%0 Conference Proceedings
%T Quantitative Security Risk Assessment of Android Permissions and Applications
%+ New Mexico Institute of Mining and Technology [New Mexico Tech] (NMT)
%+ CAaNES, LLC [RiskSense, Inc]
%A Wang, Yang
%A Zheng, Jun
%A Sun, Chen
%A Mukkamala, Srinivas
%Z Part 6: Mobile Computing
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 27th Data and Applications Security and Privacy (DBSec)
%C Newark, NJ, United States
%Y Lingyu Wang
%Y Basit Shafiq
%I Springer
%3 Data and Applications Security and Privacy XXVII
%V LNCS-7964
%P 226-241
%8 2013-07-15
%D 2013
%R 10.1007/978-3-642-39256-6_15
%K Android App
%K Android Permission
%K Malware
%K Risk Assessment
%K DroidRisk
%Z Computer Science [cs]Conference papers
%X The booming of the Android platform in recent years has attracted the attention of malware developers. However, the permissions-based model used in Android system to prevent the spread of malware, has shown to be ineffective. In this paper, we propose DroidRisk, a framework for quantitative security risk assessment of both Android permissions and applications (apps) based on permission request patterns from benign apps and malware, which aims to improve the efficiency of Android permission system. Two data sets with 27,274 benign apps from Google Play and 1,260 Android malware samples were used to evaluate the effectiveness of DroidRisk. The results demonstrate that DroidRisk can generate more reliable risk signal for warning the potential malicious activities compared with existing methods. We show that DroidRisk can also be used to alleviate the overprivilege problem and improve the user attention to the risks of Android permissions and apps.
%G English
%Z TC 11
%Z WG 11.3
%2 https://inria.hal.science/hal-01490707/document
%2 https://inria.hal.science/hal-01490707/file/978-3-642-39256-6_15_Chapter.pdf
%L hal-01490707
%U https://inria.hal.science/hal-01490707
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-WG11-3
%~ IFIP-DBSEC
%~ IFIP-LNCS-7964