I am a Doctoral Researcher in Software Security and Software Engineering at the University of Luxembourg. I am part of the Interdisciplinary Centre for Security, Reliability and Trust (SnT) and member of TruX research group. Beforehand, I received my Master's degree in Computer and Information Systems Security from the University of Lorraine (France). My research interests are in the security aspects of software engineering, particularly in automatic malware and vulnerability detection using static code analysis. Currently, I am focusing on Android systems. My thesis is under the supervision of Prof. Jacques Klein and I am being advised by Prof. Tegawendé F. Bissyandé and Prof. Alexandre Bartel.
-
Android code unification to perform comprehensive static analysis of Android app: In Android apps, dex bytecode cohabits with native code which can be used through the Java Native Interface. Due to the challenge presented to analyze native code, it is most of the time overlooked by existing approaches. This limitation is a severe threat to validity since malicious behavior can be implemented in native code. Therefore, I have the ambition to propose a model unifying both the bytecode and the native code in Android apps. I proposed a first step toward this direction at the call-graph level and with more granularity at the statement level relying on heuristic-based defined statements.
-
Logic bomb detection in Android apps: Nowadays, one of the main goal of malware writers is to evade analyses. One prominent technique used to stay under the radar of dynamic analyzers is to use logic bombs. This mechanism triggers the malicious only under specific circumstances. As a challenging and unresolved problem, I tackle this problem with static approaches. After replicating existing approaches, I contributed to the research effort by proposing an hybrid approach combining static analysis and anomaly detection.
-
Improving Android apps Inter-Component Communication: Android apps are built upon several components that communicate together through Inter-Component Communication (ICC) mechanism. Modeling ICC is a key in Android apps static analysis to ensure data flow tracking through components, as reported by IccTA. However, a substantial number of ICC methods were overlook by the state of the art, leaving room to a lack of precision in app modeling. Indeed, I noticed that ICC can be triggered through what I called Atypical ICC methods (AICCM). To cope with this limitation, I built RAICC, an approach that is AICCM-aware. Hence, existing static approach can rely on RAICC to perform more complete analyses.
Publications
Analyse Statique et Automatisée de Code
Jordan Samhi.
Multi-System & Internet Security Cookbook (MISC 09/2022)
TriggerZoo: A Dataset of Android Applications Automatically Infected with Logic Bombs
Jordan Samhi, Tegawendé F. Bissyandé, Jacques Klein.
19th International Conference on Mining Software Repositories, Data Showcase, Pittsburgh, USA (MSR 2022)
JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis
Jordan Samhi, Jun Gao, Nadia Daoudi, Pierre Graux, Henri Hoyez, Xiaoyu Sun, Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein.
44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, USA (ICSE 2022)
Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps
Jordan Samhi, Li Li, Tegawendé F. Bissyandé, Jacques Klein.
44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, USA (ICSE 2022)
On The (In)Effectiveness of Static Logic Bomb Detector for Android Apps
Jordan Samhi, Alexandre Bartel.
IEEE Transactions on Dependable and Secure Computing (TDSC 2021)
DexRay: A Simple, yet Effective Deep Learning Approach to Android Malware Detection based on Image Representation of Bytecode
Nadia Daoudi, Jordan Samhi, Abdoul Kader Kaboré, Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein.
2nd International Workshop on Deployable Machine Learning for Security Defense, Singapore, Aug. 2021 (MLHat @KDD)
Les dangers de Pastebin
Jordan Samhi, Tegawendé F. Bissyandé, Jacques Klein.
Multi-System & Internet Security Cookbook (MISC 05/2021)
RAICC: Revealing Atypical Inter-Component Communication in Android Apps
Jordan Samhi, Alexandre Bartel, Tegawendé F. Bissyandé, Jacques Klein.
43rd IEEE/ACM International Conference on Software Engineering, Madrid, Spain (ICSE 2021)
A first look at Android applications in Google Play related to COVID-19
Jordan Samhi, Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein.
Empirical Software Engineering, Springer (EMSE 2021)
Désamorcer des bombes logiques
Jordan Samhi, Alexandre Bartel.
Multi-System & Internet Security Cookbook (MISC 09/2020)
Experience
University of Luxembourg · Interdisciplinary Centre for Security, Reliability and Trust · TruX
Doctoral Researcher , November 2019 - Present
Supervisors: Prof. Jacques Klein, Prof. Tegawendé F. Bissyandé
Research in the security aspects of software engineering with a particular focus on malware and vulnerability detection. Analysis of Android applications by reverse engineering and developing static analysis programs.
University of Washington · Computer Science & Engineering · Programming Languages and Software Engineering group · PLSE
Visiting Doctoral Researcher , February 2022 - June 2022
Supervisors: Prof. Jacques Klein, Prof. Tegawendé F. Bissyandé, Prof. Michael Ernst, Prof. René Just
Researching the Android framework to find new ways to enable logic bombs without conditional statement.
University of Luxembourg · Interdisciplinary Centre for Security, Reliability and Trust · SerVal
Research Intern , April 2019 - September 2019
Supervisors: Prof. Alexandre Bartel
Literature review on Static Analysis, Malware detection and Android Security. Reverse-engineering of Android applications. Study of anti-reverse-enrineering mecanisms. Open-source development of a solution based on pure static analysis to detect hidden malicious code.
Supervision
Pedro Ruiz Jiménez
Student JobUniversity of Luxembourg · July 2022 – August 2022
Master's degree in Information and Computer Science.
Empirical study to characterize file usage in Android apps.
Claude Ohlhoff
Master's ThesisUniversity of Luxembourg · April 2022 – September 2022
Master's degree in Information and Computer Science.
Detecting Javascript Vulnerabilities using Static Analysis.
Fernandez Oliva Cesar Francisco
InternshipUniversity of Luxembourg · February 2022 – September 2022
Master's degree in Entrepreneurship and Innovation.
Business development of a spin-off project.
Ye Qiu
Master's ThesisUniversity of Luxembourg · February 2022 – June 2022
Master's degree in Information and Computer Science.
Digging the Android Framework to find ways to Trigger Logic Bombs.
François Jullion
InternshipÉcole Nationale Supérieure d’Ingénieurs de Bretagne-Sud (ENSIBS), France · June 2021 – August 2021
Engineering degree in Software Security.
Automatically extracting logic bomb's guarded code using static analysis to build minimal Android app for further dynamic analysis.
Nahom Belay
Student JobNational Institute of Applied Sciences of Toulouse (INSA), France · June 2021 – August 2021
Master's degree in Software Security.
Manual characterization of Android malware families using reverse-engineering tools.
Ye Qiu
Student JobUniversity of Luxembourg · May 2021 – July 2021
Master's degree in Information and Computer Science.
Manual characterization of Android malware families using reverse-engineering tools.
Mansaf Bourkaib
Master's ThesisUniversity of Lorraine, France · March 2021 – September 2021
Master's degree in Information and Computer Security, Networks and Virtual Architectures.
Extracting Android apps information and building efficient query interface for selecting apps matching specific characteristics.
Vanitha Varadharajan
Master's ThesisUniversity of Luxembourg · February 2021 – August 2021
Master's degree in Information and Computer Science.
Mining source code samples from Pastebin public data.
Sean Achtatou
Bachelor ProjectUniversity of Luxembourg · February 2020 – July 2020
Bachelor in Information and Computer Science.
Machine-learning based characterization of Android Malware.
