Quantitative Security Risk Assessment of Android Permissions and Applications

Abstract : The booming of the Android platform in recent years has attracted the attention of malware developers. However, the permissions-based model used in Android system to prevent the spread of malware, has shown to be ineffective. In this paper, we propose DroidRisk, a framework for quantitative security risk assessment of both Android permissions and applications (apps) based on permission request patterns from benign apps and malware, which aims to improve the efficiency of Android permission system. Two data sets with 27,274 benign apps from Google Play and 1,260 Android malware samples were used to evaluate the effectiveness of DroidRisk. The results demonstrate that DroidRisk can generate more reliable risk signal for warning the potential malicious activities compared with existing methods. We show that DroidRisk can also be used to alleviate the overprivilege problem and improve the user attention to the risks of Android permissions and apps.
Document type :
Conference papers
Complete list of metadatas

https://hal.inria.fr/hal-01490707
Contributor : Hal Ifip <>
Submitted on : Wednesday, March 15, 2017 - 5:15:44 PM
Last modification on : Thursday, March 16, 2017 - 9:24:25 AM
Long-term archiving on : Friday, June 16, 2017 - 3:10:53 PM

File

978-3-642-39256-6_15_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Yang Wang, Jun Zheng, Chen Sun, Srinivas Mukkamala. Quantitative Security Risk Assessment of Android Permissions and Applications. 27th Data and Applications Security and Privacy (DBSec), Jul 2013, Newark, NJ, United States. pp.226-241, ⟨10.1007/978-3-642-39256-6_15⟩. ⟨hal-01490707⟩

Share

Metrics

Record views

140

Files downloads

3683