Abstract:
Android has been a major target of malicious applications (malapps). How to detect and keep the malapps out of the app markets is an ongoing challenge. One of the central...Show MoreMetadata
Abstract:
Android has been a major target of malicious applications (malapps). How to detect and keep the malapps out of the app markets is an ongoing challenge. One of the central design points of Android security mechanism is permission control that restricts the access of apps to core facilities of devices. However, it imparts a significant responsibility to the app developers with regard to accurately specifying the requested permissions and to the users with regard to fully understanding the risk of granting certain combinations of permissions. Android permissions requested by an app depict the app’s behavioral patterns. In order to help understanding Android permissions, in this paper, we explore the permission-induced risk in Android apps on three levels in a systematic manner. First, we thoroughly analyze the risk of an individual permission and the risk of a group of collaborative permissions. We employ three feature ranking methods, namely, mutual information, correlation coefficient, and T-test to rank Android individual permissions with respect to their risk. We then use sequential forward selection as well as principal component analysis to identify risky permission subsets. Second, we evaluate the usefulness of risky permissions for malapp detection with support vector machine, decision trees, as well as random forest. Third, we in depth analyze the detection results and discuss the feasibility as well as the limitations of malapp detection based on permission requests. We evaluate our methods on a very large official app set consisting of 310 926 benign apps and 4868 real-world malapps and on a third-party app sets. The empirical results show that our malapp detectors built on risky permissions give satisfied performance (a detection rate as 94.62% with a false positive rate as 0.6%), catch the malapps’ essential patterns on violating permission access regulations, and are universally applicable to unknown malapps (detection rate as 74.03%).
Published in: IEEE Transactions on Information Forensics and Security ( Volume: 9, Issue: 11, November 2014)
Funding Agency:
School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China
Wei Wang is currently an Associate Professor with the School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China. He received the Ph.D. degree in control science and engineering from Xi’an Jiaotong University, Xi’an, China, in 2006. He was a Post-Doctoral Researcher with the University of Trento, Trento, Italy, from 2005 to 2006. He was a Post-Doctoral Researcher with TELECOM Bretagne, Renn...Show More
Wei Wang is currently an Associate Professor with the School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China. He received the Ph.D. degree in control science and engineering from Xi’an Jiaotong University, Xi’an, China, in 2006. He was a Post-Doctoral Researcher with the University of Trento, Trento, Italy, from 2005 to 2006. He was a Post-Doctoral Researcher with TELECOM Bretagne, Renn...View more
School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China
Xing Wang is currently pursuing the Ph.D. degree with the School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China. He received the B.S. degree from Beijing Jiaotong University in 2009. He visited the King Abudullah University of Science and Technology, Thuwal, Saudi Arabia, in 2014. His main research interests lie in mobile security.
Xing Wang is currently pursuing the Ph.D. degree with the School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China. He received the B.S. degree from Beijing Jiaotong University in 2009. He visited the King Abudullah University of Science and Technology, Thuwal, Saudi Arabia, in 2014. His main research interests lie in mobile security.View more
National University of Defense Technology, Changsha, China
Dawei Feng received the B.S. and M.S. degrees from the National University of Defense Technology (NUDT), Changsha, China, in 2007 and 2010, respectively, and the Ph.D. degree from the Université Paris-Sud, Orsay, France, in 2014. He is currently an Assistant Professor with NUDT. He visited the King Abudullah University of Science and Technology, Thuwal, Saudi Arabia, in 2013. His main research interests include machine le...Show More
Dawei Feng received the B.S. and M.S. degrees from the National University of Defense Technology (NUDT), Changsha, China, in 2007 and 2010, respectively, and the Ph.D. degree from the Université Paris-Sud, Orsay, France, in 2014. He is currently an Assistant Professor with NUDT. He visited the King Abudullah University of Science and Technology, Thuwal, Saudi Arabia, in 2013. His main research interests include machine le...View more
School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China
Jiqiang Liu received the B.S. and Ph.D. degrees from Beijing Normal University, Beijing, China, in 1994 and 1999, respectively. He is currently a Professor with the School of Computer and Information Technology, Beijing Jiaotong University, Beijing. He has authored over 60 scientific papers in various journals and international conferences. His main research interests are trusted computing, cryptographic protocols, privac...Show More
Jiqiang Liu received the B.S. and Ph.D. degrees from Beijing Normal University, Beijing, China, in 1994 and 1999, respectively. He is currently a Professor with the School of Computer and Information Technology, Beijing Jiaotong University, Beijing. He has authored over 60 scientific papers in various journals and international conferences. His main research interests are trusted computing, cryptographic protocols, privac...View more
School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China
Zhen Han received the Ph.D. degree from the China Academy of Engineering Physics, Beijing, China, in 1991. He is currently a Professor with the School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China. He has authored or coauthored over 100 papers in various journals and international conferences. His main research interests are information security architecture and trusted computing.
Zhen Han received the Ph.D. degree from the China Academy of Engineering Physics, Beijing, China, in 1991. He is currently a Professor with the School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China. He has authored or coauthored over 100 papers in various journals and international conferences. His main research interests are information security architecture and trusted computing.View more
Division of Computer, Electrical and Mathematical Sciences and Engineering, King Abdullah University of Science and Technology, Thuwal, Saudi Arabia
Xiangliang Zhang is currently an Assistant Professor and directs the Machine Intelligence and Knowledge Engineering Laboratory with the Division of Computer, Electrical, and Mathematical Sciences and Engineering, King Abdullah University of Science and Technology, Thuwal, Saudi Arabia. She was a European ERCIM Research Fellow with the Department of Computer and Information Science, Norwegian University of Science and Tech...Show More
Xiangliang Zhang is currently an Assistant Professor and directs the Machine Intelligence and Knowledge Engineering Laboratory with the Division of Computer, Electrical, and Mathematical Sciences and Engineering, King Abdullah University of Science and Technology, Thuwal, Saudi Arabia. She was a European ERCIM Research Fellow with the Department of Computer and Information Science, Norwegian University of Science and Tech...View more
Contents School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China
Wei Wang is currently an Associate Professor with the School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China. He received the Ph.D. degree in control science and engineering from Xi’an Jiaotong University, Xi’an, China, in 2006. He was a Post-Doctoral Researcher with the University of Trento, Trento, Italy, from 2005 to 2006. He was a Post-Doctoral Researcher with TELECOM Bretagne, Rennes, France, and the Institut National de Recherche en Informatique et en Automatique (INRIA), France, from 2007 to 2008. He was a European ERCIM Fellow with the Norwegian University of Science and Technology (NTNU), Trondheim, Norway, and the Interdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg, from 2009 to 2011. He visited INRIA, ETH Zurich, Zürich, Switzerland, NTNU, CNR, and New York University Polytechnic, New York, NY, USA. He has authored or coauthored over 35 peer-reviewed papers in various journals and international conferences. His main research interests include mobile, computer, and network security.
Wei Wang is currently an Associate Professor with the School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China. He received the Ph.D. degree in control science and engineering from Xi’an Jiaotong University, Xi’an, China, in 2006. He was a Post-Doctoral Researcher with the University of Trento, Trento, Italy, from 2005 to 2006. He was a Post-Doctoral Researcher with TELECOM Bretagne, Rennes, France, and the Institut National de Recherche en Informatique et en Automatique (INRIA), France, from 2007 to 2008. He was a European ERCIM Fellow with the Norwegian University of Science and Technology (NTNU), Trondheim, Norway, and the Interdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg, from 2009 to 2011. He visited INRIA, ETH Zurich, Zürich, Switzerland, NTNU, CNR, and New York University Polytechnic, New York, NY, USA. He has authored or coauthored over 35 peer-reviewed papers in various journals and international conferences. His main research interests include mobile, computer, and network security.View more
School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China
Xing Wang is currently pursuing the Ph.D. degree with the School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China. He received the B.S. degree from Beijing Jiaotong University in 2009. He visited the King Abudullah University of Science and Technology, Thuwal, Saudi Arabia, in 2014. His main research interests lie in mobile security.
Xing Wang is currently pursuing the Ph.D. degree with the School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China. He received the B.S. degree from Beijing Jiaotong University in 2009. He visited the King Abudullah University of Science and Technology, Thuwal, Saudi Arabia, in 2014. His main research interests lie in mobile security.View more
National University of Defense Technology, Changsha, China
Dawei Feng received the B.S. and M.S. degrees from the National University of Defense Technology (NUDT), Changsha, China, in 2007 and 2010, respectively, and the Ph.D. degree from the Université Paris-Sud, Orsay, France, in 2014. He is currently an Assistant Professor with NUDT. He visited the King Abudullah University of Science and Technology, Thuwal, Saudi Arabia, in 2013. His main research interests include machine learning, data mining, and cloud computing.
Dawei Feng received the B.S. and M.S. degrees from the National University of Defense Technology (NUDT), Changsha, China, in 2007 and 2010, respectively, and the Ph.D. degree from the Université Paris-Sud, Orsay, France, in 2014. He is currently an Assistant Professor with NUDT. He visited the King Abudullah University of Science and Technology, Thuwal, Saudi Arabia, in 2013. His main research interests include machine learning, data mining, and cloud computing.View more
School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China
Jiqiang Liu received the B.S. and Ph.D. degrees from Beijing Normal University, Beijing, China, in 1994 and 1999, respectively. He is currently a Professor with the School of Computer and Information Technology, Beijing Jiaotong University, Beijing. He has authored over 60 scientific papers in various journals and international conferences. His main research interests are trusted computing, cryptographic protocols, privacy preserving, and network security.
Jiqiang Liu received the B.S. and Ph.D. degrees from Beijing Normal University, Beijing, China, in 1994 and 1999, respectively. He is currently a Professor with the School of Computer and Information Technology, Beijing Jiaotong University, Beijing. He has authored over 60 scientific papers in various journals and international conferences. His main research interests are trusted computing, cryptographic protocols, privacy preserving, and network security.View more
School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China
Zhen Han received the Ph.D. degree from the China Academy of Engineering Physics, Beijing, China, in 1991. He is currently a Professor with the School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China. He has authored or coauthored over 100 papers in various journals and international conferences. His main research interests are information security architecture and trusted computing.
Zhen Han received the Ph.D. degree from the China Academy of Engineering Physics, Beijing, China, in 1991. He is currently a Professor with the School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China. He has authored or coauthored over 100 papers in various journals and international conferences. His main research interests are information security architecture and trusted computing.View more
Division of Computer, Electrical and Mathematical Sciences and Engineering, King Abdullah University of Science and Technology, Thuwal, Saudi Arabia
Xiangliang Zhang is currently an Assistant Professor and directs the Machine Intelligence and Knowledge Engineering Laboratory with the Division of Computer, Electrical, and Mathematical Sciences and Engineering, King Abdullah University of Science and Technology, Thuwal, Saudi Arabia. She was a European ERCIM Research Fellow with the Department of Computer and Information Science, Norwegian University of Science and Technology (NTNU), Trondheim, Norway, in 2010. She received the Ph.D. (Hons.) degree in computer science from the Institut National de Recherche en Informatique et en Automatique, University Paris-Sud 11, Orsay, France, in 2010. She visited the IBM T. J. Watson Research Center, Yorktown Heights, NY, USA, Texas A&M University, College Station, TX, USA, University Paris-Sud 11, Concordia University, Montreal, QC, Canada, Microsoft Research Asia, Beijing, and the University of Luxembourg, Luxembourg. She serves as a Program Committee Member of premier conferences, such as the Conference on Knowledge Discovery and Data Mining, the IEEE International Conference on Data Engineering, and the IEEE International Conference on Data Mining series. She has authored or coauthored over 50 refereed papers in various journals and conferences. Her main research interests and experiences are in diverse areas of machine intelligence and knowledge engineering, such as complex system modeling, computer security, and big data processing.
Xiangliang Zhang is currently an Assistant Professor and directs the Machine Intelligence and Knowledge Engineering Laboratory with the Division of Computer, Electrical, and Mathematical Sciences and Engineering, King Abdullah University of Science and Technology, Thuwal, Saudi Arabia. She was a European ERCIM Research Fellow with the Department of Computer and Information Science, Norwegian University of Science and Technology (NTNU), Trondheim, Norway, in 2010. She received the Ph.D. (Hons.) degree in computer science from the Institut National de Recherche en Informatique et en Automatique, University Paris-Sud 11, Orsay, France, in 2010. She visited the IBM T. J. Watson Research Center, Yorktown Heights, NY, USA, Texas A&M University, College Station, TX, USA, University Paris-Sud 11, Concordia University, Montreal, QC, Canada, Microsoft Research Asia, Beijing, and the University of Luxembourg, Luxembourg. She serves as a Program Committee Member of premier conferences, such as the Conference on Knowledge Discovery and Data Mining, the IEEE International Conference on Data Engineering, and the IEEE International Conference on Data Mining series. She has authored or coauthored over 50 refereed papers in various journals and conferences. Her main research interests and experiences are in diverse areas of machine intelligence and knowledge engineering, such as complex system modeling, computer security, and big data processing.View more
