Android uses a permission-based security model to limit its app's capability. However, the user's decision is almost completely unrelated to the app's risk level due to insucient information. The platform openness and the plethora of available software also make dangerous apps (not necessarily malware) very common. To enhance end-user security awareness, we propose a new approach and tool to evaluate the potential risks of Android app packages. We integrated various static and dynamic analysis techniques into a framework able to detect suspicious activities, map them to ne-grained risk categories and evaluate them with the fuzzy logic algorithm. This tool can retrieve and analyse large quantities of apps automatically and provides a simple logic for other tools to integrate with. Finally, our software has been tested on a large set of real-world samples, both benign and malicious, demonstrating its eciency (4s/app) and a reasonable capacity to evaluate the risk of Android app packages.
|Titolo:||Android Apps Risk Evaluation: a methodology|
|Data di pubblicazione:||2015|
|Digital Object Identifier (DOI):||10.4108/ue.1.4.e5|
|Appare nelle tipologie:||1.1 Articolo in rivista|
File in questo prodotto: