RiskInDroid: Machine Learning-Based Risk Analysis on Android

Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 502)

Abstract

Risk analysis on Android is aimed at providing metrics to users for evaluating the trustworthiness of the apps they are going to install. Most of current proposals calculate a risk value according to the permissions required by the app through probabilistic functions that often provide unreliable risk values. To overcome such limitations, this paper presents RiskInDroid, a tool for risk analysis of Android apps based on machine learning techniques. Extensive empirical assessments carried out on more than 112 K apps and 6 K malware samples indicate that RiskInDroid outperforms probabilistic methods in terms of precision and reliability.

Keywords

Risk analysis Android security Static analysis Machine learning 

References

  1. 1.
    Gartner. Gartner Says Five of Top. 10 Worldwide Mobile Phone Vendors Increased Sales in Second Quarter of 2016Google Scholar
  2. 2.
    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011), New York, NY, USA, pp. 627–638. ACM (2011)Google Scholar
  3. 3.
    Gates, C.S., Li, N., Peng, H., Sarma, B., Qi, Y., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Generating summary risk scores for mobile applications. IEEE Trans. Dependable Sec. Comput. 11(3), 238–251 (2014)CrossRefGoogle Scholar
  4. 4.
    Hao, H., Li, Z., Yu, H.: An effective approach to measuring and assessing the risk of android application. In: 2015 International Symposium on Theoretical Aspects of Software Engineering (TASE), pp. 31–38. IEEE (2015)Google Scholar
  5. 5.
    Dini, G., Martinelli, F., Matteucci, I., Petrocchi, M., Saracino, A., Sgandurra, D.: Risk analysis of android applications: a user-centric solution. Future Gener. Comput. Syst. (2016). doi: 10.1016/j.future.2016.05.035
  6. 6.
    Li, S., Tryfonas, T., Russell, G., Andriotis, P.: Risk assessment for mobile systems through a multilayered hierarchical bayesian network (2016)Google Scholar
  7. 7.
    Wang, Y., Zheng, J., Sun, C., Mukkamala, S.: Quantitative security risk assessment of android permissions and applications. In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 226–241. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39256-6_15 CrossRefGoogle Scholar
  8. 8.
    Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: DREBIN: effective and explainable detection of android malware in your pocket. In: NDSS (2014)Google Scholar
  9. 9.
    Contagio mobile malware mini dump. http://contagiominidump.blogspot.com/. Accessed 6 Apr 2017
  10. 10.
    Husted, N.: Android malware dataset (2011)Google Scholar
  11. 11.
    Bhatia, A.: Collection of android malware samples (2016)Google Scholar
  12. 12.
    Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., Duchesnay, E.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12, 2825–2830 (2011)MathSciNetMATHGoogle Scholar
  13. 13.
    James, G., Witten, D., Hastie, T., Tibshirani, R.: An Introduction to Statistical Learning: With Applications in R. Springer, New York (2014)MATHGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2017

Authors and Affiliations

  1. 1.DIBRISUniversity of GenoaGenoaItaly
  2. 2.Talos Security, s.r.l.s.SavonaItaly

Personalised recommendations