Abstract:

FlowMiner is a tool for automatically mining expressive, fine-grained data-flow summaries from Java library bytecode. FlowMiner captures enough information to enable context, type, field, object and flow-sensitive partial program analysis of applications using the library. FlowMiner’s summaries are compact- flow details of a library that are non-critical for future partial program analysis of applications are elided into simple edges between elements that are accuracy-critical. Hence, summaries extracted by FlowMiner are an order of magnitude smaller than the original library. We present (i) novel algorithms to extract expressive, fine-grained, compact summary data-flows from a Java library, (ii) graph summarization paradigm that uses a multi-attributed directed graph as the mathematical abstraction to represent summaries, (iii) open-source implementation (FlowMiner tool) of the above that saves summaries in a portable format usable by existing analysis tools, and (iv) experiments with recent versions of Android showing that FlowMiner significantly advances the state-of-the-art tooling in accuracy.

Venue: 11th International Conference on Information Systems Security (ICISS 2015), Jadavpur University, Kolkata, India, December 16-20 2015

Author: Tom Deering, Ganesh Ram Santhanam, Suresh Kothari

Paper (PDF): FlowMiner-ICISS2015.pdf

Slides (PDF): FlowMiner-ICISS2015-slides.pdf

Tool: http://powerofpi.github.io/FlowMiner/

Source Code: https://github.com/powerofpi/FlowMiner

Bibtex:

@incollection{
year={2015},
booktitle={Proceedings of the International Conference on Information Systems Security},
volume={9478},
series={Lecture Notes in Computer Science},
editor={Jajodia, Sushil and Mazumdar, Chandan},
title={FlowMiner: Automatic Summarization of Library Data-Flow for Malware Analysis},
publisher={Springer International Publishing},
author={Tom Deering and Ganesh Ram Santhanam and Suresh Kothari},
language={English}
}