An Anti-Fuzzing Approach for Android Apps

Thumbnail Image
2023-Cheng-AntiRuzzingApproachManuscript.pdf (317.99 KB)

File Embargoed Until: (2024-10-19)
Cheng, Chris Chao-Chun
Lin, Li
Shi, Chen
Guan, Yong
Major Professor
Committee Member
Journal Title
Journal ISSN
Volume Title
Springer Nature Switzerland AG 2023
Research Projects
Organizational Units
Organizational Unit
Electrical and Computer Engineering

The Department of Electrical and Computer Engineering (ECpE) contains two focuses. The focus on Electrical Engineering teaches students in the fields of control systems, electromagnetics and non-destructive evaluation, microelectronics, electric power & energy systems, and the like. The Computer Engineering focus teaches in the fields of software systems, embedded systems, networking, information security, computer architecture, etc.

The Department of Electrical Engineering was formed in 1909 from the division of the Department of Physics and Electrical Engineering. In 1985 its name changed to Department of Electrical Engineering and Computer Engineering. In 1995 it became the Department of Electrical and Computer Engineering.

Dates of Existence

Historical Names

  • Department of Electrical Engineering (1909-1985)
  • Department of Electrical Engineering and Computer Engineering (1985-1995)

Related Units

Organizational Unit
Center for Statistics and Applications in Forensic Evidence
The Center for Statistics and Applications in Forensic Evidence (CSAFE) carries out research on the scientific foundations of forensic methods, develops novel statistical methods and transfers knowledge and technological innovations to the forensic science community. We collaborate with more than 80 researchers and across six universities to drive solutions to support our forensic community partners with accessible tools, open-source databases and educational opportunities.
Journal Issue
Is Version Of
One of significant mobile app forensic analysis problems is the app evidence extraction from the device. Given the fact that mobile apps could generate more than 19K files in a device [6], simply manually inspecting every file is time consuming and may miss critical piece of evidence. A recent forensic analysis study [38] shows that fuzzing tools (a.k.a. fuzzer), which programmatically produce interactions with mobile apps, can be helpful when they are paired with sandbox environments for studying the app’s runtime forensic behaviors, by which forensic practitioners summarize the patterns of evidential data (such as GPS coordinates) that could greatly help with future forensic investigation. However, we found there is no study of how reliable do fuzzing tools help with improving the efficiency of mobile app forensic analysis.
We, therefore, propose AFuzzShield, which aims at verifying the mobile app program coverage under the scenario when the app has the anti-fuzzing technologies applied. By analyzing the runtime information of mobile app interaction traces, it can prevent real-world apps from being exercised by fuzzers and minimizes the overhead of human usages. Our proposed approach exploits a statistical model to distinguish the difference between fuzzer and human patterns, and therefore it does not require graphical user interface (GUI) injections and is compatible with any real-world apps with touchable/clickable GUIs. We evaluate AFuzzShield on apps from AndroTest, a popular benchmark app dataset for testing various fuzzers, and the results demonstrate that, the mobile app program coverage can be significantly affected when it has anti-fuzzing technique, AFuzzShield, deployed, which results in missing mobile app evidential data patterns in the analysis (e.g. 70% of apps show promising results when having AFuzzShield applied under Monkey).
This is a manuscript of a proceeding published as Cheng, C.CC., Lin, L., Shi, C., Guan, Y. (2023). An Anti-Fuzzing Approach for Android Apps. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XIX. DigitalForensics 2023. IFIP Advances in Information and Communication Technology, vol 687. Springer, Cham. © 2023 IFIP International Federation for Information Processing. Posted with permission of CSAFE.