GGrantIndex
← Search

SaTC: CORE: Small: Securing Web-to-Mobile Interface Through Characterization and Detection of Malicious Deep Links

$500,000FY2017CSENSF

Virginia Polytechnic Institute And State University, Blacksburg VA

Investigators

Abstract

With the wide adoption of mobile devices, mobile websites and applications (apps) have become the primary interfaces to access online content. Mobile deep-linking, a key mechanism to index mobile content, has been widely used to enable users to navigate across websites, search engines and mobile apps and become instrumental to improving users' online experience. Unfortunately, mobile deeplinks are designed without security in mind, which allows malicious apps or websites to launch stealthy attacks to hijack user clicks, steal sensitive information and perform phishing attacks. With more apps and websites deep-linked every day, this becomes an emerging security threat to a broad Internet population. This project is developing methodologies and usable tools to measure, analyze and secure mobile deeplinks in today's mobile-web ecosystem. To first understand the emerging security threat, the researchers are developing novel measurement frameworks to map out the empirical connections between mobile apps and the web by automatically extracting mobile deeplinks from the market-scale apps. In addition, the researchers are investigating automated techniques to detect deeplink-based abuse without relying on large-scale ground-truth data. One target approach is to construct deeplink graphs for apps and websites and explore detection techniques using semi-supervised learning and trust prorogation schemes. Finally, the researchers are developing analytics tools to extract context information from mobile deeplinks to enable intelligent alert systems to safeguard the deeplink usage. The researchers are investigating the tradeoffs between security and usability to design safer ways of using deeplinks without sacrificing the usability.

View original record on NSF Award Search →