One of Android’s main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it presents the risk information of each app in a “stand-alone” fashion and in a way that requires too much technical knowledge and time to distill useful information.
We discuss the
desired properties of risk signals and relative risk scores for Android apps in
order to generate another metric that users can utilize when choosing apps. We
present a wide range of techniques to generate both risk signals and risk
scores that are based on heuristics as well as principled machine learning
techniques. Experimental results conducted using real-world data sets show that
these methods can effectively identify malware as very risky, are simple to
understand, and easy to use.
Mobile devices are becoming ubiquitous, and they provide access to personal and sensitive information such as phone numbers, contact lists, geolocation, and SMS messages, making their security an especially important challenge. Click for more info Compared with desktop and laptop computers, mobile devices have a different paradigm for installing new applications. For traditional personal computers, a typical user installs relatively few applications, most of which are from reputable vendors, with niche applications increasingly being replaced by web-based or cloud services. For mobile devices, one often downloads and uses many applications (or apps) with limited functionality from multiple unknown vendors. Therefore, the defense against malicious applications must depend to a large degree on decisions made by the users. An important part of malware defense on mobile devices is to communicate the risk of installing an app to users, and to enable the user to make informed decisions about whether to choose and install specific apps.
We study how to effectively evaluate the risk of mobile applications, with a focus on the Android platform. The Android platform has emerged as one of the fastest growing operating systems. In May 2013 Google Inc. announced that 900 million Android devices have been activated. Additionally Google Play (formerly known as Android Market) crossed more than 48 billion downloads, and is now averaging about 2.5 billion downloads per month. Such a wide user base, coupled with ease of developing and distributing applications, makes Android an attractive target for malicious developers that seek personal gain while costing users’ money and invading users’ privacy.
One of Android’s main
defense mechanisms against malicious apps is a risk communication mechanism
which warns the user about the permissions an app requires before the app is
installed by the user, trusting that the user will make the right decision. The
specific approach used in Android has been shown to be ineffective at informing
users about potential risks. The majority of Android apps request multiple permissions.
When a user sees what appears to be the same warning message for almost every
app, warnings quickly lose any effectiveness as the users are conditioned to
ignore such warnings.
We believe that the main reason for the failure of the current Android warning approach is that it presents the risk information of each app in a “stand-alone” fashion and in a way that requires too much technical knowledge and time to distill useful information. Recently, binary risk signals based on the set of permissions an app requests have been proposed as a mechanism to improve the existing warning mechanism in requesting certain permission or certain combinations of two or three permissions triggers a warning that the app is risky.
In this paper, we
investigate permission-based risk signals that use the rarity of critical
permissions and pairs of critical permissions. In this approach, initially
reported in permissions that have significant security or privacy impact are
identified as critical, and if an app requests a critical permission (or a pair
of critical permissions) that is rarely requested by apps in the same category
as the app, the app is labeled as risky. Using a binary risk signal, i.e.,
labeling each app as either risky or not risky, however, has significant
limitations. While some apps are clearly malicious, many more apps are in a
gray area where their behaviors are questionable, but not overly malicious.
Furthermore, whether an app is malicious or not may depend on the user’s
privacy preference. A binary risk signal forces the designer to draw a line
somewhere, when no line may be “correct.”
PSCOUT: ANALYZING THE ANDROID PERMISSION SPECIFICATION
AUTHOR: K.W.Y. Au, Y.F. Zhou, Z. Huang, and D. Lie
PUBLICATION: Proc. ACM Conf. Computer and Comm. Security (CCS ’12), pp. 217-228, 2012.
Modern smartphone operating systems
(OSs) have been developed with a greater emphasis on security and protecting
privacy. One of the mechanisms these systems use to protect users is a
permission system, which requires developers to declare what sensitive
resources their applications will use, has users agree with this request when
they install the application and constrains the application to the requested
resources during runtime. As these permission systems become more common,
questions have risen about their design and implementation. In this paper, we
perform an analysis of the permission system of the Android smartphone OS in an
attempt to begin answering some of these questions. Because the documentation
of Android’s permission system is incomplete and because we wanted to be able
to analyze several versions of Android, we developed PScout, a tool that
extracts the permission specification from the Android OS source code using
static analysis. PScout overcomes several challenges, such as scalability due
to Android’s 3.4 million line code base, accounting for permission enforcement
across processes due to Android’s use of IPC, and abstracting Android’s diverse
permission checking mechanisms into a single primitive for analysis.
MAST: TRIAGE FOR MARKET-SCALE MOBILE MALWARE ANALYSIS
AUTHOR: S. Chakradeo, B. Reaves, P. Traynor, and W. Enck,
PUBLICATION: Proc. Sixth ACM Conf. Security and Privacy in Wireless and Mobile Networks (WISEC’13), pp. 13-24, 2013.
Malware is a pressing
concern for mobile application market operators. While current mitigation
techniques are keeping pace with the relatively infrequent presence of
malicious code, the rapidly increasing rate of application development makes
manual and resource-intensive automated analysis costly at market-scale. To
address this resource imbalance, we present the Mobile Application Security
Triage (MAST) architecture, a tool that helps to direct scarce malware analysis
resources towards the applications with the greatest potential to exhibit
malicious behavior. MAST analyzes attributes extracted from just the
application package using Multiple Correspondence Analysis (MCA), a statistical
method that measures the correlation between multiple categorical (i.e.,
qualitative) data. We train MAST using over 15,000 applications from Google
Play and a dataset of 732 known-malicious applications. We then use MAST to
perform triage on three third-party markets of different size and malware
composition—36,710 applications in total. Our experiments show that MAST is
both effective and performant. Using MAST ordered ranking, malware-analysis
tools can find 95% of malware at the cost of analyzing 13% of the non-malicious
applications on average across multiple markets, and MAST triage processes
markets in less than a quarter of the time required to perform signature
detection. More importantly, we show that successful triage can dramatically
reduce the costs of removing malicious applications from markets.
MEASURING USER CONFIDENCE IN SMARTPHONE SECURITY AND PRIVACY
AUTHOR: E. Chin, A.P. Felt, V. Sekar, and D. Wagner
PUBLICATION: Proc. Eighth Symp. Usable Privacy and Security, (SOUPS ’12), article 1, 2012.
In order to direct and build an effective, secure mobile ecosystem, we must first understand user attitudes toward security and privacy for smartphones and how they may differ from attitudes toward more traditional computing systems. What are users’ comfort levels in performing different tasks? How do users select applications? What are their overall perceptions of the platform? Best Android and PHP Projects for the final year college students This understanding will help inform the design of more secure smartphones that will enable users to safely and confidently benefit from the potential and convenience offered by mobile platforms.
To gain insight into user perceptions of smartphone security and installation habits, we conduct a user study involving 60 smartphone users. First, we interview users about their willingness to perform certain tasks on their smartphones to test the hypothesis that people currently avoid using their phones due to privacy and security concerns. Second, we analyze why and how they select applications, which provides information about how users decide to trust applications. Based on our findings, we present recommendations and opportunities for services that will help users safely and confidently use mobile applications and platforms.
Existing mechanisms against malicious apps is a risk communication mechanism which warns the user about the permissions an app requires before the app is installed by the user, trusting that the user will make the right decision. The specific approach used in Android has been shown to be ineffective at informing users about potential risks. The majority of apps request multiple permissions. When a user sees what appears to be the same warning message for almost every app.
- Risk warnings quickly lose any effectiveness as the users are conditioned to ignore such warnings.
- Used static analysis to determine whether an Android application is over privileged
- The permission system is complex
In this paper, we investigate permission-based risk signals that use the rarity of critical permissions and pairs of critical permissions. Find more In this approach, initially reported in permissions that have significant security or privacy impact are identified as critical, and if an app requests a critical permission (or a pair of critical permissions) that is rarely requested by apps in the same category as the app, the app is labelled as risky.
We propose the concept of risk scoring functions. Such a function assigns
to each app a numerical score, which indicates how risky the app is. This
approach presents “comparative” risk information, i.e., each app’s risk is
presented in a way so that it can be easily compared to other apps given a risk
scoring function, one can construct a risk signal by choosing a threshold above
which the signal is raised. However, we believe that it is better to use a risk
scoring function for risk communication in the following way. Given this
function, one can compute a risk ranking for each app, identifying the
percentile of the app in terms of its risk score.
- The idea of risk score functions to improve risk communication for Android apps, and identify three desiderata for an effective risk scoring function.
- We introduce a framework that includes both therarity based risk signals and probabilistic models, and explore other ways to instantiate the framework.
HARDWARE & SOFTWARE REQUIREMENTS:
v Processor – Pentium –IV
- Speed –
- RAM – 256 MB (min)
- Hard Disk – 20 GB
- Floppy Drive – 1.44 MB
- Key Board – Standard Windows Keyboard
- Mouse – Two or Three Button Mouse
- Monitor – SVGA
- Operating System : Windows XP or Win7
- Front End : Microsoft Visual Studio .NET 2008
- Script : C# Script
- Document : MS-Office 2007
Data Flow Diagram / Use Case Diagram / Flow Diagram:
- The DFD is also called as bubble chart. It is a simple graphical formalism that can be used to represent a system in terms of the input data to the system, various processing carried out on these data, and the output data is generated by the system
- The data flow diagram (DFD) is one of the most important modeling tools. It is used to model the system components. These components are the system process, the data used by the process, an external entity that interacts with the system and the information flows in the system.
- DFD shows how the information moves through the system and how it is modified by a series of transformations. It is a graphical technique that depicts information flow and the transformations that are applied as data moves from input to output.
- DFD is also known as bubble chart. A DFD may be used to represent a system at any level of abstraction. DFD may be partitioned into levels that represent increasing information flow and functional detail.
Our designing a risk signal two relevant measures are the warning rate which defines how often a user receives warnings generated by the risk signal and the detection rate which defines what percentage of malicious apps will trigger the signal. To avoid over-exposing users to warnings generated by risk signals, it is desirable that a risk signal has a low warning rate. To be effective at detecting malicious applications a risk signal should have a high detection rate. Moreover a risk signal should be easily understandable by end users. Because there is no guarantee that the market data contains no malware, a warning rate of close to 0 is not necessarily desirable. At the same time the boundary between benign and malicious apps is blurred since many apps are unnecessarily over-privileged or may contain invasive ad networks.
In this sense, raising warnings for such over-privileged apps is not a “false” positive; thus one should not equate the warning rate with the false positive rate in intrusion detection. On the other hand, an overly high warning rate is certainly undesirable because when users frequently see a warning, it becomes less effective. In general, we desire risk signals to have a relatively low (between 1 and 10 percent) warning rate, and a relatively high detection rate. Another property that we desire is that the risk signals should be easy for end users to understand. After all, no risk signal can be used to stop the installation of an app by itself. The ultimate decision lies with the end user. Find the best projects titles for your final year projects If the user can understand why a warning is raised, then there is higher chance that they can process the information accordingly.
Having an easy-to-understand risk signal also has the potential to benefit the overall eco-system of Android apps. The risk signal can be displayed on Android websites. If a small percentage of apps are identified as risky, and there is clear reason why, such as requesting a rare permission, this gives developers incentives to not request permissions the app can function without, since requiring too many permissions now reflects badly on an app.
This creates a positive feedback loops as apps requesting fewer permissions will cause other apps that request many permissions to increasingly stand out. Risk signals based only on apps from the Android market are more robust as they are not tuned to detect malicious apps in our particular data set, and aim only at detecting apps that request too much permission. Furthermore, it may be desirable for the signals to use only critical permissions so that such signals are more difficult to evade. From Android’s list of permissions, we choose 26 permissions that we call critical permissions. They are listed in Table 1. These 26 permissions were chosen because we believe they are critical for the security and privacy of end users. These permissions allow an app to either infringe upon privacy, or cause monetary loss or other kinds of damage.
critical permissions (#RCPðuÞ _ a). The first risk signal we consider is
whether an app has at least a rare critical permissions. We say that a critical
permission is rare with respect to a threshold u if it occurs in less than u
percent of the Android Market applications. This signal is triggered by an app
if it requests a or more rare critical permissions. One advantage of this
signal is that the semantic meaning is very simple and easy to understand.