Phoenix. We evaluate the effectiveness of Melon through a number of testing, and the experimental results show that it can effectively validate and analyze software vulnerabilities.

Combined Symbolic and Concrete Execution of TTCN-3 for Automated Testing

Testing procedure can be described by the testing and test control notation-version 3(TTCN-3). The automatic execution of TTCN-3 test scripts is transformed to automatic testing of system under test (SUT). We propose a framework, which uses combined symbolic and concrete execution of TTCN-3 test scripts to automatically generate test inputs for most of the feasible paths. Meanwhile most of the test procedures are accomplished automatically, which can reduce testing cost and better testing effectiveness. Structured values and function calls are the common difficult problems in symbolic execution. We propose a lazy symbolization mechanism to decrease the amount of symbolic values when structured values are processed. And we also propose combined condition and assignment statements to describe functions. We apply our framework to some public fragments of TTCN-3 test scripts. The results are encouraging.

An Ensemble Model for Diabetes Diagnosis in Large-scale and Imbalanced Dataset

Diabetes is becoming a more and more serious health challenge worldwide with the yearly rising prevalence, especially in developing countries. The vast majority of diabetes are type 2 diabetes, which has been indicated that about 80% of type 2 diabetes complications can be prevented or delayed by timely detection. In this paper, we propose an ensemble model to precisely diagnose the diabetic on a large-scale and imbalance dataset. The dataset used in our work covers millions of people from one province in China from 2009 to 2015, which is highly skew. Results on the real-world dataset prove that our method is promising for diabetes diagnosis with a high sensitivity, F3 and G --- mean, i.e, 91.00%, 58.24%, 86.69%, respectively.