Generating summary risk scores for mobile applications

IEEE Transactions on Dependable and Secure Computing

Volumn 11, Issue 3, 2014, Pages 238-251

  Gates, Christopher S ^a   Li, Ninghui ^a   Peng, Hao ^a   Sarma, Bhaskar ^a   Qi, Yuan ^a   Potharaju, Rahul ^a   Nita Rotaru, Cristina ^a   Molloy, Ian ^b  

^a Purdue University   (United States)

^b IBM T J WATSON RESEARCH CENTER   (United States)

Author keywords

Data mining; Malware; Mobile; Risk

Indexed keywords

ANDROID (OPERATING SYSTEM); DATA MINING; LEARNING SYSTEMS; MALWARE; RISKS;

DEFENSE MECHANISM; MACHINE LEARNING TECHNIQUES; MOBILE; MOBILE APPLICATIONS; RELATIVE RISKS; RISK COMMUNICATION; RISK INFORMATION; STAND -ALONE;

MOBILE SECURITY;

EID: 84903997802     PISSN: 15455971     EISSN: None     Source Type: Journal    
DOI: 10.1109/TDSC.2014.2302293     Document Type: Article

References (36)

1. Google Bouncer. http://goo.gl/QnC6G 2014.
2. N. Amor, S. Benferhat, and Z. Elouedi, "Naive Bayes versus Decision Trees in Intrusion Detection Systems," Proc. ACM Symp. Applied Computing, pp. 420-424, 2004.
3. K.W.Y. Au, Y.F. Zhou, Z. Huang, and D. Lie, "PScout: Analyzing the Android Permission Specification," Proc. ACM Conf. Computer and Comm. Security (CCS '12), pp. 217-228, 2012.
4. D. Barrera, H.G. Kayacik, P.C. van Oorschot, and A. Somayaji, "A Methodology for Empirical Analysis of Permission-Based Security Models and Its Application to Android," Proc. 17th ACM Conf. Computer and Comm. Security, pp. 73-84, 2010.
5. C.M. Bishop, Pattern Recognition and Machine Learning (Information Science and Statistics). Springer, 2007.
6. D.M. Blei, A.Y. Ng, and M.I. Jordan, "Latent Dirichlet Allocation," J. Machine Learning Research, vol. 3, pp. 993-1022, 2003.
7. S. Chakradeo, B. Reaves, P. Traynor, and W. Enck, "MAST: Triage for Market-Scale Mobile Malware Analysis," Proc. Sixth ACM Conf. Security and Privacy in Wireless and Mobile Networks (WISEC '13), pp. 13-24, 2013.
8. E. Chin, A.P. Felt, V. Sekar, and D. Wagner, "Measuring User Confidence in Smartphone Security and Privacy," Proc. Eighth Symp. Usable Privacy and Security, (SOUPS '12), article 1, 2012.
9. W. Enck, P. Gilbert, B. Chun, L.P. Cox, J. Jung, P. McDaniel, and A.N Sheth, "TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones," Proc. Ninth USENIX Conf. Operating Systems Design and Implementation, article 1-6, 2010.
10. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, "A Study of Android Application Security," Proc. 20th USENIX Conf. Security, (SEC '11), pp. 21-21, 2011.
11. W. Enck, M. Ongtang, and P. McDaniel, "On Lightweight Mobile Phone Application Certification," Proc. 16th ACM Conf. Computer and Comm. Security, (CCS '09), pp. 235-245, 2009.
12. A.P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, "Android Permissions Demystified," Proc. 18th ACM Conf. Computer and Comm. Security, pp. 627-638, 2011.
13. A.P. Felt, K. Greenwood, and D. Wagner, "The Effectiveness of Application Permissions," Proc. Second USENIX Conf. Web Application Development, 2011.
14. A.P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, "Android Permissions Demystified," Proc. 18th ACM Conf. Computer and Comm. Security, (CCS '11), pp. 627-638, 2011.
15. A.P. Felt, K. Greenwood, and D. Wagner, "The Effectiveness of Install-Time Permission Systems for Third-Party Applications," Technical Report UCB/EECS-2010-143, EECS Department, Univ. of California, Berkeley, Dec. 2010.
16. A.P. Felt, K. Greenwood, and D. Wagner, "The Effectiveness of Application Permissions," Proc. Second USENIX Conf. Web Application Development, (WebApps '11), 2011.
17. A.P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner, "Android Permissions: User Attention, Comprehension, and Behavior," Proc. Eighth Symp. Usable Privacy and Security, article 3, 2012.
18. J. Goodman and W. Yih, "Online Discriminative Spam Filter Training," Proc. Third Conf. Email and Anti-Spam (CEAS '06), 2006.
19. M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang, "RiskRanker: Scalable and Accurate Zero-Day Android Malware Detection," Proc. 10th Int'l Conf. Mobile Systems, Applications, and Services, (MobiSys '12), pp. 281-294, 2012.
20. P.G. Kelley, S. Consolvo, L.F. Cranor, J. Jung, N. Sadeh, and D. Wetherall, "A Conundrum of Permissions: Installing Applications on an Android Smartphone," Proc. Workshop Usable Security (USEC '12), Feb. 2012.
21. W.A. Magat, W.K. Viscusi, and J. Huber, "Consumer Processing of Hazard Warning Information," J. Risk and Uncertainty, vol. 1, no. 2, pp. 201-32, June 1988.
22. V. Metsis, I. Androutsopoulos, and G. Paliouras, "Spam Filtering with Naive Bayes-Which Naive Bayes," Proc. Third Conf. Email and Anti-Spam (CEAS '06), vol. 17, pp. 28-69, 2006.
23. M. Nauman, S. Khan, and X. Zhang, "Apex: Extending Android Permission Model and Enforcement with User-Defined Runtime Constraints," Proc. Fifth ACM Symp. Information, Computer and Comm. Security, pp. 328-332, 2010.
24. M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel, "Semantically Rich Application-Centric Security in Android," Proc. IEEE Ann. Conf. Computer Security Applications (ACSAC '09), pp. 340-349, 2009.
25. H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy, "Using Probabilistic Generative Models for Ranking Risks of Android Apps," Proc. Conf. Computer and Comm. Security, (CCS '12), pp. 241-252, 2012.
26. G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos, "Paranoid Android: Versatile Protection for Smartphones," Proc. 26th Ann. Conf. Computer Security Applications, pp. 347-356, 2010.
27. R. Potharaju, A. Newell, C. Nita-Rotaru, and X. Zhang, "Plagiarizing Smartphone Applications: Attack Strategies and Defense," Proc. Fourth Int'l Conf. Eng. Secure Software and Systems, pp. 106-120, 2012.
28. B.P. Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru, and I. Molloy, "Android Permissions: A Perspective Combining Risks and Benefits," Proc. 17th ACM Symp. Access Control Models and Technologies (SACMAT '12), 2012.
29. K. Schneider, "A Comparison of Event Models for Naive Bayes Anti-Spam E-Mail Filtering," Proc. 10th Conf. European Chapter of the Assoc. for Computational Linguistics, vol. 1, pp. 307-314, 2003.
30. A. Sebyala, T. Olukemi, and L. Sacks, "Active Platform Security through Intrusion Detection Using Naive Bayesian Network for Anomaly Detection," Proc. London Comm. Symp., 2002.
31. A. Shabtai and Y. Elovici, "Applying Behavioral Detection on Android-Based Devices," Proc. Mobile Wireless Middleware, Operating Systems, and Applications, pp. 235-249, 2010.
32. Y. Song, A. Kocz, and C.L. Giles, "Better Naive Bayes Classication for High-Precision Spam Detection," Software Practice and Experience, vol. 39, no. 11, pp. 1003-1024, 2009.
33. R. Stevens, C. Gibler, J. Crussell, J. Erickson, and H. Chen, "Investigating User Privacy in Android Ad Libraries," Proc. IEEE Mobile Security Technologies (MoST '12), 2012.
34. D.W. Stewart and I.M. Martin, "Intended and Unintended Consequences of Warning Messages: A Review and Synthesis of Empirical Research," J. Public Policy & Marketing, vol. 13, no. 1, pp. 1-19, 1994.
35. T. Vidas, N. Christin, and L.F. Cranor, "Curbing Android Permission Creep," Proc. Workshop Web 2.0 Security and Privacy, vol. 2, 2011.
36. Y. Zhou and X. Jiang, "Dissecting Android Malware: Characterization and Evolution," Proc. 33rd IEEE Symp. Security and Privacy, May 2012.