File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
Supplementary

Article: Enhancing the Description-to-Behavior Fidelity in Android Apps with Privacy Policy

TitleEnhancing the Description-to-Behavior Fidelity in Android Apps with Privacy Policy
Authors
Keywordsprivacy policy
Mobile applications
Issue Date2018
Citation
IEEE Transactions on Software Engineering, 2018, v. 44, n. 9, p. 834-854 How to Cite?
AbstractSince more than 96 percent of mobile malware targets the Android platform, various techniques based on static code analysis or dynamic behavior analysis have been proposed to detect malicious apps. As malware is becoming more complicated and stealthy, recent research proposed a promising detection approach that looks for the inconsistency between an app's permissions and its description. In this paper, we first revisit this approach and reveal that using description and permission will lead to many false positives because descriptions often fail to declare all sensitive operations. Then, we propose exploiting an app's privacy policy and its bytecode to enhance the malware detection based on description and permissions. It is non-trivial to automatically analyze privacy policy and perform the cross-verification among these four kinds of software artifacts including, privacy policy, bytecode, description, and permissions. To address these challenging issues, we first propose a novel data flow model for analyzing privacy policy, and then develop a new system, named TAPVerifier, for carrying out investigation of individual software artifacts and conducting the cross-verification. The experimental results show that TAPVerifier can analyze privacy policy with a high accuracy and recall rate. More importantly, integrating privacy policy and bytecode level information can remove up to 59.4 percent false alerts of the state-of-the-art systems, such as AutoCog, CHABADA, etc.
Persistent Identifierhttp://hdl.handle.net/10722/303537
ISSN
2023 Impact Factor: 6.5
2023 SCImago Journal Rankings: 1.868
ISI Accession Number ID

 

DC FieldValueLanguage
dc.contributor.authorYu, Le-
dc.contributor.authorLuo, Xiapu-
dc.contributor.authorQian, Chenxiong-
dc.contributor.authorWang, Shuai-
dc.contributor.authorLeung, Hareton K.N.-
dc.date.accessioned2021-09-15T08:25:31Z-
dc.date.available2021-09-15T08:25:31Z-
dc.date.issued2018-
dc.identifier.citationIEEE Transactions on Software Engineering, 2018, v. 44, n. 9, p. 834-854-
dc.identifier.issn0098-5589-
dc.identifier.urihttp://hdl.handle.net/10722/303537-
dc.description.abstractSince more than 96 percent of mobile malware targets the Android platform, various techniques based on static code analysis or dynamic behavior analysis have been proposed to detect malicious apps. As malware is becoming more complicated and stealthy, recent research proposed a promising detection approach that looks for the inconsistency between an app's permissions and its description. In this paper, we first revisit this approach and reveal that using description and permission will lead to many false positives because descriptions often fail to declare all sensitive operations. Then, we propose exploiting an app's privacy policy and its bytecode to enhance the malware detection based on description and permissions. It is non-trivial to automatically analyze privacy policy and perform the cross-verification among these four kinds of software artifacts including, privacy policy, bytecode, description, and permissions. To address these challenging issues, we first propose a novel data flow model for analyzing privacy policy, and then develop a new system, named TAPVerifier, for carrying out investigation of individual software artifacts and conducting the cross-verification. The experimental results show that TAPVerifier can analyze privacy policy with a high accuracy and recall rate. More importantly, integrating privacy policy and bytecode level information can remove up to 59.4 percent false alerts of the state-of-the-art systems, such as AutoCog, CHABADA, etc.-
dc.languageeng-
dc.relation.ispartofIEEE Transactions on Software Engineering-
dc.subjectprivacy policy-
dc.subjectMobile applications-
dc.titleEnhancing the Description-to-Behavior Fidelity in Android Apps with Privacy Policy-
dc.typeArticle-
dc.description.naturelink_to_subscribed_fulltext-
dc.identifier.doi10.1109/TSE.2017.2730198-
dc.identifier.scopuseid_2-s2.0-85028931155-
dc.identifier.volume44-
dc.identifier.issue9-
dc.identifier.spage834-
dc.identifier.epage854-
dc.identifier.eissn1939-3520-
dc.identifier.isiWOS:000444842700002-

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats