Using probabilistic generative models for ranking risks of Android apps

Authors:
Hao Peng;Chris Gates;Bhaskar Sarma;Ninghui Li;Yuan Qi;Rahul Potharaju;Cristina Nita-Rotaru;Ian Molloy
Affiliations:
Purdue University, West Lafayette, IN, USA;Purdue University, West Lafayette, IN, USA;Purdue University, West Lafayette, IN, USA;Purdue University, West Lafayette, IN, USA;Purdue University, West Lafayette, IN, USA;Purdue University, West Lafayette, IN, USA;Purdue University, West Lafayette, IN, USA;IBM Research, Hawthorne, NY, USA
Venue:
Proceedings of the 2012 ACM conference on Computer and communications security
Year:
2012

Citing 19
Cited 9

Latent dirichlet allocation

The Journal of Machine Learning Research
Naive Bayes vs decision trees in intrusion detection systems

Proceedings of the 2004 ACM symposium on Applied computing
A comparison of event models for Naive Bayes anti-spam e-mail filtering

EACL '03 Proceedings of the tenth conference on European chapter of the Association for Computational Linguistics - Volume 1
Pattern Recognition and Machine Learning (Information Science and Statistics)

Pattern Recognition and Machine Learning (Information Science and Statistics)
Better Naive Bayes classification for high-precision spam detection

Software—Practice & Experience
On lightweight mobile phone application certification

Proceedings of the 16th ACM conference on Computer and communications security
Semantically Rich Application-Centric Security in Android

ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Apex: extending Android permission model and enforcement with user-defined runtime constraints

ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Do windows users follow the principle of least privilege?: investigating user account control practices

Proceedings of the Sixth Symposium on Usable Privacy and Security
A methodology for empirical analysis of permission-based security models and its application to android

Proceedings of the 17th ACM conference on Computer and communications security
Paranoid Android: versatile protection for smartphones

Proceedings of the 26th Annual Computer Security Applications Conference
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones

OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
The effectiveness of application permissions

WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
A study of android application security

SEC'11 Proceedings of the 20th USENIX conference on Security
Short paper: a look at smartphone permission models

Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Android permissions demystified

Proceedings of the 18th ACM conference on Computer and communications security
Plagiarizing smartphone applications: attack strategies and defense techniques

ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Android permissions: a perspective combining risks and benefits

Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Dissecting Android Malware: Characterization and Evolution

SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy

MAST: triage for market-scale mobile malware analysis

Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
DroidChameleon: evaluating Android anti-malware against transformation attacks

Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Vetting undesirable behaviors in android apps with permission use analysis

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
The impact of vendor customizations on android security

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Structural detection of android malware using embedded call graphs

Proceedings of the 2013 ACM workshop on Artificial intelligence and security
FireDroid: hardening security in almost-stock Android

Proceedings of the 29th Annual Computer Security Applications Conference
WHYPER: towards automating risk assessment of mobile applications

SEC'13 Proceedings of the 22nd USENIX conference on Security
RiskMon: continuous and automated risk assessment of mobile applications

Proceedings of the 4th ACM conference on Data and application security and privacy
Dendroid: A text mining approach to analyzing and classifying code structures in Android malware families

Expert Systems with Applications: An International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

One of Android's main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it presents the risk information of each app in a "tand-alone" ashion and in a way that requires too much technical knowledge and time to distill useful information. We introduce the notion of risk scoring and risk ranking for Android apps, to improve risk communication for Android apps, and identify three desiderata for an effective risk scoring scheme. We propose to use probabilistic generative models for risk scoring schemes, and identify several such models, ranging from the simple Naive Bayes, to advanced hierarchical mixture models. Experimental results conducted using real-world datasets show that probabilistic general models significantly outperform existing approaches, and that Naive Bayes models give a promising risk scoring approach.