In the last decade, we have witnessed an unprecedented increase in the adoption of mobile devices. A substantial number of these devices run on the Android operating system. Android is an open-source operating system based on Linux, which provides a permission-based security model that demands each application to request explicit permissions (approved by the user) before it can be installed to run. However, end users cannot estimate application risk, so the user's decision is almost completely unrelated to the application risk level. Moreover, due to the platform openness and the plethora of available software, dangerous apps (even if not necessarily malware) are now also very common for Android devices. In this paper we propose a new approach and a tool to evaluate the potential risk of Android application packages to help end user security awareness. The tool exploits both static and dynamic analysis techniques. It examines the correlations between app required permissions and the invoked APIs, as well as the contents in the package, and subsequently it uses a dynamic analysis module to confirm the suspicions proposed by static modules. The risk activities detected by analysis modules are then mapped into finer-grained risk categories and further evaluated using the fuzzy logic algorithm. Fuzzy logic aims to deal with uncertainty which arises from the nature of automatic analysis, as not all detected activities intend to cause harm. For the sake of both tech-uninterested and tech-savvy users, the results contain a simple numerical value showing the risk level plus a detailed report of detected activities and their mappings to the risk categories. Finally, we tested our software on a large set of real-world samples, demonstrating its efficiency and showing a reasonable capacity to identify and evaluate the potential risk of application packages, both the benign and the malicious ones.

How Dangerous is Your Android App? An Evaluation Methodology / Atzeni, Andrea; Su, Tao; M., Baltatu; R., D'Alessandro; G., Pessiva. - ELETTRONICO. - (2014), pp. 130-139. ((Intervento presentato al convegno 11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services tenutosi a London, United Kingdom nel 02/12/2014-05/12/2014 [10.4108/icst.mobiquitous.2014.257832].

How Dangerous is Your Android App? An Evaluation Methodology

ATZENI, ANDREA;SU, TAO;
2014

Abstract

In the last decade, we have witnessed an unprecedented increase in the adoption of mobile devices. A substantial number of these devices run on the Android operating system. Android is an open-source operating system based on Linux, which provides a permission-based security model that demands each application to request explicit permissions (approved by the user) before it can be installed to run. However, end users cannot estimate application risk, so the user's decision is almost completely unrelated to the application risk level. Moreover, due to the platform openness and the plethora of available software, dangerous apps (even if not necessarily malware) are now also very common for Android devices. In this paper we propose a new approach and a tool to evaluate the potential risk of Android application packages to help end user security awareness. The tool exploits both static and dynamic analysis techniques. It examines the correlations between app required permissions and the invoked APIs, as well as the contents in the package, and subsequently it uses a dynamic analysis module to confirm the suspicions proposed by static modules. The risk activities detected by analysis modules are then mapped into finer-grained risk categories and further evaluated using the fuzzy logic algorithm. Fuzzy logic aims to deal with uncertainty which arises from the nature of automatic analysis, as not all detected activities intend to cause harm. For the sake of both tech-uninterested and tech-savvy users, the results contain a simple numerical value showing the risk level plus a detailed report of detected activities and their mappings to the risk categories. Finally, we tested our software on a large set of real-world samples, demonstrating its efficiency and showing a reasonable capacity to identify and evaluate the potential risk of application packages, both the benign and the malicious ones.
File in questo prodotto:
File Dimensione Formato  
p130-atzeni.pdf

non disponibili

Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 757.12 kB
Formato Adobe PDF
757.12 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2580341
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo