Entropy-based security risk measurement for Android mobile applications
作者: Mahmood Deypir
DOI: 10.1007/S00500-018-3377-5
关键词:
摘要: Android as a widest used operating system for smartphones and mobile devices uses permissions to restrict malicious applications (apps). However, malware developers use various social engineering methods entice users installing malwares after granting critical by users. Therefore, it is essential estimate security risks of untrusted apps help making better decisions regarding app selection installation. In this paper, the concept criticality precisely defined according abuse known their legal usage useful apps. Based on definition analyzing requested large numbers benign apps, new criterion proposed measure This benefits from concepts entropy information gain separating criterion, more informative have higher impacts computed risk values. order evaluate two datasets recent non-malicious been constructed analyzed against existing ones. analysis shows that permission patterns are changed over time. Empirical evaluations previous reveal superiority with respect previously ones in terms assigning larger values malwares.
springer.com
sci-hub.se 参考文章(30)
Konrad Rieck, Thorsten Holz, Carsten Willems, Patrick Düssel, Pavel Laskov, Learning and Classification of Malware Behavior international conference on detection of intrusions and malware and vulnerability assessment. pp. 108- 125 ,(2008) , 10.1007/978-3-540-70542-0_6
Yousra Aafer, Wenliang Du, Heng Yin, DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. pp. 86- 103 ,(2013) , 10.1007/978-3-319-04283-1_6
Anthony Desnos, Android: Static Analysis Using Similarity Distance hawaii international conference on system sciences. pp. 5394- 5403 ,(2012) , 10.1109/HICSS.2012.114
David Barrera, H. G üne ş Kayacik, Paul C. van Oorschot, Anil Somayaji, A methodology for empirical analysis of permission-based security models and its application to android Proceedings of the 17th ACM conference on Computer and communications security - CCS '10. pp. 73- 84 ,(2010) , 10.1145/1866307.1866317
Iker Burguera, Urko Zurutuza, Simin Nadjm-Tehrani, Crowdroid Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices - SPSM '11. pp. 15- 26 ,(2011) , 10.1145/2046614.2046619
Dimitris Geneiatakis, Igor Nai Fovino, Ioannis Kounelis, Pasquale Stirparo, A Permission verification approach for android mobile applications Computers & Security. ,vol. 49, pp. 192- 205 ,(2015) , 10.1016/J.COSE.2014.10.005
William Enck, Machigar Ongtang, Patrick McDaniel, On lightweight mobile phone application certification computer and communications security. pp. 235- 245 ,(2009) , 10.1145/1653662.1653691
Patrick Gage Kelley, Lorrie Faith Cranor, Norman Sadeh, Privacy as part of the app decision-making process human factors in computing systems. pp. 3393- 3402 ,(2013) , 10.1145/2470654.2466466
Lei Cen, Christoher S. Gates, Luo Si, Ninghui Li, A Probabilistic Discriminative Model for Android Malware Detection with Decompiled Source Code IEEE Transactions on Dependable and Secure Computing. ,vol. 12, pp. 400- 412 ,(2015) , 10.1109/TDSC.2014.2355839
Kabakus Abdullah Talha, Dogru Ibrahim Alper, Cetin Aydin, APK Auditor: Permission-based Android malware detection system Digital Investigation. ,vol. 13, pp. 1- 14 ,(2015) , 10.1016/J.DIIN.2015.01.001