Fine-Grained Risk Level Quantication Schemes Based on APK Metadata
The number of security incidents faced by Android users is growing, along with a surge in malware targeting Android terminals. Such malware arrives at the Android terminals in the form of Android Packages (APKs). Various techniques for protecting Android users from such malware have been reported, but most of them have focused on the APK files themselves. Unlike these approaches, we use Web information obtained from online APK markets to improve the accuracy of malware detection. In this paper, we propose category/cluster-based APK analysis schemes that quantify the risk of an APK. The category-based scheme uses category information available on the Web, whereas the cluster-based method uses APK descriptions to generate clusters of APK files. In this paper, the performance of the proposed schemes is verified by comparing their area under the curve values with that of a conventional scheme; moreover, the usability of Web information for the purpose of better quantifying the risks of APK files is confirmed.
KeywordsAndroid Package APK Malware Static analysis Security
- 1.Bartel, A., Klein, J., Le Traon, Y., Monperrus, M.: Automatically securing permission-based software by reducing the attack surface: an application to android. In: Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering (2012)Google Scholar
- 4.Gorla, A., Tavecchia, I., Gross, F., Zeller, A.: Checking app behavior against app descriptions. In: Proceedings of the 36th International Conference on Software Engineering (2014)Google Scholar
- 5.MacQueen, J.: Some methods for classification and analysis of multivariate observations. In: Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability. Statistics, vol. 1, pp. 281–297 (1967)Google Scholar
- 6.Sarma, B.P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Android permissions: a perspective combining risks and benefits. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies (2012)Google Scholar
- 7.Takahashi, T., Nakao, K., Kanaoka, A.: Data model for android package information and its application to risk analysis system. In: Proceedings of the First ACM Workshop on Information Sharing and Collaborative Security (2014)Google Scholar