将Android代码气味整合到Java静态代码度量中用于Android应用程序的安全风险预测

2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2020-12-01 DOI:10.1109/QRS51102.2020.00017

Ai Gong, Yi Zhong, W. Zou, Yangyang Shi, Chunrong Fang

{"title":"将Android代码气味整合到Java静态代码度量中用于Android应用程序的安全风险预测","authors":"Ai Gong, Yi Zhong, W. Zou, Yangyang Shi, Chunrong Fang","doi":"10.1109/QRS51102.2020.00017","DOIUrl":null,"url":null,"abstract":"With the wide-spread use of Android applications in people’s daily life, it becomes more and more important to timely identify the security problems of these applications. To enrich existing studies in guarding the security and privacy of Android applications, we attempted to predict the security risk levels of Android applications. Specifically, we proposed an approach that incorporated Android code smells into traditional Java code metrics to predict how secure an Android application is. With an evaluation of our technique on 3,680 Android applications, we found that: (1) Android code smells could help improve the performance of security risk prediction of Android applications; (2) By building a Random Forest model based on Android code smells and Java code metrics, we could achieve an Area Under Curve (AUC) of 0.97; (3) Android code smells such as member ignoring method (MIM) and leaking inner class (LIC) have a relatively-large influence on Android security risk prediction, to which developers should pay more attention during their application development.","PeriodicalId":301814,"journal":{"name":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Incorporating Android Code Smells into Java Static Code Metrics for Security Risk Prediction of Android Applications\",\"authors\":\"Ai Gong, Yi Zhong, W. Zou, Yangyang Shi, Chunrong Fang\",\"doi\":\"10.1109/QRS51102.2020.00017\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the wide-spread use of Android applications in people’s daily life, it becomes more and more important to timely identify the security problems of these applications. To enrich existing studies in guarding the security and privacy of Android applications, we attempted to predict the security risk levels of Android applications. Specifically, we proposed an approach that incorporated Android code smells into traditional Java code metrics to predict how secure an Android application is. With an evaluation of our technique on 3,680 Android applications, we found that: (1) Android code smells could help improve the performance of security risk prediction of Android applications; (2) By building a Random Forest model based on Android code smells and Java code metrics, we could achieve an Area Under Curve (AUC) of 0.97; (3) Android code smells such as member ignoring method (MIM) and leaking inner class (LIC) have a relatively-large influence on Android security risk prediction, to which developers should pay more attention during their application development.\",\"PeriodicalId\":301814,\"journal\":{\"name\":\"2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS)\",\"volume\":\"26 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/QRS51102.2020.00017\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QRS51102.2020.00017","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

随着Android应用在人们日常生活中的广泛使用，及时识别这些应用的安全问题变得越来越重要。为了丰富现有Android应用安全与隐私保护方面的研究，我们尝试对Android应用的安全风险级别进行预测。具体来说，我们提出了一种方法，将Android代码气味整合到传统的Java代码度量中，以预测Android应用程序的安全性。通过对3680个Android应用程序的评估，我们发现:(1)Android代码气味可以帮助提高Android应用程序的安全风险预测性能;(2)通过构建基于Android代码气味和Java代码指标的随机森林模型，我们可以实现0.97的曲线下面积(Area Under Curve, AUC);(3)成员忽略方法(member ignoring method, MIM)和泄漏内部类(leak inner class, LIC)等Android代码气味对Android安全风险预测影响较大，开发者在应用开发过程中应多加注意。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Incorporating Android Code Smells into Java Static Code Metrics for Security Risk Prediction of Android Applications

With the wide-spread use of Android applications in people’s daily life, it becomes more and more important to timely identify the security problems of these applications. To enrich existing studies in guarding the security and privacy of Android applications, we attempted to predict the security risk levels of Android applications. Specifically, we proposed an approach that incorporated Android code smells into traditional Java code metrics to predict how secure an Android application is. With an evaluation of our technique on 3,680 Android applications, we found that: (1) Android code smells could help improve the performance of security risk prediction of Android applications; (2) By building a Random Forest model based on Android code smells and Java code metrics, we could achieve an Area Under Curve (AUC) of 0.97; (3) Android code smells such as member ignoring method (MIM) and leaking inner class (LIC) have a relatively-large influence on Android security risk prediction, to which developers should pay more attention during their application development.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS)

自引率

0.00%

发文量