Title :
Generating Summary Risk Scores for Mobile Applications
Author :
Gates, Christopher S. ; Ninghui Li ; Hao Peng ; Sarma, Bhaskaryjoti ; Yuan Qi ; Potharaju, Rahul ; Nita-Rotaru, Cristina ; Molloy, Ian
Author_Institution :
Dept. of Comput. Sci., Purdue Univ., West Lafayette, IN, USA
Abstract :
One of Android´s main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it presents the risk information of each app in a “stand-alone” fashion and in a way that requires too much technical knowledge and time to distill useful information. We discuss the desired properties of risk signals and relative risk scores for Android apps in order to generate another metric that users can utilize when choosing apps. We present a wide range of techniques to generate both risk signals and risk scores that are based on heuristics as well as principled machine learning techniques. Experimental results conducted using real-world data sets show that these methods can effectively identify malware as very risky, are simple to understand, and easy to use.
Keywords :
learning (artificial intelligence); mobile computing; risk management; smart phones; Android apps; machine learning techniques; malicious apps; mobile applications; risk communication mechanism; risk signal property; summary risk score generation; Androids; Biological system modeling; Computational modeling; Google; Humanoid robots; Malware; Smart phones; Risk; data mining; malware; mobile;
Journal_Title :
Dependable and Secure Computing, IEEE Transactions on
DOI :
10.1109/TDSC.2014.2302293
