SESP '13Pub Date : 2013-05-08DOI: 10.1145/2484417.2484419
Hao Chen
{"title":"Underground economy of android application plagiarism","authors":"Hao Chen","doi":"10.1145/2484417.2484419","DOIUrl":"https://doi.org/10.1145/2484417.2484419","url":null,"abstract":"As Android became the most popular mobile operating system, malicious activities targeting Android and its applications are rising rapidly. While technical approaches may mitigate the attacks with varying effectiveness, understanding the economic incentives of the criminals may shed light on the most effective defense. In this talk, I will focus on application plagiarism on Android markets. First, I will describe the unique characteristics of android applications, the fundamental differences between plagiarism of Android applications and that of non-mobile software, and the relationship between plagiarism and mobile advertising. Next, I will illustrate the challenges in measuring the scale, severity, and impact of Android application plagiarism. To achieve this, we need not only detect plagiarism among the large number of applications on different Android markets but also measure their usage and impact on advertising on a large, live network. I will describe how we correlated plagiarized applications detected through static analysis to their advertising traffic captured on a live network. I will characterize properties of the cloned applications, including their distribution across different markets, application categories, and advertising libraries. To examine how plagiarized applications affect the original developers, I will estimate on the advertising revenue and user base that plagiarized applications have siphoned from the original developers. Finally, I will discuss defenses against application plagiarism.","PeriodicalId":188829,"journal":{"name":"SESP '13","volume":"709 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132982387","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
SESP '13Pub Date : 2013-05-08DOI: 10.1145/2484417.2484421
Takeshi Takahashi, K. Emura, Akira Kanaoka, Shin'ichiro Matsuo, T. Minowa
{"title":"Risk visualization and alerting system: architecture and proof-of-concept implementation","authors":"Takeshi Takahashi, K. Emura, Akira Kanaoka, Shin'ichiro Matsuo, T. Minowa","doi":"10.1145/2484417.2484421","DOIUrl":"https://doi.org/10.1145/2484417.2484421","url":null,"abstract":"The number of computer security incidents is rising in unison with the development of cyber-society. One reason for this is a lack of users' security awareness. The widespread use of mobile devices further complicates this problem. An approach for raising the awareness level is introducing a system that visualizes and issues alerts of security risks end-users. This paper introduces the architecture of such a system. It analyzes information by monitoring the user's end-to-end communication and its related entities, looks up knowledge bases, and provides alerts by directly visualizing risks to the user. One characteristic of this system is its ability to enable customized visualization for each user, which boosts the user's risk awareness and understanding. This paper also introduces the system's proof-of-concept implementation, which demonstrates the architecture's feasibility. Based on the prototype, the paper discusses the direction of further technical development.","PeriodicalId":188829,"journal":{"name":"SESP '13","volume":"97 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123074989","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
SESP '13Pub Date : 2013-05-08DOI: 10.1145/2484417.2484422
Weiliang Luo, Shouhuai Xu, Xuxian Jiang
{"title":"Real-time detection and prevention of android SMS permission abuses","authors":"Weiliang Luo, Shouhuai Xu, Xuxian Jiang","doi":"10.1145/2484417.2484422","DOIUrl":"https://doi.org/10.1145/2484417.2484422","url":null,"abstract":"The Android permission system informs users about the privileges demanded by applications (apps), and in principle allows users to assess potential risks of apps. Unfortunately, recent studies showed that the installation-time permission verification procedure is often ignored, due to users' lack of attention or insufficient understanding of the privileges or the Android permission system. As a consequence, malicious apps are likely granted with security- and privacy-critical permissions, and launch various kinds of attacks without being noticed by the users. In this paper, we present the design, analysis, and implementation of DroidPAD, a novel solution that aims to leverage system-wide state information to detect and block in real-time possible abuses of Android permissions. Especially, with a focus on SMS-related permissions, we have implemented a proof-of-concept prototype. Our evaluation based on 48 representative benign and malicious apps shows that DroidPAD successfully detected SMS permissions-abusing activities with low false-positive rates, and zero false-negative rates.","PeriodicalId":188829,"journal":{"name":"SESP '13","volume":"934 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127023277","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
SESP '13Pub Date : 2013-05-08DOI: 10.1145/2484417.2484423
Xinyi Zhang, Weili Han, Zheran Fang, Yuliang Yin, H. Mustafa
{"title":"Role mining algorithm evaluation and improvement in large volume android applications","authors":"Xinyi Zhang, Weili Han, Zheran Fang, Yuliang Yin, H. Mustafa","doi":"10.1145/2484417.2484423","DOIUrl":"https://doi.org/10.1145/2484417.2484423","url":null,"abstract":"Role mining is a very useful engineering method to help administrators set up the mechanism of role based access control for information systems, but not applied in the Android security framework so far. This paper uses large volume Android applications from the Android Market (Google Play Store now), which include 44,971 applications (subjects), 125 permissions, and 222,734 application-permission assignments (application, permission), to evaluate the effectiveness of five popular role mining algorithms: HM, HPr, HPe, GO, and ORCA. Furthermore, according to the features of Android applications, we propose Mine-Tag, an algorithm that generates tags based on the descriptions of Android applications. These tags can be attached to each mined role to help administrators manage the roles. We set up experiments, evaluate algorithms, and discuss the insights of mining methods in Android applications.","PeriodicalId":188829,"journal":{"name":"SESP '13","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131102263","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
