LIReDroid: LLM-Enhanced Test Case Generation for Static Sensitive Behavior Replication
Authors: 
Yin Wang, Ming Fan, Xicheng Zhang, Jifei Shi, Zhaoyu Qiu, Haijun Wang, Ting LiuAuthors Info & Claims
Pages 81 - 84
Abstract
Malicious Android applications often employ covert behaviors to exfiltrate sensitive data, thereby compromising user privacy. Traditional detection techniques predominantly utilize static analysis of the source code to detect such sensitive behaviors, yet they are frequently plagued by elevated false positive rates. While dynamic analysis methods offer greater precision, they contend with the challenge of limited coverage. This paper introduces LIReDroid, a hybrid testing approach that aims to replicate sensitive behaviors identified in static analysis call chains. LIReDroid firstly analyze the application’s static invocation chain. Then LIReDroid devises a prompt word model for the generation of test instructions and injection script code. Ultimately, sensitive API call chains are dynamically invoked through code injection, with their activation being meticulously recorded. We presented preliminary experimental results to substantiate the efficacy of LIReDroid. Given these results, we outline future research directions for LIReDroid.
References
[1]
Aala Al Khayer, Iman Almomani, and Khaled Elkawlak. 2020. ASAF: Android Static Analysis Framework. In 2020 First International Conference of Smart Systems and Emerging Technologies (SMARTTECH). 197–202. https://doi.org/10.1109/SMART-TECH49988.2020.00053
[2]
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. SIGPLAN Not. 49, 6 (jun 2014), 259–269. https://doi.org/10.1145/2666356.2594299
[3]
Baidu. 2024. ENRIE. https://yiyan.baidu.com/
[4]
Tianqin Cai, Zhao Zhang, and Ping Yang. 2020. Fastbot: A Multi-Agent Model-Based Test Generation System Beijing Bytedance Network Technology Co., Ltd. In Proceedings of the IEEE/ACM 1st International Conference on Automation of Software Test (Seoul, Republic of Korea) (AST ’20). Association for Computing Machinery, New York, NY, USA, 93–96. https://doi.org/10.1145/3387903.3389308
[5]
Alibaba Cloud. 2024. Qwen. https://tongyi.aliyun.com/
[6]
Zhe Liu, Chunyang Chen, Junjie Wang, Mengzhuo Chen, Boyu Wu, Xing Che, Dandan Wang, and Qing Wang. 2024. Make LLM a Testing Expert: Bringing Human-like Interaction to Mobile GUI Testing via Functionality-aware Decisions. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering (Lisbon, Portugal) (ICSE ’24). Association for Computing Machinery, New York, NY, USA, Article 100, 13 pages. https://doi.org/10.1145/3597503.3639180
[7]
Oleavr. 2024. Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.https://frida.re/
[8]
OpenAI. 2024. ChatGPT. https://chat.openai.com/
[9]
OpenAI. 2024. GPT-4 Technical Report. arxiv:2303.08774 [cs.CL]
[10]
Ya Pan, Xiuting Ge, Chunrong Fang, and Yong Fan. 2020. A Systematic Literature Review of Android Malware Detection Using Static Analysis. IEEE Access 8 (2020), 116363–116379. https://doi.org/10.1109/ACCESS.2020.3002842
[11]
Thomas Sutter, Timo Kehrer, Marc Rennhard, Bernhard Tellenbach, and Jacques Klein. 2024. Dynamic Security Analysis on Android: A Systematic Literature Review. IEEE Access 12 (2024), 57261–57287. https://doi.org/10.1109/ACCESS.2024.3390612
[12]
Sheila Teo. 2023. How I Won Singapore’s GPT-4 Prompt Engineering Competition. https://towardsdatascience.com/how-i-won-singapores-gpt-4-prompt-engineering-competition-34c195a93d41
[13]
Hugo Touvron, Thibaut Lavril, Gautier Izacard, Xavier Martinet, Marie-Anne Lachaux, Timothée Lacroix, Baptiste Rozière, Naman Goyal, Eric Hambro, Faisal Azhar, Aurelien Rodriguez, Armand Joulin, Edouard Grave, and Guillaume Lample. 2023. LLaMA: Open and Efficient Foundation Language Models. arxiv:2302.13971 [cs.CL]
[14]
Jules White, Quchen Fu, Sam Hays, Michael Sandborn, Carlos Olea, Henry Gilbert, Ashraf Elnashar, Jesse Spencer-Smith, and Douglas C. Schmidt. 2023. A Prompt Pattern Catalog to Enhance Prompt Engineering with ChatGPT. arxiv:2302.11382 [cs.SE]
Index Terms
- LIReDroid: LLM-Enhanced Test Case Generation for Static Sensitive Behavior Replication
Recommendations
Android Malware Static Analysis Techniques
CISR '15: Proceedings of the 10th Annual Cyber and Information Security Research ConferenceDuring 2014, Business Insider announced that there are over a billion users of Android worldwide. Government officials are also trending towards acquiring Android mobile devices. Google's application architecture is already ubiquitous and will keep ...
Android Permission Re-delegation Detection and Test Case Generation
CSSS '12: Proceedings of the 2012 International Conference on Computer Science and Service SystemAs smart phones are becoming widespread over the world, relevant security problems emerge. On Android platform, some applications are granted to access some restrictive resources via system APIs. Such applications may expose this capability to the other ...
Achieving scalable mutation-based generation of whole test suites
Without complete formal specification, automatically generated software tests need to be manually checked in order to detect faults. This makes it desirable to produce the strongest possible test set while keeping the number of tests as small as ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
July 2024
518 pages
ISBN:9798400707056
DOI:10.1145/3671016
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 24 July 2024
Check for updates
Author Tags
Qualifiers
- Short-paper
- Research
- Refereed limited
Funding Sources
- National Natural Science Foundation of China
- Young Talent Fund of Association for Science and Technology in Shaanxi, China
Conference
Internetware 2024
Sponsor:
Acceptance Rates
Overall Acceptance Rate 55 of 111 submissions, 50%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 107Total Downloads
- Downloads (Last 12 months)107
- Downloads (Last 6 weeks)26
Reflects downloads up to 18 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format