An Empirical Analysis of Contemporary Android Mobile Vulnerability Market

Proceedings - 2015 IEEE 3rd International Conference on Mobile Services, MS 2015

Volumn , Issue , 2015, Pages 182-189

  Huang, Keman ^a   Zhang, Jia ^b   Tan, Wei ^c   Feng, Zhiyong ^a  

^a TIANJIN UNIVERSITY   (China)

^b CARNEGIE MELLON UNIVERSITY   (United States)

^c IBM T J WATSON RESEARCH CENTER   (United States)

Author keywords

Android Mobile Vulnerability Market; Evolving Pattern; Heterogeneous Network; Patching Behavior; Vulnerability life cycle

Indexed keywords

ANDROID (OPERATING SYSTEM); COMMERCE; ECOLOGY; ECOSYSTEMS; HETEROGENEOUS NETWORKS; LOSSES; MOBILE TELECOMMUNICATION SYSTEMS;

EMPIRICAL ANALYSIS; EMPIRICAL STUDIES; EVOLUTION PROCESS; EVOLVING PATTERNS; PATCHING BEHAVIOR; SECURITY SITUATION; SOFTWARE PRODUCTS; VULNERABILITY LIFE CYCLE;

NETWORK SECURITY;

EID: 84954189434     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/MobServ.2015.34     Document Type: Conference Paper

References (17)

1. A. Ghose and S. P. Han, "Estimating demand for mobile applications in the new economy," Management science: journal of the Institute for operations research and the management sciences, vol. 60, pp. 1470-1488, 2014.
2. M. Shahzad, M. Z. Shafiq and A. X. Liu, "A large scale exploratory analysis of software vulnerability life cycles," in Proceedings of the 34th International Conference on Software Engineering, Zurich, Switzerland, 2012, pp. 771-781.
3. S. Ransbotham, S. Mitra and J. Ramsey, "Are markets for vulnerabilities effective" MIS Quarterly, vol. 36, pp. 43-64, 2012.
4. A. Algarni and Y. Malaiya, "Software vulnerability markets: Discoverers and buyers," International Journal of Computer, Information Science and Engineering, vol. 8, pp. 71-81, 2014.
5. R. Anderson and T. Moore, "The economics of information security," Science, vol. 314, pp. 610-613, 2006.
6. A. Arora, R. Krishnan, R. Telang, and Y. Yang, "An empirical analysis of software vendors' patch release behavior: impact of vulnerability disclosure," Information Systems Research, vol. 21, pp. 115-132, 2010.
7. T. Dumitras, "Before we knew it: an empirical study of zero-day attacks in the real world," in Proc. of the 2012 ACM conf. on Computer and communications security, pp. 833-844, 2012.
8. T. August and M. F. Niculescu, "The Influence of Software Process Maturity and Customer Error Reporting on Software Release and Pricing," Management Science, vol. 59, pp. 2702-2726, 2013.
9. Y.S. Baker, R. Agrawal and S. Bhattacharya, "Analyzing security threats as reported by the United States Computer Emergency Readiness Team (US-CERT)," in Intelligence and Security Informatics (ISI), 2013 IEEE International Conference on, Seattle, WA, 2013, pp. 10-12.
10. Y. Wu, H. Siy and R. Gandhi, "Empirical results on the study of software vulnerabilities (NIER track)," in Proceedings of the 33rd International Conference on Software Engineering, Waikiki, Honolulu, HI, USA, 2011, pp. 964-967.
11. A. S. Yuksel, A. H. Zaim and M. A. Aydin, "A Comprehensive Analysis of Android Security and Proposed Solutions," International Journal of Computer Network and Information Security, vol. 6, pp. 9-20, 2014.
12. M. E. Smoot, K. Ono, J. Ruscheinski, P. L. Wang, and T. Ideker, "Cytoscape 2.8: new features for data integration and network visualization," Bioinformatics, vol. 27, pp. 431-2, 2011-02-01 2011.
13. K. Huang, Z. Feng, J. Li, and X. Li, "System thinking of the Software Vulnerability Market via Complex Network Theory," in 36th IEEE Symposium on Security and Privacy FAIRMONT, SAN JOSE, CA, 2015.
14. I. J. Mojica, B. Adams, M. Nagappan, S. Dienst, T. Berger, and A. E. Hassan, "A large-scale empirical study on software reuse in mobile apps," Software, IEEE, vol. 31, pp. 78-86, 2014.
15. M. Bozorgi, L. K. Saul, S. Savage, and G. M. Voelker, "Beyond heuristics: learning to classify vulnerabilities and predict exploits," in Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining, Washington, DC, USA, 2010, pp. 105-114.
16. S. Frei, M. May, U. Fiedler, and B. Plattner, "Large-scale vulnerability analysis," in Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, Pisa, Italy, 2006, pp. 131-138.
17. R. Telang and S. Wattal, "An empirical analysis of the impact of software vulnerability announcements on firm stock price," Software Engineering, IEEE Transactions on, vol. 33, pp. 544-557, 2007.