Quantitative Security Risk Assessment of Android Permissions and Applications

Abstract : The booming of the Android platform in recent years has attracted the attention of malware developers. However, the permissions-based model used in Android system to prevent the spread of malware, has shown to be ineffective. In this paper, we propose DroidRisk, a framework for quantitative security risk assessment of both Android permissions and applications (apps) based on permission request patterns from benign apps and malware, which aims to improve the efficiency of Android permission system. Two data sets with 27,274 benign apps from Google Play and 1,260 Android malware samples were used to evaluate the effectiveness of DroidRisk. The results demonstrate that DroidRisk can generate more reliable risk signal for warning the potential malicious activities compared with existing methods. We show that DroidRisk can also be used to alleviate the overprivilege problem and improve the user attention to the risks of Android permissions and apps.
Type de document :
Communication dans un congrès
Lingyu Wang; Basit Shafiq. 27th Data and Applications Security and Privacy (DBSec), Jul 2013, Newark, NJ, United States. Springer, Lecture Notes in Computer Science, LNCS-7964, pp.226-241, 2013, Data and Applications Security and Privacy XXVII. 〈10.1007/978-3-642-39256-6_15〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01490707
Contributeur : Hal Ifip <>
Soumis le : mercredi 15 mars 2017 - 17:15:44
Dernière modification le : jeudi 16 mars 2017 - 09:24:25
Document(s) archivé(s) le : vendredi 16 juin 2017 - 15:10:53

Fichier

978-3-642-39256-6_15_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Yang Wang, Jun Zheng, Chen Sun, Srinivas Mukkamala. Quantitative Security Risk Assessment of Android Permissions and Applications. Lingyu Wang; Basit Shafiq. 27th Data and Applications Security and Privacy (DBSec), Jul 2013, Newark, NJ, United States. Springer, Lecture Notes in Computer Science, LNCS-7964, pp.226-241, 2013, Data and Applications Security and Privacy XXVII. 〈10.1007/978-3-642-39256-6_15〉. 〈hal-01490707〉

Partager

Métriques

Consultations de la notice

70

Téléchargements de fichiers

1075