nach oben

Erschienen in:

2016 | OriginalPaper | Buchkapitel

A Skewness-Based Framework for Mobile App Permission Recommendation and Risk Evaluation

verfasst von : Keman Huang, Jinjing Han, Shizhan Chen, Zhiyong Feng

Erschienen in: Service-Oriented Computing

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Mobile ecosystem has penetrated into people’s daily life over these years and most web services are now using mobile application for service consumption. Permission system has been developed to protect the sensitive and valuable information stored in mobile. However, due to the complexity of permission framework, the permission over-privilege problem has become a serious problem bringing huge risk for the mobile ecosystem. Therefore, in this paper, we present a skewness-based framework for permission recommendation and risk evaluation, intending to facilitate the permission configuration and identify the risk applications. Specially, the topic model Latent Dirichlet Allocation is presented to build the mapping between app’s functionality and permission. Then a two-phase skewness-based filtering strategy is developed and combined with the collaborative filtering framework to remove the abnormal applications and permissions. Finally, the high risk permissions for each application are identified based on the difference between the malicious applications and popular applications. The experiments based on the Apps from Google Play shows that comparing with the state-of-the-art; our approach can effectively remove the abnormal applications and permissions, identify the unexpected and risk permissions, as well as generate the recommended permission configurations with better performance to reduce the permission over-privilege problem.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Time-Aware Customer Preference Sensing and Satisfaction Prediction in a Dynamic Service Market

Nächstes Kapitel On Engineering Analytics for Elastic IoT Cloud Platforms

http://ibotpeaches.github.io/Apktool.

http://virusshare.com.

Petsas, T., Papadogiannakis, A., Polychronakis, M., Markatos, E.P., Karagiannis, T.: Rise of the planet of the apps. In: Proceedings of the 2013 Conference on Internet Measurement Conference - IMC 2013, pp. 277–290 (2013)

Leavitt, N.: Mobile security: finally a serious problem? Computer 44, 11–14 (2011)CrossRef

Wijesekera, P., Columbia, B., Baokar, A., Hosseini, A., Egelman, S., Wagner, D.: Android permissions remystified: a field study on contextual integrity. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 499–514 (2015)

Acar, Y., Backes, M., Bugiel, S., Fahl, S., Mcdaniel, P., Smith, M.: SoK: lessons learned from android security research for appified software platforms. In: 37th IEEE Symposium on Security and Privacy, pp. 1–19 (2016)

Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, pp. 3:1–14 (2012)

Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security - CCS 2011, p. 627 (2011)

Liu, B., Lin, J., Sadeh, N.: Reconciling mobile app privacy and usability on smartphones: could user privacy profiles help? In: Proceedings of the 23rd International Conference on World Wide Web, pp. 201–212 (2014)

Kelley, P.G., Cranor, L.F., Sadeh, N.: Privacy as part of the app decision-making process. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, p. 11 (2013)

Au Kathy Wain Yee, Zhou, Y.F., Huang, Z., Lie, D.: PScout: analyzing the android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 217–228 (2012)

10.

Zhou, Y., Jiang, X.: Dissecting Android malware: characterization and evolution. In: Proceedings - IEEE Symposium on Security and Privacy, pp. 95–109 (2012)

11.

Wang, J., Chen, Q.: ASPG: generating android semantic permissions. In: Proceedings - 17th IEEE International Conference on Computational Science and Engineering, CSE 2014, pp. 591–598 (2014)

12.

Gorla, A., Tavecchia, I., Gross, F., Zeller, A.: Checking app behavior against app descriptions. In: Proceedings of the 36th International Conference on Software Engineering, pp. 1025–1035. ACM (2014)

13.

Qu, Z., Rastogi, V., Zhang, X., Chen, Y., Zhu, T., Chen, Z.: AutoCog: measuring the description-to-permission fidelity in Android applications. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS 2014, pp. 1354–1365 (2014)

14.

Pandita, R., Xiao, X., Yang, W., Enck, W., Xie, T.: Whyper: towards automating risk assessment of mobile applications. In: 22nd USENIX Security Symposium (USENIX Security 13), pp. 527–542 (2013)

15.

Wei, X., Gomez, L., Neamtiu, I., Faloutsos, M.: Permission evolution in the Android ecosystem. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 31–40 (2012)

16.

Liu, R., Cao, J., VanSyckel, S., Gao, W.: PriMe: human-centric privacy measurement based on user preferences towards data sharing in mobile participatory sensing systems. In: 2016 IEEE International Conference on Pervasive Computing and Communications (PerCom), pp. 1–8. IEEE (2016)

17.

Jana, S., Erlingsson, Ú., Ion, I.: Apples and Oranges: Detecting Least-Privilege Violators with Peer Group Analysis, pp. 1–11 (2015). arXiv:1510.07308

18.

Viennot, N., Garcia, E., Nieh, J.: A measurement study of google play. In: Measurement and Modeling of Computer Systems – SIGMETRICS, pp. 221–233 (2014)

19.

Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security - CCS 2009, pp. 235–245 (2009)

20.

Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Using probabilistic generative models for ranking risks of Android apps. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 241–252 (2012)

Titel: A Skewness-Based Framework for Mobile App Permission Recommendation and Risk Evaluation
verfasst von: Keman Huang
Jinjing Han
Shizhan Chen
Zhiyong Feng
Verlag: Springer International Publishing
Buch: Service-Oriented Computing
Print ISBN: 978-3-319-46294-3

Electronic ISBN: 978-3-319-46295-0

Copyright-Jahr: 2016
DOI: https://doi.org/10.1007/978-3-319-46295-0_16

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"