Abstract
Android has witnessed a substantial growth over the years, in the market share as well as in the number of malwares. In this paper, we proposed a novel approach to detect potentially malicious applications, based on the semantic relatedness between the applications’ descriptions and the apk files. We gathered an application database of 7,570 valid applications for training and testing, finding that about 16.6 % of the tested applications exhibit a lack of relatedness between the apk files and descriptions, due to either inadequate embedded text in apk file, too short a description, unsuited description, or being a malicious application. In additions, there are 4 % of applications unjustly deemed as unrelated. Our study showed that the semantic based approach is applicable in terms of malware detection and in judging the soundness of descriptions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Number of android applications. Technical report, AppBrain (2014)
Research also shows steady and significant drop in number of malicious apps being removed in past three years. Technical report, RiskIQ (2014)
An open-source api for the android market. https://code.google.com/p/android-market-api. Accessed 2014
Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: Pscout: Analyzing the android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 217–228. ACM, New York (2012)
Chau, M., Reith, R., Ubrani, J.: Worldwide quarterly mobile phone tracker. Technical report, International Data Corporation (2014)
Enck, W., Ongtang, M., Mcdaniel, P.D.: On lightweight mobile phone application certification. In: ACM Conference on Computer and Communications Security, pp. 235–245 (2009)
Fang, Z., Han, W., Li, Y.: Permission based android security: issues and countermeasures. Comput. Secur. (COSE) 43, 205–218 (2014)
Fellbaum, C.: WordNet An Electronic Lexical Database (1998)
Gabrilovich, E., Markovitch, S.: Computing semantic relatedness using wikipedia-based explicit semantic analysis. In: International Joint Conference on Artificial Intelligence, pp. 1606–1611 (2007)
Google. android-apktool. https://code.google.com/p/android-apktool. Accessed 2014
Han, W., Fang, Z., Yang, L.T., Pan, G., Wu, Z.: Collaborative policy administration. IEEE Trans. Parallel Distrib. Syst. (TPDS) 25(2), 498–507 (2014)
Jordan, M.I., Jacobs, R.A.: Hierarchical mixtures of experts and the EM algorithm. In: International Symposium on Neural Networks (1993)
Knoth, P., Zilka, L., Zdrahal, Z.: Cross-lingual link discovery in wikipedia using explicit semantic analysis. In: The 9th NTCIR Workshop Meeting, pp. 6–9, Tokyo, Japan, December 2011. Knowledge Media Institute
Porter, M.: An algorithm for suffix stripping. Program-electron. Libr. Inf. Syst. 14, 130–137 (1980)
Pregibon, D.: Logistic regression diagnostics. Ann. Stat. 9, 705–724 (1981)
Qu, Z., Rastogi, V., Zhang, X., Chen, Y., Zhu, T., Chen, Z.: AutoCog: measuring the description-to-permission fidelity in android applications. In: ACM Conference on Computer and Communications Security (2014)
Zhang, X., Han, W., Fang, Z., Yin, Y., Mustafa, H.: Role mining algorithm evaluation and improvement in large volume android applications. In: Proceedings of the First International Workshop on Security in embedded systems and smartphones (SESP 2013), conjunction with ASIACCS 2013 (2013)
Acknowledgement
This paper is supported by 12th Five-Year National Development Foundation for Cryptography (MMJJ201301008), Key Lab of Information Network Security, Ministry of Public Security (C13612), Natural Science Foundation of Shanghai (12ZR1402600). We thanks anonymous reviewers for their comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Han, W., Wang, W., Zhang, X., Peng, W., Fang, Z. (2015). APP Vetting Based on the Consistency of Description and APK. In: Yung, M., Zhu, L., Yang, Y. (eds) Trusted Systems. INTRUST 2014. Lecture Notes in Computer Science(), vol 9473. Springer, Cham. https://doi.org/10.1007/978-3-319-27998-5_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-27998-5_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27997-8
Online ISBN: 978-3-319-27998-5
eBook Packages: Computer ScienceComputer Science (R0)