Open Access Open Access  Restricted Access Subscription Access

Detecting Code Injection Attacks on Hybrid Apps with Machine Learning

Xi Xiao,
Ruibo Yan,
Runguo Ye,
Sancheng Peng,
Qing Li,

Abstract


Mobile devices become more and more popular. While code injection attacks can happen in hybrid applications on mobile systems and cause great damage. Thus, it is urgent to detect these attacks. However, the time complexity of the existing detection method is very high. In this paper, we propose a novel detection model based on machine learning. The frequently-used functions in PhoneGap, JavaScript and jQuery are regarded as new features in our model. We use information gain and Chi-square test to select key features from these functions. Then five distinct feature vectors are constructed by using different feature generation methods. Finally, based on these vectors, we employ six kinds of machine learning classifiers, such as genetic algorithms and online learning algorithms, to detect code injection vulnerabilities in hybrid applications. Extensive experiments demonstrate that the extended features can describe the application behavior better and our feature selection methods have good performance. In contrast to the other method, our method reduces the time complexity and reaches higher precision.

Keywords


Code injection; Hybrid application; Information gain; Chi-square test; Machine learning

Citation Format:
Xi Xiao, Ruibo Yan, Runguo Ye, Sancheng Peng, Qing Li, "Detecting Code Injection Attacks on Hybrid Apps with Machine Learning," Journal of Internet Technology, vol. 18, no. 4 , pp. 843-854, Jul. 2017.

Full Text:

PDF

Refbacks

  • There are currently no refbacks.




Published by Executive Committee, Taiwan Academic Network, Ministry of Education, Taipei, Taiwan, R.O.C
JIT Editorial Office, Office of Library and Information Services, National Dong Hwa University
No. 1, Sec. 2, Da Hsueh Rd., Shoufeng, Hualien 974301, Taiwan, R.O.C.
Tel: +886-3-931-7314  E-mail: jit.editorial@gmail.com