Abstract
The evolution of Internet of Things over the years has led to all time connectivity among us. However, the heterogeneity of the constituent layers of IoT makes it vulnerable to multiple security threats. One of the typical vulnerability of IoT involves the endpoint, i.e. the apps that are used by end users for enabling IoT services. Generally, the users have to authorize the app, during installation time, to perform certain tasks. Often the apps ask for permissions to access information which are not related to the IoT services provided by them. These over-privileged apps have the chance to turn malicious at any moment and use such information for their benefit. Sometimes, the users are naive enough to trust the apps and grant permissions without caution, thus leading to unintended exposure of personal information to malicious apps. It is important to analyze the app description for understanding the exact meaning of a stated functionality in the app description. In this paper, we have focused on the use of NLP in securing user data from malicious IoT apps by analysing their privacy policies and user reviews. This is followed by a novel proposal that supports cautious decision making of users based on a careful analysis of app behaviour.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
McAfee Labs Threats Report, November 2020. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-nov-2020.pdf
Wang, R., Wang, Z., Tang, B., Zhao, L., Wang, L.: SmartPI: understanding permission implications of android apps from user reviews. IEEE Trans. Mob. Comput. 19(12), 2933–2945 (2020). https://doi.org/10.1109/TMC.2019.2934441
Gorla, A., Tavecchia, I., Gross, F., Zeller, A.: Checking app behavior against app descriptions. In: Proceedings of the 36th International Conference on Software Engineering, pp. 1025–1035, May 2014
Yu, L., Luo, X., Qian, C., Wang, S., Leung, H.K.N.: Enhancing the description-to-behavior fidelity in android apps with privacy policy. IEEE Trans. Softw. Eng. 44(9), 834–854 (2018). https://doi.org/10.1109/TSE.2017.2730198
Kuznetsov, K., Gorla, A., Tavecchia, I., Groß, F., Zeller, A.: Mining android apps for anomalies. In: Bird, C., Menzies, T., Zimmermann, T. (eds.) The Art and Science of Analyzing Software Data, pp. 257–283. Morgan Kaufmann (2015). https://doi.org/10.1016/B978-0-12-411519-4.00010-0. ISBN 9780124115194
Ma, S., Wang, S., Lo, D., Deng, R.H., Sun, C.: Active semi-supervised approach for checking app behavior against its description. In: IEEE 39th Annual Computer Software and Applications Conference, Taichung, Taiwan, pp. 179–184 (2015). https://doi.org/10.1109/COMPSAC.2015.93
Demissie, B.F., Ceccato, M., Shar, L.K.: Security analysis of permission re-delegation vulnerabilities in android apps. Empir. Softw. Eng. 25, 5084–5136 (2020). https://doi.org/10.1007/s10664-020-09879-8
Harbach, M., Hettig, M., Weber, S., Smith, M.: Using personal examples to improve risk communication for security & privacy decisions. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2647–2656, April 2014
Jia, Y.J., et al.: ContexIoT: towards providing contextual integrity to appified IoT platforms. In: 21st Network and Distributed Security Symposium (NDSS 2017), February 2017
Shibija, K., Joseph, R.V.: A machine learning approach to the detection and analysis of android malicious apps. In: International Conference on Computer Communication and Informatics (ICCCI), pp. 1–4 (2018). https://doi.org/10.1109/ICCCI.2018.8441472
Yuan, H., Tang, Y.: MADFU: an improved malicious application detection method based on features uncertainty. Entropy 22(7), 792 (2020). https://doi.org/10.3390/e22070792
Almuhimedi, H., et al.: Your location has been shared 5,398 times! A field study on mobile app privacy nudging. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 787–796, April 2015
Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: IEEE Symposium on Security and Privacy (SP) 2016, pp. 636–654 (2016). https://doi.org/10.1109/SP.2016.44
Solanki, R.K., Laxmi, V., Gaur, M.S.: MAPPER: mapping application description to permissions. In: Kallel, S., Cuppens, F., Cuppens-Boulahia, N., Hadj Kacem, A. (eds.) CRiSIS 2019. LNCS, vol. 12026, pp. 84–98. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-41568-6_6
Wettlaufer, J., Simo, H.: Decision support for mobile app selection via automated privacy assessment. In: Friedewald, M., Önen, M., Lievens, E., Krenn, S., Fricker, S. (eds.) Privacy and Identity 2019. IAICT, vol. 576, pp. 292–307. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42504-3_19
Tian, Y., et al.: Smartauth: user-centered authorization for the internet of things. In: Proceedings of the 26th USENIX Conference on Security Symposium (SEC 2017), pp. 361–378. USENIX Association, USA (2017)
Story, P., et al.: Natural language processing for mobile app privacy compliance. In: AAAI Spring Symposium on Privacy-Enhancing Artificial Intelligence and Language Technologies (2019)
Tao, C., Guo, H., Huang, Z.: Identifying security issues for mobile applications based on user review summarization. Inf. Softw. Technol. 122, 106290 (2020)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: ACM Conference on Computer and Communications Security (CCS), pp. 627–638. ACM, New York (2011)
Abdiansah, A., Wardoyo, R.: Time complexity analysis of support vector machines (SVM) in LibSVM. Int. J. Comput. Appl. 128(3), 28–34 (2015). https://doi.org/10.5120/ijca2015906480
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Maji, R., Biswas, A., Chaki, R. (2021). A Novel Proposal of Using NLP to Analyze IoT Apps Towards Securing User Data. In: Saeed, K., Dvorský, J. (eds) Computer Information Systems and Industrial Management. CISIM 2021. Lecture Notes in Computer Science(), vol 12883. Springer, Cham. https://doi.org/10.1007/978-3-030-84340-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-84340-3_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-84339-7
Online ISBN: 978-3-030-84340-3
eBook Packages: Computer ScienceComputer Science (R0)