About CHABADA


How do we know a program does what it claims to do? After clustering Android apps by their description topics, we identify outliers in each cluster with respect to their API usage. A "weather" app that sends messages thus becomes an anomaly; likewise, a "messaging" app would typically not be expected to access the current location. Applied on a set of 22,500+ Android applications, our CHABADA prototype identified several anomalies; additionally, it flagged 56% of novel malware as such, without requiring any known malware patterns.

Videos

  • Watch the video of the CHABADA work presented at Microsoft Research.
  • CHABADA on ARD! Watch the video here (in german)
  • CHABADA on SR! Watch the video here (in german)

Slides

Downloads

@inproceedings{GorlaetAl:CHABADA:ICSE:2014,
author = {Alessandra Gorla and Ilaria Tavecchia and Florian Gross and Andreas Zeller},
title = {Checking App Behavior Against App Descriptions},
booktitle = {ICSE'14: Proceedings of the 36th International Conference on Software Engineering},
location = {Hyderabad (India), 31 May - 7 June},
year = {2014},
}