Permission-based Android application security evaluation method

doi:10.3785/j.issn.1008-973X.2017.03.022

JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE)

Computer Technology, Electronic Communications Technologies

Permission-based Android application security evaluation method

LI Xiao-dong, ZHU Yue-fei, LIU Sheng-li, XIAO Rui-qing

State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China

Download:

PDF(1129KB) HTML
Export: BibTeX | EndNote (RIS)

Abstract

A permission-based application security evaluation method was proposed to detect Android malware and quantify applications security risk for large scale samples. A data mining algorithm was designed to discover permission itemsets as evaluation indices according to their support and divisive value. An improved precedence chart was used to determine the indices weights, which were embedded into an evaluation matrix. Android applications were evaluated based on the evaluation matrix；malwares were detected by logistic regression; security risks were evaluated by a certain value. Experiments with real sample applications show that this method performs high accuracy on malware detection up to 92.7% and lower time cost than current methods.

Published: 01 March 2017

CLC:

TP 393

	Service
	E-mail this article
	Add to my bookshelf
	Add to citation manager
	E-mail Alert
	RSS
	Articles by authors

Cite this article:

LI Xiao-dong, ZHU Yue-fei, LIU Sheng-li, XIAO Rui-qing. Permission-based Android application security evaluation method. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2017, 51(3): 590-597.

基于权限的Android应用程序安全审计方法

为了对安卓（Android）恶意应用程序进行检测,对其危险程度进行量化,并满足大批量样本的安全审计需求,提出一种基于权限的Android应用安全审计方法.使用数据挖掘方法分析权限信息,依据支持度和分离度构建评价指标集；基于改进的优序图法确定评价指标权重,建立权重矩阵；依据权重矩阵对安卓应用程序进行评估,通过逻辑回归方法检出恶意应用,并给出量化的评估值.使用抓取自网络的真实样本进行实验,结果表明可以有效检测恶意应用,评估值也能直观地反映应用的危险程度,对恶意应用和正常应用分类的准确度达到92.7%,与现有相关工作相比效率表现更优.

［1］ International Data Corporation. Android and iOS Squeeze the Competition ［EB/OL］. ［2015-09-26］. http:∥www.idc.com/getdoc.jsp？containerId=prUS25450615
［2］ Wikipedia contributors. Google Play ［EB/OL］. ［2015-09-26］. https:∥en.wikipedia.org/w/index.php？title=Google_Play&oldid=687967431.
［3］ 360互联网安全中心. 2014年中国手机安全状况报告［EB/OL］. ［2015-09-26］. http:∥zt.360.cn/1101061855.php？dtid=1101061451&did=1101205565.
［4］ WU D, MAO C, WEI T, et al. Droidmat: Android malware detection through manifest and api calls tracing ［C］ ∥ Proceedings of the Asia JCIS 2012. Tokyo: IEEE, 2012: 62-69.
［5］ BURGUERA I, ZURUTUZA U, NADJM-TEHRANI S. Crowdroid: behavior-based malware detection system for Android ［C］ ∥ Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. Chicago: ACM, 2011: 15-26.
［6］ ENCK W, GILBERT P, HAN S, et al. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones ［J］. ACM Transactions on Computer Systems (TOCS), 2014, 32(2): 5.
［7］杨欢,张玉清,胡予璞,等. 基于多类特征的Android恶意行为监测系统［J］. 计算机学报,2014,1: 15-27.
YANG Huan, ZHANG Yu-qing, HU Yu-pu, et al. A malware behavior detection system of Android application based on multiclass features ［J］. Chinese Journal of Computers, 2014, 1: 15-27.
［8］ TALHA K, ALPER D, AYDIN C. APK Auditor: Permission-based Android malware detection system ［J］. Digital Investigation. 2015,13: 1-14.
［9］ Google. The Android manifest.xml file ［EB/OL］. ［2015-09-28］. https:∥developer.android.com/reference/android/Manifest.permission.html.
［10］ FELT A, CHIN E, HANNA S, et al. Android permissions demystified ［C］ ∥ Proceedings of the 18th ACM Conference on Computer and CommunicationsSecurity. Chicago: ACM, 2011: 627-638.
［11］符易阳,周丹平. Android安全机制分析［C］ ∥ 第26次全国计算机安全学术交流会论文集. 武夷山：［s. n.］, 2011: 23-25.
FU Yi-yang, ZHOU Dan-ping. Android’s security mechanism analysis ［C］ ∥ Proceedings of the 26th National Conference of Computer Security. Wuyishan:［s. n.］, 2011: 23-25.
［12］文伟平,梅瑞,宁戈,等. Android恶意软件检测技术分析和应用研究［J］. 通信学报,2014,35（8）: 78-85.
WEN Wei-ping, MEI Rui, Ning Ge, et al. Malware detection technology analysis and applied research of android platform ［J］. Journal on Communications, 2014, 35（8）: 78-85.
［13］ HAN J, KAMBER M, PEI J. Data mining concepts and techniques ［M］. 3rd ed. Amsterdam: Elsevier,2011.
［14］ MOODY P. Decision making: Proven methods for better decisions ［M］. New York: McGrawHill Companies, 1983.
［15］李航. 统计学习方法［M］. 北京：清华大学出版社,2012.
［16］ Google-play-crawler ［CP/OL］. ［2015-09-28］. https:∥github.com/Akdeniz/google-play-crawler
［17］ VirusTotal ［EP/OL］. ［2015-09-26］. www.virustotal.com.
［18］ Androguard Team. Androguard ［CP/OL］. ［2015-09-28］. https:∥github.com/androguard/androguard.
［19］王少辉,王超,孙国梓. DroidDefence：细粒度的Android应用权限管理系统［J］. 四川大学学报:工程科学版,2014, 6: 14-18.
WANG Shao-hui, WANG Chao, SUN Guo-zi. DroidDefence: an extended fine-grained Android application permission management system ［J］. Journal of Sichuan University: Engineering Science Edition, 2014, 6: 14-18.

[1]	Yi-xuan ZHANG,Jian GONG. Multi-layer domain name detection and measurement based on DNS traffic[J]. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2020, 54(12): 2423-2429.

[2]	Hai-xiu CHENG,Guan-lin LI,Ling ZHANG. Dynamic resource reservation algorithm for core network video business with bandwidth reduction based on time slot[J]. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2020, 54(9): 1746-1752.

[3]	Dong LI,Yu LU,Jun-qing YU. Security of source address validation improvement binding table in software defined network[J]. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2020, 54(8): 1543-1549.

[4]	Qiu-yun WU,Wei DING. Analysis of Internet scanning behavior based on dynamic dark network[J]. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2020, 54(8): 1550-1556.

[5]	Ping QI,Hong SHU. Task offloading strategy considering terminal mobility in medical wisdom scenario[J]. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2020, 54(6): 1126-1137.

[6]	Yi-han LUO,Jie-ren CHENG,Xiang-yan TANG,Ming-wang OU,Tian WANG. Early warning model of DDoS attack situation based on adaptive threshold[J]. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2020, 54(4): 704-711.

[7]	Wei CHEN,Xue-jiao LIU,Ying-jie XIA. Multi-factor reputation evaluation model based on analytic hierarchy process in vehicle Ad-hoc networks[J]. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2020, 54(4): 722-731.

[8]	YOU Lu-jin, LU Xing-jian, HE Gao-qi. Research on sub-health in cloud environment[J]. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2017, 51(6): 1181-1189.

[9]	ZHANG Xin-xin, XU Ke, ZHONG Yi-Feng, SU Hui. Evolutionary game analysis on cooperative behaviors of internet service providers[J]. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2017, 51(6): 1214-1224.

[10]	LI Jian-li, DING Ding, LI Tao. Multi-objective hybrid cloud task scheduling using twice clustering[J]. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2017, 51(6): 1233-1241.

[11]	WANG Yu-xiang, LI Sheng-jie, WANG Hao, MA Jun-yi, WANG Ya-sha, ZHANG Da-qing. Survey on Wi-Fi based contactless activity recognition[J]. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2017, 51(4): 648-654.

[12]	QIAN Liang-fang, ZHANG Sen-lin, LIU Mei-qin. Reservation-based MAC protocol for underwater wireless sensor networks with data train[J]. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2017, 51(4): 691-696.

[13]	HUANG Yan, WANG Peng, XIE Gao hui, AN Jun xiu. Data center energy cost optimization in smart grid: a review[J]. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2016, 50(12): 2386-2399.

[14]	YU Yang,XIA Chun he,YUAN Zhi chao,LI Zhong. Trust bootstrapping model for computer network collaborative defense system[J]. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2016, 50(9): 1684-1694.

[15]	QI Ping, LI Long shu, LI Xue jun. Cloud resource scheduling algorithm with failure recovery mechanism[J]. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2015, 49(12): 2305-2315.

Viewed

Full text

Abstract

Cited

Shared

Discussed