Welcome to the InfoSci Platform
Reference Hub3
Combining Static Code Analysis and Machine Learning for Automatic Detection of Security Vulnerabilities in Mobile Apps

Combining Static Code Analysis and Machine Learning for Automatic Detection of Security Vulnerabilities in Mobile Apps

Marco Pistoia, Omer Tripp, David Lubensky
Copyright: © 2017 |Pages: 27
ISBN13: 9781522509455|ISBN10: 1522509453|EISBN13: 9781522509462
DOI: 10.4018/978-1-5225-0945-5.ch004
Cite Chapter Cite Chapter

MLA

Pistoia, Marco, et al. "Combining Static Code Analysis and Machine Learning for Automatic Detection of Security Vulnerabilities in Mobile Apps." Mobile Application Development, Usability, and Security, edited by Sougata Mukherjea, IGI Global, 2017, pp. 68-94. https://doi.org/10.4018/978-1-5225-0945-5.ch004

APA

Pistoia, M., Tripp, O., & Lubensky, D. (2017). Combining Static Code Analysis and Machine Learning for Automatic Detection of Security Vulnerabilities in Mobile Apps. In S. Mukherjea (Ed.), Mobile Application Development, Usability, and Security (pp. 68-94). IGI Global. https://doi.org/10.4018/978-1-5225-0945-5.ch004

Chicago

Pistoia, Marco, Omer Tripp, and David Lubensky. "Combining Static Code Analysis and Machine Learning for Automatic Detection of Security Vulnerabilities in Mobile Apps." In Mobile Application Development, Usability, and Security, edited by Sougata Mukherjea, 68-94. Hershey, PA: IGI Global, 2017. https://doi.org/10.4018/978-1-5225-0945-5.ch004

Export Reference

Mendeley
Favorite

Abstract

Mobile devices have revolutionized many aspects of our lives. Without realizing it, we often run on them programs that access and transmit private information over the network. Integrity concerns arise when mobile applications use untrusted data as input to security-sensitive computations. Program-analysis tools for integrity and confidentiality enforcement have become a necessity. Static-analysis tools are particularly attractive because they do not require installing and executing the program, and have the potential of never missing any vulnerability. Nevertheless, such tools often have high false-positive rates. In order to reduce the number of false positives, static analysis has to be very precise, but this is in conflict with the analysis' performance and scalability, requiring a more refined model of the application. This chapter proposes Phoenix, a novel solution that combines static analysis with machine learning to identify programs exhibiting suspicious operations. This approach has been widely applied to mobile applications obtaining impressive results.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.