PUREDroid: Permission Usage and Risk Estimation for Android Applications
作者: Ali Alshehri , Pawel Marcinek , Abdulrahman Alzahrani , Hani Alshahrani , Huirong Fu
关键词: Malware 、 Computer security 、 Permission 、 Download 、 Harm 、 Information sensitivity 、 Android (operating system) 、 Computer science 、 Social engineering (security) 、 Risk assessment
摘要: Android applications pose many security risks that affect the and privacy of their users. Adversaries construct different types' types malicious use social engineering approaches to attract users download trust these applications. Malicious usually request permissions are not related main functionality in order access sensitive information or resources. Most attempt grant requested without understanding potential harm those how can be misused disclose privacy. Therefore, there is a need for risk assessment model which intimate about level by an application assist make right decision whether deny permission. This paper proposes Permission Usage Risk Estimation (PUREDroid) measure applications' magnitude resulting from granting extraneous requests. In evaluation with more than 25000 applications, including 5773 malware 19242 benign we demonstrate usefulness effectiveness our proposed scoring method.
sci-hub.se 参考文章(14)
Franklin Tchakounté, Permission-based Malware Detection Mechanisms on Android: Analysis and Perspectives Journal of Computer Science and Software Application. ,vol. 1, pp. 63- 77 ,(2014)
Yang Wang, Jun Zheng, Chen Sun, Srinivas Mukkamala, Quantitative Security Risk Assessment of Android Permissions and Applications Lecture Notes in Computer Science. pp. 226- 241 ,(2013) , 10.1007/978-3-642-39256-6_15
Huikang Hao, Zhoujun Li, Haibo Yu, An Effective Approach to Measuring and Assessing the Risk of Android Application theoretical aspects of software engineering. pp. 31- 38 ,(2015) , 10.1109/TASE.2015.16
Ryan Stevens, Jonathan Ganz, Vladimir Filkov, Premkumar Devanbu, Hao Chen, Asking for (and about) permissions used by Android apps mining software repositories. pp. 31- 40 ,(2013) , 10.1109/MSR.2013.6624000
Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, David Wagner, Android permissions: user attention, comprehension, and behavior symposium on usable privacy and security. pp. 3- ,(2012) , 10.1145/2335356.2335360
Christopher S. Gates, Ninghui Li, Hao Peng, Bhaskar Sarma, Yuan Qi, Rahul Potharaju, Cristina Nita-Rotaru, Ian Molloy, Generating Summary Risk Scores for Mobile Applications IEEE Transactions on Dependable and Secure Computing. ,vol. 11, pp. 238- 251 ,(2014) , 10.1109/TDSC.2014.2302293
Elli Fragkaki, Lujo Bauer, Limin Jia, David Swasey, Modeling and Enhancing Android’s Permission System Computer Security – ESORICS 2012. pp. 1- 18 ,(2012) , 10.1007/978-3-642-33167-1_1
Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein, Yves Le Traon, AndroZoo: collecting millions of Android apps for the research community mining software repositories. pp. 468- 471 ,(2016) , 10.1145/2901739.2903508
Gianluca Dini, Fabio Martinelli, Ilaria Matteucci, Marinella Petrocchi, Andrea Saracino, Daniele Sgandurra, Risk analysis of Android applications: a user-centric solution Future Generation Computer Systems. ,vol. 80, pp. 505- 518 ,(2018) , 10.1016/J.FUTURE.2016.05.035
Qusay H. Mahmoud, Dylan Kauling, Shaun Zanin, Hidden android permissions: Remote code execution and shell access using a live wallpaper consumer communications and networking conference. pp. 599- 600 ,(2017) , 10.1109/CCNC.2017.7983184