research-article

Using probabilistic generative models for ranking risks of Android apps

Authors:

Rahul Potharaju,

Cristina Nita-Rotaru,

Ian MolloyAuthors Info & Claims

CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

Pages 241 - 252

https://doi.org/10.1145/2382196.2382224

Published: 16 October 2012 Publication History

Abstract

One of Android's main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it presents the risk information of each app in a "tand-alone" ashion and in a way that requires too much technical knowledge and time to distill useful information.

We introduce the notion of risk scoring and risk ranking for Android apps, to improve risk communication for Android apps, and identify three desiderata for an effective risk scoring scheme. We propose to use probabilistic generative models for risk scoring schemes, and identify several such models, ranging from the simple Naive Bayes, to advanced hierarchical mixture models. Experimental results conducted using real-world datasets show that probabilistic general models significantly outperform existing approaches, and that Naive Bayes models give a promising risk scoring approach.

References

[1]

Andromo. http://andromo.com.

[2]

Appsgeyser. http://appsgeyser.com.

[3]

Google Bouncer. http://goo.gl/QnC6G.

[4]

N. Amor, S. Benferhat, and Z. Elouedi. Naive bayes vs decision trees in intrusion detection systems. In Proceedings of the 2004 ACM symposium on Applied computing, pages 420--424. ACM, 2004.

Digital Library

[5]

K. Au, Y. Zhou, Z. Huang, P. Gill, and D. Lie. Short paper: a look at smartphone permission models. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, pages 63--68. ACM, 2011.

Digital Library

[6]

D. Barrera, H. Kayacik, P. van Oorschot, and A. Somayaji. A methodology for empirical analysis of permission-based security models and its application to android. In Proceedings of the 17th ACM conference on Computer and communications security, pages 73--84. ACM, 2010.

Digital Library

[7]

C. M. Bishop. Pattern Recognition and Machine Learning (Information Science and Statistics). Springer, 2007.

Digital Library

[8]

D. Blei, A. Ng, and M. Jordan. Latent dirichlet allocation. J. Mach. Learning Research, 3, 2003.

Digital Library

[9]

W. Enck, P. Gilbert, B. Chun, L. Cox, J. Jung, P. McDaniel, and A. Sheth. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, pages 1--6. USENIX Association, 2010.

Digital Library

[10]

W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of Android application security. In Proceedings of the 20th USENIX conference on Security, SEC'11, pages 21--21, Berkeley, CA, USA, 2011. USENIX Association.

Digital Library

[11]

W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In Proceedings of the 16th ACM conference on Computer and communications security, CCS '09, pages 235--245, New York, NY, USA, 2009. ACM.

Digital Library

[12]

B. Fathi. Engineering windows 7 : User account control, October 2008. MSDN blog on User Account Control.

[13]

A. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In Proceedings of the 18th ACM conference on Computer and communications security, pages 627--638. ACM, 2011.

Digital Library

[14]

A. Felt, K. Greenwood, and D. Wagner. The effectiveness of application permissions. In Proc. of the USENIX Conference on Web Application Development, 2011.

Digital Library

[15]

A. P. Felt, K. Greenwood, and D. Wagner. The effectiveness of install-time permission systems for third-party applications. Technical Report UCB/EECS-2010-143, EECS Department, University of California, Berkeley, Dec 2010.

[16]

J. Goodman and W. Yih. Online discriminative spam filter training. In Proceedings of the Third Conference on Email and Anti-Spam (CEAS), 2006.

[17]

W. A. Magat, W. K. Viscusi, and J. Huber. Consumer processing of hazard warning information. Journal of Risk and Uncertainty, 1(2):201--32, June 1988.

[18]

V. Metsis, I. Androutsopoulos, and G. Paliouras. Spam filtering with naive bayes-which naive bayes. In Third conference on email and anti-spam (CEAS), volume 17, pages 28--69, 2006.

[19]

S. Motiee, K. Hawkey, and K. Beznosov. Do windows users follow the principle of least privilege?: investigating user account control practices. In Proceedings of the Sixth Symposium on Usable Privacy and Security. ACM, 2010.

Digital Library

[20]

M. Nauman, S. Khan, and X. Zhang. Apex: Extending android permission model and enforcement with user-defined runtime constraints. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pages 328--332. ACM, 2010.

Digital Library

[21]

M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically rich application-centric security in android. In Computer Security Applications Conference, 2009. ACSAC'09. Annual, pages 340--349. Ieee, 2009.

Digital Library

[22]

G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos. Paranoid android: versatile protection for smartphones. In Proceedings of the 26th Annual Computer Security Applications Conference, pages 347--356. ACM, 2010.

Digital Library

[23]

R. Potharaju, A. Newell, C. Nita-Rotaru, and X. Zhang. Plagiarizing smartphone applications: Attack strategies and defense. In Engineering Secure Software and Systems. Springer, 2012.

Digital Library

[24]

B. Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru, and I. Molloy. Android permissions: A perspective combining risks and benefits. In SACMAT '12: Proceedings of the seventeenth ACM symposium on Access control models and technologies. ACM, 2012.

Digital Library

[25]

K. Schneider. A comparison of event models for naive bayes anti-spam e-mail filtering. In Proceedings of the tenth conference on European chapter of the Association for Computational Linguistics-Volume 1, pages 307--314. Association for Computational Linguistics, 2003.

Digital Library

[26]

A. Sebyala, T. Olukemi, and L. Sacks. Active platform security through intrusion detection using naive bayesian network for anomaly detection. In London Communications Symposium. Citeseer, 2002.

[27]

A. Shabtai and Y. Elovici. Applying behavioral detection on android-based devices. Mobile Wireless Middleware, Operating Systems, and Applications, pages 235--249, 2010.

[28]

Y. Song, A. KoBcz, and C. L. Giles. Better naive bayes classification for high-precision spam detection. In Software Practice and Experience, 2009.

Digital Library

[29]

D. W. Stewart and I. M. Martin. Intended and unintended consequences of warning messages: A review and synthesis of empirical research. Journal of Public Policy Marketing, 13(1):1--19, 1994.

[30]

T. Vidas, N. Christin, and L. Cranor. Curbing android permission creep. In Proceedings of the Web, volume 2, 2011.

[31]

Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. In Proceedings of the 33rd IEEE Symposium on Security and Privacy, 2012.

Digital Library

Cited By

Deypir MZoughi T(2025)Robust security risk estimation for android apps using nearest neighbor approach and hamming distanceSoft Computing10.1007/s00500-025-10489-z29:2(593-611)Online publication date: 10-Feb-2025
https://doi.org/10.1007/s00500-025-10489-z
Syed TNauman MKhan SJan SZuhairi M(2024)ViTDroid: Vision Transformers for Efficient, Explainable Attention to Malicious Behavior in Android BinariesSensors10.3390/s2420669024:20(6690)Online publication date: 17-Oct-2024
https://doi.org/10.3390/s24206690
TÜFEKCİ PÖNAL Ç(2024)Kötü Amaçlı Yazılım Tespiti için Makine Öğrenmesi Algoritmalarının KullanımıUsing Machine Learning Algorithms for Malware DetectionDüzce Üniversitesi Bilim ve Teknoloji Dergisi10.29130/dubited.128745312:1(307-319)Online publication date: 26-Jan-2024
https://doi.org/10.29130/dubited.1287453
Show More Cited By

Index Terms

Using probabilistic generative models for ranking risks of Android apps
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Systems security
    1. Operating systems security

Recommendations

Using probabilistic generative models for ranking risks of android apps
CERIAS '13: Proceedings of the 14th Annual Information Security Symposium

One of Android's main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This ...
Why are Android apps removed from Google Play?: a large-scale empirical study
MSR '18: Proceedings of the 15th International Conference on Mining Software Repositories

To ensure the quality and trustworthiness of the apps within its app market (i.e., Google Play), Google has released a series of policies to regulate app developers. As a result, policy-violating apps (e.g., malware, low-quality apps, etc.) have been ...
Towards Discovering and Understanding Unexpected Hazards in Tailoring Antivirus Software for Android
ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

In its latest comparison of Android Virus Detectors (AVDs), the independent lab AV-TEST reports that they have around 95% malware detection rate. This only indicates that current AVDs on Android have good malware signature databases. When the AVDs are ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

October 2012

1088 pages

ISBN:9781450316514

DOI:10.1145/2382196

General Chair:
Ting Yu
North Carolina State University, USA
,
Program Chairs:
George Danezis
Microsoft Research Cambridge, UK
,
Virgil Gligor
Carnegie Mellon University, USA

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 October 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'12

Sponsor:

SIGSAC

CCS'12: the ACM Conference on Computer and Communications Security

October 16 - 18, 2012

North Carolina, Raleigh, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

255
Total Citations
View Citations
1,958
Total Downloads

Downloads (Last 12 months)49
Downloads (Last 6 weeks)13

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Deypir MZoughi T(2025)Robust security risk estimation for android apps using nearest neighbor approach and hamming distanceSoft Computing10.1007/s00500-025-10489-z29:2(593-611)Online publication date: 10-Feb-2025
https://doi.org/10.1007/s00500-025-10489-z
Syed TNauman MKhan SJan SZuhairi M(2024)ViTDroid: Vision Transformers for Efficient, Explainable Attention to Malicious Behavior in Android BinariesSensors10.3390/s2420669024:20(6690)Online publication date: 17-Oct-2024
https://doi.org/10.3390/s24206690
TÜFEKCİ PÖNAL Ç(2024)Kötü Amaçlı Yazılım Tespiti için Makine Öğrenmesi Algoritmalarının KullanımıUsing Machine Learning Algorithms for Malware DetectionDüzce Üniversitesi Bilim ve Teknoloji Dergisi10.29130/dubited.128745312:1(307-319)Online publication date: 26-Jan-2024
https://doi.org/10.29130/dubited.1287453
Zheng JLiu JZhang AZeng JYang ZLiang ZChua TFilkov VRay BZhou M(2024)MaskDroid: Robust Android Malware Detection with Masked Graph RepresentationsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695008(331-343)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695008
Zhao HWu YZou DJin H(2024)An Empirical Study on Android Malware Characterization by Social Network AnalysisIEEE Transactions on Reliability10.1109/TR.2023.330438973:1(757-770)Online publication date: Mar-2024
https://doi.org/10.1109/TR.2023.3304389
Makkawy SAlblwi ADe Lucia MBarner K(2024)Improving Android Malware Detection with Entropy Bytecode-to-Image Encoding Framework2024 33rd International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN61486.2024.10637591(1-9)Online publication date: 29-Jul-2024
https://doi.org/10.1109/ICCCN61486.2024.10637591
Ubale GGhante PFulsundar ADivate SDalvi VGangurde J(2024)TrojanDroid: Leveraging Machine Learning for Robust Android Malware Detection2024 International Conference on Artificial Intelligence and Quantum Computation-Based Sensor Application (ICAIQSA)10.1109/ICAIQSA64000.2024.10882428(1-6)Online publication date: 20-Dec-2024
https://doi.org/10.1109/ICAIQSA64000.2024.10882428
Al-Kahla WTaqieddin EShatnawi AAl-Ouran R(2024)Malware Detection and Classification in Android Application Using Simhash-Based Feature Extraction and Machine LearningIEEE Access10.1109/ACCESS.2024.350127712(174255-174273)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3501277
Sharma YArora A(2024)IPAnalyzer: A novel Android malware detection system using ranked Intents and PermissionsMultimedia Tools and Applications10.1007/s11042-024-18511-683:33(78957-79008)Online publication date: 1-Mar-2024
https://doi.org/10.1007/s11042-024-18511-6
Sharma YArora A(2024)A comprehensive review on permissions-based Android malware detectionInternational Journal of Information Security10.1007/s10207-024-00822-223:3(1877-1912)Online publication date: 4-Mar-2024
https://doi.org/10.1007/s10207-024-00822-2
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten