An introduction to ROC analysis
Pattern Recognition Letters - Special issue: ROC analysis in pattern recognition
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Proceedings of the 17th ACM conference on Computer and communications security
The effectiveness of application permissions
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
Is this app safe?: a large scale study on application permissions and risk signals
Proceedings of the 21st international conference on World Wide Web
Android permissions: a perspective combining risks and benefits
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Dissecting Android Malware: Characterization and Evolution
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Android permissions: user attention, comprehension, and behavior
Proceedings of the Eighth Symposium on Usable Privacy and Security
I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Permission evolution in the Android ecosystem
Proceedings of the 28th Annual Computer Security Applications Conference
Mining Permission Request Patterns from Android and Facebook Applications
ICDM '12 Proceedings of the 2012 IEEE 12th International Conference on Data Mining
RiskMon: continuous and automated risk assessment of mobile applications
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.00 |
The booming of the Android platform in recent years has attracted the attention of malware developers. However, the permissions-based model used in Android system to prevent the spread of malware, has shown to be ineffective. In this paper, we propose DroidRisk, a framework for quantitative security risk assessment of both Android permissions and applications (apps) based on permission request patterns from benign apps and malware, which aims to improve the efficiency of Android permission system. Two data sets with 27,274 benign apps from Google Play and 1,260 Android malware samples were used to evaluate the effectiveness of DroidRisk. The results demonstrate that DroidRisk can generate more reliable risk signal for warning the potential malicious activities compared with existing methods. We show that DroidRisk can also be used to alleviate the overprivilege problem and improve the user attention to the risks of Android permissions and apps.