TriFlow - Omid Mirzaei | Universidad Carlos III de Madrid

Go to content

Main menu:



A Brief Introduction

Information flows in Android can be effectively used to give an informative summary of an application’s behavior, showing how and for what purpose apps use specific pieces of information. This has been shown to be extremely useful to characterize risky behaviors and, ultimately, to identify unwanted or malicious applications in Android. However, identifying information flows in an application is computationally highly expensive and, with more than one million apps in the Google Play market, it is critical to prioritize applications that are likely to pose a risk. In this work, we develop a triage mechanism to rank applications considering their potential risk. Our approach, called TriFlow, relies on static features that are quick to obtain. TriFlow combines a probabilistic model to predict the existence of information flows with a metric of how significant a flow is in benign and malicious apps. Based on this, TriFlow provides a score for each application that can be used to prioritize analysis. TriFlow also provides an explanatory report of the associated risk. We evaluate our tool with a representative dataset of benign and malicious Android apps. Our results show that it can predict the presence of information flows very accurately and that the overall triage mechanism enables significant resource saving.


  • Prediction of information flows in Android applications
  • A mechanism to weight information flows in Android applications
  • A new risk metric based on information flows
  • A light-weight triage system that can be incorporated into computationally expensive static and dynamic analysis tools


TriFlow: Triaging Android Applications using Speculative Information Flows
O. Mirzaei, G. Suarez-Tangil, J. E. Tapiador, J. M. de Fuentes
ACM Asia Conference on Computer and Communications Security (ASIACCS), Abu Dhabi, UAE (April 2017) [PDF | BibTex]


  • Best Previously Published Paper Award from 4th Spanish National Cybersecurity Research Conference
     Donostia-San Sebastian, Spain (June 2018)

  • 3rd Place Award from CSAW-Europe Best Applied Security Research Competition
     As the third top applied security research work in Europe
     Grenoble INP-ESISAR, Valence, France (November 2017)


Source Codes

You can download TriFlow from my GitHub profile in here.

News and Updates

TriFlow updates are accessible either from my Twitter account or from my news archive.

@ Omid Mirzaei - All rights reserved
Back to content | Back to main menu