UIXPOSE: Mobile Malware Detection via Intention-Behaviour Discrepancy Analysis
By: Amirmohammad Pasdar, Toby Murray, Van-Thuan Pham
Potential Business Impact:
Finds hidden phone spying apps by watching what they do.
We introduce UIXPOSE, a source-code-agnostic framework that operates on both compiled and open-source apps. This framework applies Intention Behaviour Alignment (IBA) to mobile malware analysis, aligning UI-inferred intent with runtime semantics. Previous work either infers intent statically, e.g., permission-centric, or widget-level or monitors coarse dynamic signals (endpoints, partial resource usage) that miss content and context. UIXPOSE infers an intent vector from each screen using vision-language models and knowledge structures and combines decoded network payloads, heap/memory signals, and resource utilisation traces into a behaviour vector. Their alignment, calculated at runtime, can both detect misbehaviour and highlight exploration of behaviourally rich paths. In three real-world case studies, UIXPOSE reveals covert exfiltration and hidden background activity that evade metadata-only baselines, demonstrating how IBA improves dynamic detection.
Similar Papers
Effective and Stealthy One-Shot Jailbreaks on Deployed Mobile Vision-Language Agents
Cryptography and Security
Tricks phone apps to do bad things secretly.
BinCtx: Multi-Modal Representation Learning for Robust Android App Behavior Detection
Cryptography and Security
Finds bad apps by looking at code and how they work.
Mitigating Indirect Prompt Injection via Instruction-Following Intent Analysis
Cryptography and Security
Stops AI from following secret bad commands.