Fine-Grained Risk Level Quantication Schemes Based on APK Metadata

  • Takeshi TakahashiEmail author
  • Tao Ban
  • Takao Mimura
  • Koji Nakao
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9491)


The number of security incidents faced by Android users is growing, along with a surge in malware targeting Android terminals. Such malware arrives at the Android terminals in the form of Android Packages (APKs). Various techniques for protecting Android users from such malware have been reported, but most of them have focused on the APK files themselves. Unlike these approaches, we use Web information obtained from online APK markets to improve the accuracy of malware detection. In this paper, we propose category/cluster-based APK analysis schemes that quantify the risk of an APK. The category-based scheme uses category information available on the Web, whereas the cluster-based method uses APK descriptions to generate clusters of APK files. In this paper, the performance of the proposed schemes is verified by comparing their area under the curve values with that of a conventional scheme; moreover, the usability of Web information for the purpose of better quantifying the risks of APK files is confirmed.


Android Package APK Malware Static analysis Security 


  1. 1.
    Bartel, A., Klein, J., Le Traon, Y., Monperrus, M.: Automatically securing permission-based software by reducing the attack surface: an application to android. In: Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering (2012)Google Scholar
  2. 2.
    Blei, D.M., Ng, A.Y., Jordan, M.I.: Latent dirichlet allocation. J. Mach. Learn. Res. 3, 993–1022 (2003)zbMATHGoogle Scholar
  3. 3.
    Brown, C.D., Davis, H.T.: Receiver operating characteristics curves and related decision measures: a tutorial. Chemometr. Intell. Lab. Syst. 80(1), 24–38 (2006)CrossRefGoogle Scholar
  4. 4.
    Gorla, A., Tavecchia, I., Gross, F., Zeller, A.: Checking app behavior against app descriptions. In: Proceedings of the 36th International Conference on Software Engineering (2014)Google Scholar
  5. 5.
    MacQueen, J.: Some methods for classification and analysis of multivariate observations. In: Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability. Statistics, vol. 1, pp. 281–297 (1967)Google Scholar
  6. 6.
    Sarma, B.P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Android permissions: a perspective combining risks and benefits. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies (2012)Google Scholar
  7. 7.
    Takahashi, T., Nakao, K., Kanaoka, A.: Data model for android package information and its application to risk analysis system. In: Proceedings of the First ACM Workshop on Information Sharing and Collaborative Security (2014)Google Scholar
  8. 8.
    Wang, Y., Zheng, J., Sun, C., Mukkamala, S.: Quantitative security risk assessment of android permissions and applications. In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 226–241. Springer, Heidelberg (2013) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Takeshi Takahashi
    • 1
    Email author
  • Tao Ban
    • 1
  • Takao Mimura
    • 2
  • Koji Nakao
    • 1
  1. 1.National Institute of Information and Communications TechnologyTokyoJapan
  2. 2.Secure Brain CorporationTokyoJapan

Personalised recommendations