Advertisement

Cluster Computing

, Volume 22, Supplement 3, pp 5479–5489 | Cite as

A novel method to find important apps base on the analysis of components relationship

  • Qi LiEmail author
  • Chengze Li
  • Guangyu Gao
  • Yanyi Huang
Article
  • 182 Downloads

Abstract

With the mobile Internet rapidly developing and the number of mobile applications increasing sharply, the security of the mobile apps has been paid more and more attention in recent years. Many analysis methods for single app have been used in detecting the vulnerability and malicious code. Since mobile apps always related to each other by invoking components, some researchers began to focus on the analysis for multi-applications. But facing with millions of mobile applications, with limited resources, how to improve the ability of security analysis and protection is a difficult problem. For this purpose, we introduce a novel method to mine the correlation among a large number of applications, and finding the nodes that are in the critical position in the process of invoking components. In the proposed method, we first extract the important information from apps and build a database of components. Then, we try to analysis the potential relationship of apps based on the process of invoking components. Moreover, we proposed a novel metric of importance, which can help to find the apps which play important roles in the app-network. We did some experiments to evaluate the proposed method, the experiments show that, we can assess the influence of apps, and figure out the priority of targets during massive application analysis, whether for purpose of detection or protection.

Keywords

Vulnerability Mobile application Allocate efficiently Metrics of importance 

Notes

Acknowledgements

This work is supported by National Natural Science Foundation of China (CN) Project (U153610079, 61401038).

References

  1. 1.
    AppBrain: Android statistics: number of android applications (2016)Google Scholar
  2. 2.
    Baidu: Bdsuite android market. https://www.baidu.com/ (2017)
  3. 3.
    Tencent: Myapp market. https://android.myapp.com/ (2017)
  4. 4.
    Malhotra, R.: an empirical framework for defect prediction using machine learning techniques with Android software. Appl. Soft Comput. 40(10), 993–1006 (2016)Google Scholar
  5. 5.
    Li, L., Bartel, A., Bissyand’e, T. F., Klein, J., Le Traon, Y.: ApkCombiner: combining multiple android apps to support inter-app analysis. In: Proceedings of the 30th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC 2015) (2015)CrossRefGoogle Scholar
  6. 6.
    Lu, L., Li, Z., Wu, Z., Lee, W., Jiang, G.: Chex: statically vetting android apps for component hijacking vulnerabilities. In: Proceedings of the 2012 ACM conference on Computer and communications security. ACM, pp. 229–240 (2012)Google Scholar
  7. 7.
    Hoog, A.: The incident response playbook for android and ios. In: RSA Conference 2016 (2016)Google Scholar
  8. 8.
    Wooyun.: Wormhole analysis report. Technical Report (2015)Google Scholar
  9. 9.
    Sbirlea, D., Burke, M.G., Guarnieri, S., Pistoia, M., Sarkar, V.: Automatic detection of inter-application permission leaks in android applications. IBM J. Res. Dev. 57(6), 10-1 (2013)CrossRefGoogle Scholar
  10. 10.
    Du, Y., Wang, X., Wang, J.: A static android malicious code detection method based on multi-source fusion. Secur. Commun. Netw. 8(17), 3238–3246 (2015)CrossRefGoogle Scholar
  11. 11.
    Zhao, Z., Wang, J., Wang, C.: An unknown malware detection scheme based on the features of graph. Secur. Commun. Netw. 6(2), 239–246 (2013)CrossRefGoogle Scholar
  12. 12.
    Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R., Shastry, B.: Towards taming privilege-escalation attacks on android. In: NDSS, vol. 17, p. 19 (2012)Google Scholar
  13. 13.
    Li, L.: Boosting static security analysis of android apps through code instrumentation. Ph.D. dissertation, University of Luxembourg, Luxembourg (2016)Google Scholar
  14. 14.
    Jacomy, M., Venturini, T., Heymann, S., Bastian, M.: Forceatlas2, a continuous graph layout algorithm for handy network visualization designed for the gephi software. PloS ONE 9(6), e98679 (2014)CrossRefGoogle Scholar
  15. 15.
    Marforio, C., Francillon, A., Capkun, S., Capkun, S., Capkun, S.: Application collusion attack on the permission-based security model and its implications for modern smartphone systems. Department of Computer Science, ETH Zurich, Zurich (2011)Google Scholar
  16. 16.
    Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., Yves, L.: Effective inter-component communication mapping in android with EPICC: an essential step towards holistic security analysis. In: USENIX Security 2013 (2013)Google Scholar
  17. 17.
    Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Yves, L., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. vol. 49, no. 6, pp. 259–269 (2014)CrossRefGoogle Scholar
  18. 18.
    Klieber, W., Flynn, L., Bhosale, A., Jia, L., Bauer, L.: Android taint flow analysis for app sets, pp. 1–6 (2014)Google Scholar
  19. 19.
    Octeau, D., Luchaup, D., Dering, M., Jha, S., McDaniel, P.: “Composite constant propagation: application to android inter-component communication analysis. In: Proceedings of the 37th International Conference on Software Engineering, IEEE Press, vol. 1, pp. 77–88 (2015)Google Scholar
  20. 20.
    Octeau, D., Jha, S., Dering, M., McDaniel, P., Bartel, A., Li, L., Klein, J., Yves, L.: Combining static analysis with probabilistic models to enable market-scale android inter-component analysis. In: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, pp. 469–484 (2016)Google Scholar
  21. 21.
    Zhao, Y., Song, W.: Survey on social-aware data dissemination over mobile wireless networks. IEEE Access 5, 6049–6059 (2017)CrossRefGoogle Scholar
  22. 22.
    Zhou, J., Wang, Q., Tsai, S., Xue, Y., Dong, W.: How to evaluate the job satisfaction of development personnel. IEEE Trans. Syst. Man Cybern. 47(11), 2809–2816 (2017)CrossRefGoogle Scholar
  23. 23.
    Baldinelli, G., Bonafoni, S., Rotili, A.: Albedo retrieval from multispectral Landsat 8 observation in Urban environment: algorithm validation by in situ measurements. IEEE J. Sel. Topics Appl. Earth Obs. Remote Sens. 10(10), 4504–4511 (2017)CrossRefGoogle Scholar
  24. 24.
    Bai, X., Lee, I., Ning, Z., Tolba, A., Xia, F.: The role of positive and negative citations in scientific evaluation. IEEE Access 5, 17607–17617 (2017)CrossRefGoogle Scholar
  25. 25.
    Guo, J., Guo, H.L., Wang, Z.Y.: An activation force based affinity measure for analyzing complex networks. Sci. Rep. 1, 113 (2011)CrossRefGoogle Scholar
  26. 26.
    Page, L., Brin, S., Motwani, R., Winograd, T.: The pagerank citation ranking: bringing order to the web. Tech. Rep. (1999)Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2017

Authors and Affiliations

  1. 1.Beijing University of Posts and TelecommunicationsBeijingChina
  2. 2.Beijing Institute of TechnologyBeijingChina

Personalised recommendations