A User-Oriented Evaluation Mechanism for Mobile Applications Security Based on Behavior Relevance

2022 3rd Information Communication Technologies Conference (ICTC) Pub Date : 2022-05-06 DOI:10.1109/ictc55111.2022.9778330

Guangye Shi, Qing Zhou, Tao Li, Yuan Feng, Menglin Liu

{"title":"A User-Oriented Evaluation Mechanism for Mobile Applications Security Based on Behavior Relevance","authors":"Guangye Shi, Qing Zhou, Tao Li, Yuan Feng, Menglin Liu","doi":"10.1109/ictc55111.2022.9778330","DOIUrl":null,"url":null,"abstract":"Due to Weak comprehensiveness, insufficient static detection, and failure to consider user’s subjective factors exist in the traditional mobile application security detection. We propose a comprehensive mechanism for application security evaluation based on software behaviour relevancy and user tolerance. This mechanism integrates static analysis, dynamic analysis, and user evaluation, analyzes whether declaration permissions and API calls meet its functional requirements. User-Oriented Mechanism, which incorporates behavioural relevancy, compensates for the coarse-grained static detection and the inefficiency of dynamic monitoring and provides users with a safety reference for mobile applications. The user’s tolerance for the application’s behaviour is introduced in the evaluation phase. The experiments show that the detection framework can detect applications quickly and shallow false positive rate. The evaluation model can reflect users’ expectations, effectively making up for the limitations of existing detection dimensions.","PeriodicalId":123022,"journal":{"name":"2022 3rd Information Communication Technologies Conference (ICTC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-05-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 3rd Information Communication Technologies Conference (ICTC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ictc55111.2022.9778330","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Due to Weak comprehensiveness, insufficient static detection, and failure to consider user’s subjective factors exist in the traditional mobile application security detection. We propose a comprehensive mechanism for application security evaluation based on software behaviour relevancy and user tolerance. This mechanism integrates static analysis, dynamic analysis, and user evaluation, analyzes whether declaration permissions and API calls meet its functional requirements. User-Oriented Mechanism, which incorporates behavioural relevancy, compensates for the coarse-grained static detection and the inefficiency of dynamic monitoring and provides users with a safety reference for mobile applications. The user’s tolerance for the application’s behaviour is introduced in the evaluation phase. The experiments show that the detection framework can detect applications quickly and shallow false positive rate. The evaluation model can reflect users’ expectations, effectively making up for the limitations of existing detection dimensions.

查看原文本刊更多论文

基于行为相关性的面向用户的移动应用安全评估机制

传统的移动应用安全检测存在全面性弱、静态检测不足、未考虑用户主观因素等问题。我们提出了一种基于软件行为相关性和用户容忍度的综合应用安全评估机制。该机制集静态分析、动态分析和用户评估于一体，分析声明权限和API调用是否满足其功能需求。以用户为导向的机制，结合了行为相关性，弥补了静态检测的粗粒度和动态监控的低效率，为用户提供了移动应用的安全参考。用户对应用程序行为的容忍度在评估阶段引入。实验表明，该检测框架能够快速检测出应用程序的误报率较低。评价模型能够反映用户的期望，有效弥补了现有检测维度的局限性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 3rd Information Communication Technologies Conference (ICTC)

自引率

0.00%

发文量