nach oben

Erschienen in:

2021 | OriginalPaper | Buchkapitel

A Novel Proposal of Using NLP to Analyze IoT Apps Towards Securing User Data

verfasst von : Raghunath Maji, Atreyee Biswas, Rituparna Chaki

Erschienen in: Computer Information Systems and Industrial Management

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The evolution of Internet of Things over the years has led to all time connectivity among us. However, the heterogeneity of the constituent layers of IoT makes it vulnerable to multiple security threats. One of the typical vulnerability of IoT involves the endpoint, i.e. the apps that are used by end users for enabling IoT services. Generally, the users have to authorize the app, during installation time, to perform certain tasks. Often the apps ask for permissions to access information which are not related to the IoT services provided by them. These over-privileged apps have the chance to turn malicious at any moment and use such information for their benefit. Sometimes, the users are naive enough to trust the apps and grant permissions without caution, thus leading to unintended exposure of personal information to malicious apps. It is important to analyze the app description for understanding the exact meaning of a stated functionality in the app description. In this paper, we have focused on the use of NLP in securing user data from malicious IoT apps by analysing their privacy policies and user reviews. This is followed by a novel proposal that supports cautious decision making of users based on a careful analysis of app behaviour.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Anonymous Group Signature Scheme with Publicly Verifiable General Access Structure

Nächstes Kapitel Addressing the Permutational Flow Shop Scheduling Problem Through Constructive Heuristics: A Statistical Comparison

McAfee Labs Threats Report, November 2020. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-nov-2020.pdf

Wang, R., Wang, Z., Tang, B., Zhao, L., Wang, L.: SmartPI: understanding permission implications of android apps from user reviews. IEEE Trans. Mob. Comput. 19(12), 2933–2945 (2020). https://doi.org/10.1109/TMC.2019.2934441CrossRef

Gorla, A., Tavecchia, I., Gross, F., Zeller, A.: Checking app behavior against app descriptions. In: Proceedings of the 36th International Conference on Software Engineering, pp. 1025–1035, May 2014

Yu, L., Luo, X., Qian, C., Wang, S., Leung, H.K.N.: Enhancing the description-to-behavior fidelity in android apps with privacy policy. IEEE Trans. Softw. Eng. 44(9), 834–854 (2018). https://doi.org/10.1109/TSE.2017.2730198CrossRef

Kuznetsov, K., Gorla, A., Tavecchia, I., Groß, F., Zeller, A.: Mining android apps for anomalies. In: Bird, C., Menzies, T., Zimmermann, T. (eds.) The Art and Science of Analyzing Software Data, pp. 257–283. Morgan Kaufmann (2015). https://doi.org/10.1016/B978-0-12-411519-4.00010-0. ISBN 9780124115194

Ma, S., Wang, S., Lo, D., Deng, R.H., Sun, C.: Active semi-supervised approach for checking app behavior against its description. In: IEEE 39th Annual Computer Software and Applications Conference, Taichung, Taiwan, pp. 179–184 (2015). https://doi.org/10.1109/COMPSAC.2015.93

Demissie, B.F., Ceccato, M., Shar, L.K.: Security analysis of permission re-delegation vulnerabilities in android apps. Empir. Softw. Eng. 25, 5084–5136 (2020). https://doi.org/10.1007/s10664-020-09879-8CrossRef

Harbach, M., Hettig, M., Weber, S., Smith, M.: Using personal examples to improve risk communication for security & privacy decisions. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2647–2656, April 2014

Jia, Y.J., et al.: ContexIoT: towards providing contextual integrity to appified IoT platforms. In: 21st Network and Distributed Security Symposium (NDSS 2017), February 2017

10.

Shibija, K., Joseph, R.V.: A machine learning approach to the detection and analysis of android malicious apps. In: International Conference on Computer Communication and Informatics (ICCCI), pp. 1–4 (2018). https://doi.org/10.1109/ICCCI.2018.8441472

11.

Yuan, H., Tang, Y.: MADFU: an improved malicious application detection method based on features uncertainty. Entropy 22(7), 792 (2020). https://doi.org/10.3390/e22070792MathSciNetCrossRef

12.

Almuhimedi, H., et al.: Your location has been shared 5,398 times! A field study on mobile app privacy nudging. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 787–796, April 2015

13.

Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: IEEE Symposium on Security and Privacy (SP) 2016, pp. 636–654 (2016). https://doi.org/10.1109/SP.2016.44

14.

Solanki, R.K., Laxmi, V., Gaur, M.S.: MAPPER: mapping application description to permissions. In: Kallel, S., Cuppens, F., Cuppens-Boulahia, N., Hadj Kacem, A. (eds.) CRiSIS 2019. LNCS, vol. 12026, pp. 84–98. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-41568-6_6CrossRef

15.

Wettlaufer, J., Simo, H.: Decision support for mobile app selection via automated privacy assessment. In: Friedewald, M., Önen, M., Lievens, E., Krenn, S., Fricker, S. (eds.) Privacy and Identity 2019. IAICT, vol. 576, pp. 292–307. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42504-3_19CrossRef

16.

Tian, Y., et al.: Smartauth: user-centered authorization for the internet of things. In: Proceedings of the 26th USENIX Conference on Security Symposium (SEC 2017), pp. 361–378. USENIX Association, USA (2017)

17.

Story, P., et al.: Natural language processing for mobile app privacy compliance. In: AAAI Spring Symposium on Privacy-Enhancing Artificial Intelligence and Language Technologies (2019)

18.

Tao, C., Guo, H., Huang, Z.: Identifying security issues for mobile applications based on user review summarization. Inf. Softw. Technol. 122, 106290 (2020)CrossRef

19.

Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: ACM Conference on Computer and Communications Security (CCS), pp. 627–638. ACM, New York (2011)

20.

Abdiansah, A., Wardoyo, R.: Time complexity analysis of support vector machines (SVM) in LibSVM. Int. J. Comput. Appl. 128(3), 28–34 (2015). https://doi.org/10.5120/ijca2015906480CrossRef

Titel: A Novel Proposal of Using NLP to Analyze IoT Apps Towards Securing User Data
verfasst von: Raghunath Maji
Atreyee Biswas
Rituparna Chaki
Verlag: Springer International Publishing
Buch: Computer Information Systems and Industrial Management
Print ISBN: 978-3-030-84339-7

Electronic ISBN: 978-3-030-84340-3

Copyright-Jahr: 2021
DOI: https://doi.org/10.1007/978-3-030-84340-3_12

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"