Abstract
Android as a widest used operating system for smartphones and mobile devices uses permissions to restrict malicious applications (apps). However, malware developers use various social engineering methods to entice users for installing malwares after granting critical permissions by users. Therefore, it is essential to estimate security risks of untrusted Android apps to help users for making better decisions regarding app selection and installation. In this paper, the concept of criticality for Android permissions is precisely defined according to the abuse of permissions by known malwares and their legal usage by useful apps. Based on this definition and analyzing requested permissions of large numbers of malwares and benign apps, a new criterion is proposed to measure the security risks of the apps. This measure benefits from the concepts of entropy and information gain of permissions regarding separating malwares from benign apps. In this criterion, more informative permissions have higher impacts on the computed risk values. In order to evaluate the proposed criterion, two new datasets of recent malicious and non-malicious Android apps have been constructed and analyzed against existing ones. This analysis shows that permission usage patterns of Android apps are changed over the time. Empirical evaluations on recent and previous malwares and benign apps reveal the superiority of the proposed criterion with respect to previously proposed ones in terms of assigning larger risk values to malwares.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Aafer Y, Du W, Yin H (2013) DroidAPIMiner: mining API-level features for robust malware detection in Android. In: Zhou J (ed) Security and privacy in communication networks. Springer, Berlin, pp 86–103
Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K (2014) DREBIN: effective and explainable detection of Android malware in your pocket. In: NDSS. https://doi.org/10.14722/ndss.2014.23247
Au KWY, Zhou YF, Huang Z, Lie D (2012) Pscout: analyzing the Android permission specification. In: Proceedings of the 2012 ACM conference on Computer and communications security. ACM, pp 217–228
Barrera D, Kayacik HG, van Oorschot PC, Somayaji A (2010) A methodology for empirical analysis of permission-based security models and its application to Android. In: Proceedings of the 17th ACM conference on Computer and communications security. ACM, pp 73–84
Burguera I, Zurutuza U, Nadjm-Tehrani S (2011).Crowdroid: behavior-based malware detection system for Android. In: Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices. ACM, pp 15–26
Cen L, Gates C, Si L, Li N (2015) A probabilistic discriminative model for Android malware detection with decompiled source code. IEEE Trans Dependable Secure Comput 12(4):400–412
Chakradeo S, Reaves B, Traynor P, Enck W (2013) Mast: triage for market-scale mobile malware analysis. In: Proceedings of the sixth ACM conference on security and privacy in wireless and mobile networks. ACM, pp 13–24
Christodorescu M, Jha S, Kruegel C (2008) Mining specifications of malicious behavior. In: Proceedings of the 1st India software engineering conference. ACM, pp 5–14
Desnos A (2012) Android: static analysis using similarity distance. In: 2012 45th Hawaii international conference on system science (HICSS). IEEE, pp 5394–5403
Deypir M, Horri A (2018) Instance based security risk value estimation for Android applications. J Inf Secur Appl 40:20–30
Enck W, Ongtang M, McDaniel P (2009) On lightweight mobile phone application certification. In: Proceedings of the 16th ACM conference on Computer and communications security. ACM, pp 235–245
Fang Z, Han W, Li Y (2014) Permission based Android security: issues and countermeasures. Comput Secur 43:205–218
Felt AP, Ha E, Egelman S, Haney A, Chin E, Wagner D (2012) Android permissions: user attention, comprehension, and behavior. Technical report of UCB/EECS-2012-26, UC Berkeley
Gates CS, Chen J, Li N, Proctor RW (2014a) Effective risk communication for Android apps. IEEE Trans Dependable Secure Comput 11(3):252–265
Gates CS, Li N, Peng H, Sarma B, Qi Y, Potharaju R, Molloy I (2014b) Generating summary risk scores for mobile applications. IEEE Trans Dependable Secure Comput 11(3):238–251
Geneiatakis D, Fovino IN, Kounelis I, Stirparo P (2015) A permission verification approach for Android mobile applications. Comput Secur 49:192–205
Ham HS, Choi MJ (2013) Analysis of Android malware detection performance using machine learning classifiers. In: 2013 international conference on ICT Convergence (ICTC). IEEE, pp 490–495
Jha AK, Lee WJ (2018) An empirical study of collaborative model and its security risk in Android. J Syst Softw 137:550–562
Kelley PG, Consolvo S, Cranor LF, Jung J, Sadeh N, Wetherall D (2012) A conundrum of permissions: installing applications on an Android smartphone. In: Blyth J, Dietrich S, Camp LJ (eds) Financial cryptography and data security. Springer, Berlin, pp 68–79
Kelley PG, Cranor LF, Sadeh N (2013) Privacy as part of the app decision-making process. In: Proceedings of the SIGCHI conference on human factors in computing systems. ACM, pp 3393–3402
Martín A, Menéndez HD, Camacho D (2017) MOCDroid: multi-objective evolutionary classifier for Android malware detection. Soft comput 21(24):7405–7415
Peng H, Gates C, Sarma B, Li N, Qi Y, Potharaju R, Molloy I (2012) Using probabilistic generative models for ranking risks of Android apps. In: Proceedings of the 2012 ACM conference on Computer and communications security. ACM, pp 241–252
Quinlan R (1983) Learning efficient classification procedures. In: Michalski, Carbonell & Mitchell (eds.) Machine Learning: an artificial intelligence approach. Morgan Kaufmann, pp 463–482
Rieck K, Holz T, Willems C, Düssel P, Laskov P (2008) Learning and classification of malware behavior. In: Zamboni D (ed) Detection of intrusions and malware, and vulnerability assessment. Springer, Berlin, pp 108–125
Sarma BP, Li N, Gates C, Potharaju R, Nita-Rotaru C, Molloy I (2012) Android permissions: a perspective combining risks and benefits. In: Proceedings of the 17th ACM symposium on access control models and technologies. ACM, pp 13–22
Schmidt AD, Bye R, Schmidt HG, Clausen J, Kiraz O, Yüksel K, Albayrak S (2009) Static analysis of executables for collaborative malware detection on Android. In: IEEE international conference on communications, 2009. ICC’09. IEEE, pp 1–5
Shabtai A, Elovici Y (2010) Applying behavioral detection on Android-based devices. In: Cai Y, Magedanz T, Li M, Xia J, Giannelli C (eds) Mobile wireless middleware, operating systems, and applications. Springer, Berlin, pp 235–249
Talha KA, Alper DI, Aydin C (2015) APK Auditor: permission-based Android malware detection system. Digit Investig 13:1–14
Wang W, Li Y, Wang X, Liu J, Zhang X (2018) Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers. Future Gener Comput Syst 78(3):987–994
Zhou Y, Jiang X (2012) Dissecting Android malware: characterization and evolution. In: 2012 IEEE symposium on security and privacy (SP). IEEE, pp 95–109
Zhou Y, Wang Z, Zhou W, Jiang X (2012) Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: NDSS. Proceedings of the 19th Network and Distributed System Security Symposium (NDSS 2012) San Diego, CA
Acknowledgements
We would like to thank Mila Parkour for providing new Android malware samples.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The author declares that he has no conflict of interest regarding the publication of this paper.
Additional information
Communicated by V. Loia.
Rights and permissions
About this article
Cite this article
Deypir, M. Entropy-based security risk measurement for Android mobile applications. Soft Comput 23, 7303–7319 (2019). https://doi.org/10.1007/s00500-018-3377-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-018-3377-5