Our recent work on Android Security has been accepted by IEEE Transactions on Information Forensics and Security [PDF].
Paper Title: Exploring Permission-induced Risk in Android Applications for Malicious Application Detection
Abstract of the paper: Android has been a major target of malicious applications (malapps). How to detect and keep the malapps out of the app markets is an ongoing challenge. One of the central design points of Android security mechanism is permission control that restricts the access of apps to core facilities of devices. However, it imparts a significant responsibility to the app developers with regard to accurately specifying the requested permissions and to the users with regard to fully understanding the risk of granting certain combinations of permissions.
Android permissions requested by an app depict the app’s behavioral patterns. In order to help understanding Android permissions, in this work, we explore the permission-induced risk in Android apps on three levels in a systematic manner. First, we thoroughly analyze the risk of individual permission and the risk of a group of collaborative permissions. We employ three feature ranking methods, namely, mutual information, Correlation Coefficient (CorrCoef), and T-test to rank Android individual permissions w.r.t. their risk. We then use Sequential Forward Selection (SFS) as well as Principal Component Analysis (PCA) to identify risky permission subsets. Second, we evaluate the usefulness of risky permissions for malapp detection with Support Vector Machine (SVM), decision trees as well as random forest. Third, we in depth analyze the detection results and discuss the feasibility as well as the limitations of malapp detection based on permission requests. We evaluate our methods on a very large official app set consisting of 310,926 benign apps and 4,868 real-world malapps and on a third-party app sets. The empirical results show that our malapp detectors built on risky permissions give satisfied performance (a detection rate as 94.62% with a false positive rate as 0.6%), catch the malapps’ essential patterns on violating permission access regulations, and are universally applicable to unknown malapps (detection rate as 74.03%).