透過您的圖書館登入
IP:44.223.31.148
  • 學位論文

Risk Assessment and User Attention on Android Permissions

一個在Android權限架構上的風險評估機制

指導教授 : 孫宏民
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。

摘要


The install time permission system of android is designed to get users informed of the domain of access for a specific application and perhaps the risks associated with it. However this comes with some drawbacks as far as ordinary users are concerned. It is an “all or nothing” system in which users are left with no choice but to discard applications once they are not satisfied with even a single permission among the list. Furthermore, users may also lack the ability to understand each of those permissions listed making it hard to distinguish malwares and clean applications. In this work I have carried out a comprehensive risk assessment for android permissions and applications by using statistical approaches on the patterns of permission requests from both clean and malware android applications. The result proved efficient for ranking risk levels of user applications. From a data set of 10256 applications of which 5100 were malware samples, I carried out an intuitive statistical analysis coupled with a classification technique in order to generate risk scores for android applications based on permission request patterns and market characteristics. The resulting system was able to accurately classify 66.6 percent of randomly selected samples from the data set. As a prove of concept, I developed a basic android application that can be able to show the risk ranking of user applications based on my approach. The results prove to be useful as a first hand determination of trust of applications in environments such as third party android markets. It can also be used for fishing out over privileged user applications.

關鍵字

Android Data Analysis Google Permissions Risk Runtime

參考文獻


[14] William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon
Reza Sadeghi. Xmandroid: A new android evolution to mitigate privilege escalation
[16] Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer and Ahmad-
[23] Michael Grace, Yajin Zhou, Qiang Zhang, Shihong Zou and Xuxian Jiang.
[21] Yang Wang, Jun Zheng, Chen Sun, and Srinivas Mukkamala. Quantitative

延伸閱讀