Secure Mobile and Autonomous Systems

Mining and Anomalies

Combining Machine Learning with Testing and Analysis.


Checking or proving that software does what it should do requires a precise specification of the expected behavior. If a computer is set to do the checking, this specification must even come in a mathematical form that the computer understands, which is a hard and costly task. To detect that something is wrong, though, it can suffice that something is different from others – even if this “something” cannot be exactly determined. We use large sets of existing programs (such as mobile apps) to have machine learning determine their common properties, and then check new programs to whether they fall in line with these properties. For instance, we can learn that “travel” mobile apps typically access the user’s location, but rarely her text message history. If a new unknown “travel” app comes along and tries to access past text messages and other sensitive information, we can identify it as anomaly because “travel” apps normally do not to that. These checks, which combine machine learning with testing and analysis, are now in place at all major app stores.

Anomaly Mining Workflow