research-article

Using probabilistic generative models for ranking risks of Android apps

Authors:

Rahul Potharaju,

Cristina Nita-Rotaru,

Ian MolloyAuthors Info & Claims

CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

Pages 241 - 252

https://doi.org/10.1145/2382196.2382224

Published: 16 October 2012 Publication History

Abstract

One of Android's main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it presents the risk information of each app in a "tand-alone" ashion and in a way that requires too much technical knowledge and time to distill useful information.

We introduce the notion of risk scoring and risk ranking for Android apps, to improve risk communication for Android apps, and identify three desiderata for an effective risk scoring scheme. We propose to use probabilistic generative models for risk scoring schemes, and identify several such models, ranging from the simple Naive Bayes, to advanced hierarchical mixture models. Experimental results conducted using real-world datasets show that probabilistic general models significantly outperform existing approaches, and that Naive Bayes models give a promising risk scoring approach.

References

[1]

Andromo. http://andromo.com.

[2]

Appsgeyser. http://appsgeyser.com.

[3]

Google Bouncer. http://goo.gl/QnC6G.

[4]

N. Amor, S. Benferhat, and Z. Elouedi. Naive bayes vs decision trees in intrusion detection systems. In Proceedings of the 2004 ACM symposium on Applied computing, pages 420--424. ACM, 2004.

Digital Library

[5]

K. Au, Y. Zhou, Z. Huang, P. Gill, and D. Lie. Short paper: a look at smartphone permission models. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, pages 63--68. ACM, 2011.

Digital Library

[6]

D. Barrera, H. Kayacik, P. van Oorschot, and A. Somayaji. A methodology for empirical analysis of permission-based security models and its application to android. In Proceedings of the 17th ACM conference on Computer and communications security, pages 73--84. ACM, 2010.

Digital Library

[7]

C. M. Bishop. Pattern Recognition and Machine Learning (Information Science and Statistics). Springer, 2007.

Digital Library

[8]

D. Blei, A. Ng, and M. Jordan. Latent dirichlet allocation. J. Mach. Learning Research, 3, 2003.

Digital Library

[9]

W. Enck, P. Gilbert, B. Chun, L. Cox, J. Jung, P. McDaniel, and A. Sheth. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, pages 1--6. USENIX Association, 2010.

Digital Library

[10]

W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of Android application security. In Proceedings of the 20th USENIX conference on Security, SEC'11, pages 21--21, Berkeley, CA, USA, 2011. USENIX Association.

Digital Library

[11]

W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In Proceedings of the 16th ACM conference on Computer and communications security, CCS '09, pages 235--245, New York, NY, USA, 2009. ACM.

Digital Library

[12]

B. Fathi. Engineering windows 7 : User account control, October 2008. MSDN blog on User Account Control.

[13]

A. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In Proceedings of the 18th ACM conference on Computer and communications security, pages 627--638. ACM, 2011.

Digital Library

[14]

A. Felt, K. Greenwood, and D. Wagner. The effectiveness of application permissions. In Proc. of the USENIX Conference on Web Application Development, 2011.

Digital Library

[15]

A. P. Felt, K. Greenwood, and D. Wagner. The effectiveness of install-time permission systems for third-party applications. Technical Report UCB/EECS-2010-143, EECS Department, University of California, Berkeley, Dec 2010.

[16]

J. Goodman and W. Yih. Online discriminative spam filter training. In Proceedings of the Third Conference on Email and Anti-Spam (CEAS), 2006.

[17]

W. A. Magat, W. K. Viscusi, and J. Huber. Consumer processing of hazard warning information. Journal of Risk and Uncertainty, 1(2):201--32, June 1988.

[18]

V. Metsis, I. Androutsopoulos, and G. Paliouras. Spam filtering with naive bayes-which naive bayes. In Third conference on email and anti-spam (CEAS), volume 17, pages 28--69, 2006.

[19]

S. Motiee, K. Hawkey, and K. Beznosov. Do windows users follow the principle of least privilege?: investigating user account control practices. In Proceedings of the Sixth Symposium on Usable Privacy and Security. ACM, 2010.

Digital Library

[20]

M. Nauman, S. Khan, and X. Zhang. Apex: Extending android permission model and enforcement with user-defined runtime constraints. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pages 328--332. ACM, 2010.

Digital Library

[21]

M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically rich application-centric security in android. In Computer Security Applications Conference, 2009. ACSAC'09. Annual, pages 340--349. Ieee, 2009.

Digital Library

[22]

G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos. Paranoid android: versatile protection for smartphones. In Proceedings of the 26th Annual Computer Security Applications Conference, pages 347--356. ACM, 2010.

Digital Library

[23]

R. Potharaju, A. Newell, C. Nita-Rotaru, and X. Zhang. Plagiarizing smartphone applications: Attack strategies and defense. In Engineering Secure Software and Systems. Springer, 2012.

Digital Library

[24]

B. Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru, and I. Molloy. Android permissions: A perspective combining risks and benefits. In SACMAT '12: Proceedings of the seventeenth ACM symposium on Access control models and technologies. ACM, 2012.

Digital Library

[25]

K. Schneider. A comparison of event models for naive bayes anti-spam e-mail filtering. In Proceedings of the tenth conference on European chapter of the Association for Computational Linguistics-Volume 1, pages 307--314. Association for Computational Linguistics, 2003.

Digital Library

[26]

A. Sebyala, T. Olukemi, and L. Sacks. Active platform security through intrusion detection using naive bayesian network for anomaly detection. In London Communications Symposium. Citeseer, 2002.

[27]

A. Shabtai and Y. Elovici. Applying behavioral detection on android-based devices. Mobile Wireless Middleware, Operating Systems, and Applications, pages 235--249, 2010.

[28]

Y. Song, A. KoBcz, and C. L. Giles. Better naive bayes classification for high-precision spam detection. In Software Practice and Experience, 2009.

Digital Library

[29]

D. W. Stewart and I. M. Martin. Intended and unintended consequences of warning messages: A review and synthesis of empirical research. Journal of Public Policy Marketing, 13(1):1--19, 1994.

[30]

T. Vidas, N. Christin, and L. Cranor. Curbing android permission creep. In Proceedings of the Web, volume 2, 2011.

[31]

Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. In Proceedings of the 33rd IEEE Symposium on Security and Privacy, 2012.

Digital Library

Cited By

TÜFEKCİ PÖNAL Ç(2024)Kötü Amaçlı Yazılım Tespiti için Makine Öğrenmesi Algoritmalarının KullanımıUsing Machine Learning Algorithms for Malware DetectionDüzce Üniversitesi Bilim ve Teknoloji Dergisi10.29130/dubited.128745312:1(307-319)Online publication date: 26-Jan-2024
https://doi.org/10.29130/dubited.1287453
Zhao HWu YZou DJin H(2024)An Empirical Study on Android Malware Characterization by Social Network AnalysisIEEE Transactions on Reliability10.1109/TR.2023.330438973:1(757-770)Online publication date: Mar-2024
https://doi.org/10.1109/TR.2023.3304389
Makkawy SAlblwi ADe Lucia MBarner K(2024)Improving Android Malware Detection with Entropy Bytecode-to-Image Encoding Framework2024 33rd International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN61486.2024.10637591(1-9)Online publication date: 29-Jul-2024
https://doi.org/10.1109/ICCCN61486.2024.10637591
Show More Cited By

Index Terms

Using probabilistic generative models for ranking risks of Android apps
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Systems security
    1. Operating systems security

Recommendations

Using probabilistic generative models for ranking risks of android apps
CERIAS '13: Proceedings of the 14th Annual Information Security Symposium

One of Android's main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This ...
Why are Android apps removed from Google Play?: a large-scale empirical study
MSR '18: Proceedings of the 15th International Conference on Mining Software Repositories

To ensure the quality and trustworthiness of the apps within its app market (i.e., Google Play), Google has released a series of policies to regulate app developers. As a result, policy-violating apps (e.g., malware, low-quality apps, etc.) have been ...
Towards Discovering and Understanding Unexpected Hazards in Tailoring Antivirus Software for Android
ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

In its latest comparison of Android Virus Detectors (AVDs), the independent lab AV-TEST reports that they have around 95% malware detection rate. This only indicates that current AVDs on Android have good malware signature databases. When the AVDs are ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

October 2012

1088 pages

ISBN:9781450316514

DOI:10.1145/2382196

General Chair:
Ting Yu
North Carolina State University, USA
,
Program Chairs:
George Danezis
Microsoft Research Cambridge, UK
,
Virgil Gligor
Carnegie Mellon University, USA

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 October 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'12

Sponsor:

SIGSAC

CCS'12: the ACM Conference on Computer and Communications Security

October 16 - 18, 2012

North Carolina, Raleigh, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

249
Total Citations
View Citations
1,938
Total Downloads

Downloads (Last 12 months)52
Downloads (Last 6 weeks)5

Reflects downloads up to 30 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

TÜFEKCİ PÖNAL Ç(2024)Kötü Amaçlı Yazılım Tespiti için Makine Öğrenmesi Algoritmalarının KullanımıUsing Machine Learning Algorithms for Malware DetectionDüzce Üniversitesi Bilim ve Teknoloji Dergisi10.29130/dubited.128745312:1(307-319)Online publication date: 26-Jan-2024
https://doi.org/10.29130/dubited.1287453
Zhao HWu YZou DJin H(2024)An Empirical Study on Android Malware Characterization by Social Network AnalysisIEEE Transactions on Reliability10.1109/TR.2023.330438973:1(757-770)Online publication date: Mar-2024
https://doi.org/10.1109/TR.2023.3304389
Makkawy SAlblwi ADe Lucia MBarner K(2024)Improving Android Malware Detection with Entropy Bytecode-to-Image Encoding Framework2024 33rd International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN61486.2024.10637591(1-9)Online publication date: 29-Jul-2024
https://doi.org/10.1109/ICCCN61486.2024.10637591
Sharma YArora A(2024)IPAnalyzer: A novel Android malware detection system using ranked Intents and PermissionsMultimedia Tools and Applications10.1007/s11042-024-18511-6Online publication date: 1-Mar-2024
https://doi.org/10.1007/s11042-024-18511-6
Sharma YArora A(2024)A comprehensive review on permissions-based Android malware detectionInternational Journal of Information Security10.1007/s10207-024-00822-223:3(1877-1912)Online publication date: 4-Mar-2024
https://doi.org/10.1007/s10207-024-00822-2
Doan BNguyen DMontague PAbraham TDe Vel OCamtepe SKanhere SAbbasnejad ERanasinghe D(2024)Bayesian Learned Models Can Detect Adversarial Malware for FreeComputer Security – ESORICS 202410.1007/978-3-031-70879-4_3(45-65)Online publication date: 5-Sep-2024
https://doi.org/10.1007/978-3-031-70879-4_3
Iqbal MAurangzeb SAleem MSrivastava GLin J(2023)RThreatDroid: A Ransomware Detection Approach to Secure IoT Based Healthcare SystemsIEEE Transactions on Network Science and Engineering10.1109/TNSE.2022.318859710:5(2574-2583)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TNSE.2022.3188597
Li YHu YWang YHe YLu HGu D(2023)RGDroid: Detecting Android Malware with Graph Convolutional Networks against Structural Attacks2023 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER56733.2023.00065(639-650)Online publication date: Mar-2023
https://doi.org/10.1109/SANER56733.2023.00065
Guerra-Manzanares A(2023)Android malware detection: mission accomplished? A review of open challenges and future perspectivesComputers & Security10.1016/j.cose.2023.103654(103654)Online publication date: Dec-2023
https://doi.org/10.1016/j.cose.2023.103654
Caushaj ESugumaran V(2023)Classification and security assessment of android appsDiscover Internet of Things10.1007/s43926-023-00047-03:1Online publication date: 16-Oct-2023
https://doi.org/10.1007/s43926-023-00047-0
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents