Generating Summary Risk Scores for Mobile Applications

Author

Gates, Christopher S. ; Ninghui Li ; Hao Peng ; Sarma, Bhaskaryjoti ; Yuan Qi ; Potharaju, Rahul ; Nita-Rotaru, Cristina ; Molloy, Ian

Author_Institution

Dept. of Comput. Sci., Purdue Univ., West Lafayette, IN, USA

Volume

11

Issue

3

fYear

2014

fDate

May-June 2014

Firstpage

238

Lastpage

251

Abstract

One of Android´s main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it presents the risk information of each app in a “stand-alone” fashion and in a way that requires too much technical knowledge and time to distill useful information. We discuss the desired properties of risk signals and relative risk scores for Android apps in order to generate another metric that users can utilize when choosing apps. We present a wide range of techniques to generate both risk signals and risk scores that are based on heuristics as well as principled machine learning techniques. Experimental results conducted using real-world data sets show that these methods can effectively identify malware as very risky, are simple to understand, and easy to use.

Keywords

learning (artificial intelligence); mobile computing; risk management; smart phones; Android apps; machine learning techniques; malicious apps; mobile applications; risk communication mechanism; risk signal property; summary risk score generation; Androids; Biological system modeling; Computational modeling; Google; Humanoid robots; Malware; Smart phones; Risk; data mining; malware; mobile;

fLanguage

English

Journal_Title

Dependable and Secure Computing, IEEE Transactions on

Publisher

ieee

ISSN

1545-5971

Type

jour

DOI

10.1109/TDSC.2014.2302293

Filename

6720107