Skip to main content
SpringerLink
Log in

A Novel Proposal of Using NLP to Analyze IoT Apps Towards Securing User Data

  • Conference paper
  • First Online:
Computer Information Systems and Industrial Management (CISIM 2021)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12883))

Abstract

The evolution of Internet of Things over the years has led to all time connectivity among us. However, the heterogeneity of the constituent layers of IoT makes it vulnerable to multiple security threats. One of the typical vulnerability of IoT involves the endpoint, i.e. the apps that are used by end users for enabling IoT services. Generally, the users have to authorize the app, during installation time, to perform certain tasks. Often the apps ask for permissions to access information which are not related to the IoT services provided by them. These over-privileged apps have the chance to turn malicious at any moment and use such information for their benefit. Sometimes, the users are naive enough to trust the apps and grant permissions without caution, thus leading to unintended exposure of personal information to malicious apps. It is important to analyze the app description for understanding the exact meaning of a stated functionality in the app description. In this paper, we have focused on the use of NLP in securing user data from malicious IoT apps by analysing their privacy policies and user reviews. This is followed by a novel proposal that supports cautious decision making of users based on a careful analysis of app behaviour.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. McAfee Labs Threats Report, November 2020. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-nov-2020.pdf

  2. Wang, R., Wang, Z., Tang, B., Zhao, L., Wang, L.: SmartPI: understanding permission implications of android apps from user reviews. IEEE Trans. Mob. Comput. 19(12), 2933–2945 (2020). https://doi.org/10.1109/TMC.2019.2934441

    Article  Google Scholar 

  3. Gorla, A., Tavecchia, I., Gross, F., Zeller, A.: Checking app behavior against app descriptions. In: Proceedings of the 36th International Conference on Software Engineering, pp. 1025–1035, May 2014

    Google Scholar 

  4. Yu, L., Luo, X., Qian, C., Wang, S., Leung, H.K.N.: Enhancing the description-to-behavior fidelity in android apps with privacy policy. IEEE Trans. Softw. Eng. 44(9), 834–854 (2018). https://doi.org/10.1109/TSE.2017.2730198

    Article  Google Scholar 

  5. Kuznetsov, K., Gorla, A., Tavecchia, I., Groß, F., Zeller, A.: Mining android apps for anomalies. In: Bird, C., Menzies, T., Zimmermann, T. (eds.) The Art and Science of Analyzing Software Data, pp. 257–283. Morgan Kaufmann (2015). https://doi.org/10.1016/B978-0-12-411519-4.00010-0. ISBN 9780124115194

  6. Ma, S., Wang, S., Lo, D., Deng, R.H., Sun, C.: Active semi-supervised approach for checking app behavior against its description. In: IEEE 39th Annual Computer Software and Applications Conference, Taichung, Taiwan, pp. 179–184 (2015). https://doi.org/10.1109/COMPSAC.2015.93

  7. Demissie, B.F., Ceccato, M., Shar, L.K.: Security analysis of permission re-delegation vulnerabilities in android apps. Empir. Softw. Eng. 25, 5084–5136 (2020). https://doi.org/10.1007/s10664-020-09879-8

    Article  Google Scholar 

  8. Harbach, M., Hettig, M., Weber, S., Smith, M.: Using personal examples to improve risk communication for security & privacy decisions. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2647–2656, April 2014

    Google Scholar 

  9. Jia, Y.J., et al.: ContexIoT: towards providing contextual integrity to appified IoT platforms. In: 21st Network and Distributed Security Symposium (NDSS 2017), February 2017

    Google Scholar 

  10. Shibija, K., Joseph, R.V.: A machine learning approach to the detection and analysis of android malicious apps. In: International Conference on Computer Communication and Informatics (ICCCI), pp. 1–4 (2018). https://doi.org/10.1109/ICCCI.2018.8441472

  11. Yuan, H., Tang, Y.: MADFU: an improved malicious application detection method based on features uncertainty. Entropy 22(7), 792 (2020). https://doi.org/10.3390/e22070792

    Article  MathSciNet  Google Scholar 

  12. Almuhimedi, H., et al.: Your location has been shared 5,398 times! A field study on mobile app privacy nudging. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 787–796, April 2015

    Google Scholar 

  13. Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: IEEE Symposium on Security and Privacy (SP) 2016, pp. 636–654 (2016). https://doi.org/10.1109/SP.2016.44

  14. Solanki, R.K., Laxmi, V., Gaur, M.S.: MAPPER: mapping application description to permissions. In: Kallel, S., Cuppens, F., Cuppens-Boulahia, N., Hadj Kacem, A. (eds.) CRiSIS 2019. LNCS, vol. 12026, pp. 84–98. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-41568-6_6

    Chapter  Google Scholar 

  15. Wettlaufer, J., Simo, H.: Decision support for mobile app selection via automated privacy assessment. In: Friedewald, M., Önen, M., Lievens, E., Krenn, S., Fricker, S. (eds.) Privacy and Identity 2019. IAICT, vol. 576, pp. 292–307. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42504-3_19

    Chapter  Google Scholar 

  16. Tian, Y., et al.: Smartauth: user-centered authorization for the internet of things. In: Proceedings of the 26th USENIX Conference on Security Symposium (SEC 2017), pp. 361–378. USENIX Association, USA (2017)

    Google Scholar 

  17. Story, P., et al.: Natural language processing for mobile app privacy compliance. In: AAAI Spring Symposium on Privacy-Enhancing Artificial Intelligence and Language Technologies (2019)

    Google Scholar 

  18. Tao, C., Guo, H., Huang, Z.: Identifying security issues for mobile applications based on user review summarization. Inf. Softw. Technol. 122, 106290 (2020)

    Article  Google Scholar 

  19. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: ACM Conference on Computer and Communications Security (CCS), pp. 627–638. ACM, New York (2011)

    Google Scholar 

  20. Abdiansah, A., Wardoyo, R.: Time complexity analysis of support vector machines (SVM) in LibSVM. Int. J. Comput. Appl. 128(3), 28–34 (2015). https://doi.org/10.5120/ijca2015906480

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. AKC School of Information Technology, Calcutta University, Kolkata, India

    Raghunath Maji & Rituparna Chaki

  2. Maulana Abul Kalam Azad University of Technology, West Bengal, Kolkata, India

    Atreyee Biswas

Authors
  1. Raghunath Maji
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Atreyee Biswas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rituparna Chaki
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Bialystok University of Technology, Bialystok, Poland

    Khalid Saeed

  2. VSB - Technical University of Ostrava, Ostrava, Czech Republic

    Jiří Dvorský

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Maji, R., Biswas, A., Chaki, R. (2021). A Novel Proposal of Using NLP to Analyze IoT Apps Towards Securing User Data. In: Saeed, K., Dvorský, J. (eds) Computer Information Systems and Industrial Management. CISIM 2021. Lecture Notes in Computer Science(), vol 12883. Springer, Cham. https://doi.org/10.1007/978-3-030-84340-3_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-84340-3_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-84339-7

  • Online ISBN: 978-3-030-84340-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation