Quantitative analysis for privacy leak software with privacy Petri net

Authors:
Lejun Fan;Yuanzhuo Wang;Xueqi Cheng;Shuyuan Jin
Affiliations:
Institute of Computing Technology, Beijing, China;Institute of Computing Technology, Beijing, China;Institute of Computing Technology, Beijing, China;Institute of Computing Technology, Beijing, China
Venue:
Proceedings of the ACM SIGKDD Workshop on Intelligence and Security Informatics
Year:
2012

Citing 15
Cited 0

Detecting Kernel-Level Rootkits Through Binary Analysis

ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Semantics-Aware Malware Detection

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Exploring Multiple Execution Paths for Malware Analysis

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Dynamic spyware analysis

ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
A Layered Architecture for Detecting Malicious Behaviors

RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Privacy oracle: a system for finding application leaks with black box differential testing

Proceedings of the 15th ACM conference on Computer and communications security
Quantifying Information Leaks in Outbound Web Traffic

SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Identifying Dormant Functionality in Malware Programs

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Modeling and survivability analysis of service composition using Stochastic Petri Nets

The Journal of Supercomputing
Detecting self-mutating malware using control-flow graph matching

DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Modeling and Analysis of Email Worm Propagation Based on Stochastic Game Nets

PDCAT '11 Proceedings of the 2011 12th International Conference on Parallel and Distributed Computing, Applications and Technologies
Detecting malicious code by model checking

DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Stochastic game net and applications in security analysis for enterprise network

International Journal of Information Security
Analyzing application private information leaks with privacy Petri Net

ISCC '12 Proceedings of the 2012 IEEE Symposium on Computers and Communications (ISCC)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Nowadays, lots of private information are collected and spread without proper protection. privacy leak behavior has been widely discovered in many malwares and suspicious applications. We refer to such software as privacy leak software (PLS). In this paper we present an abstract model called Privacy Petri Net (PPN) for privacy leaks analysis. We build PPN modules of different privacy leak behavior sub procedure and give four indicators: possibility, severity, crypticity and manipulability for quantitative analysis. We apply our approach on real-world PLS and the case study shows that we can not only identifies the tested software as PLS, just like which is reported by AVS as malicious, but also calculate the severity, crypticity and manipulability of it. We can also evaluate the suspicious behavior in the applications which the AVSs simply treat as benign.