一种基于权限模型的Android应用安全评估方法

2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems Pub Date : 2012-10-01 DOI:10.1109/CCIS.2012.6664265

Danyang Jiang, Xiangling Fu, Maoqiang Song, Yidong Cui

{"title":"一种基于权限模型的Android应用安全评估方法","authors":"Danyang Jiang, Xiangling Fu, Maoqiang Song, Yidong Cui","doi":"10.1109/CCIS.2012.6664265","DOIUrl":null,"url":null,"abstract":"Permission-based security model of Android restricts applications to access specific resources, but malicious applications can invade more easily in such user-centric pattern. Through the analysis of the Android Permission-based security model and the permission features of Android applications, we establish the permission model to quantify the functional characteristics of the application, and then provide an assessment method in which we use the network visualization techniques and clustering algorithm to determine whether the testing application is potentially malicious application or not so as to help users choose applications before installation. We test the assessment method on 873 applications available online and do the statistic and analysis of the results to find that this method can do efforts in finding potentially malicious applications.","PeriodicalId":392558,"journal":{"name":"2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems","volume":"118 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"A security assessment method for Android applications based on permission model\",\"authors\":\"Danyang Jiang, Xiangling Fu, Maoqiang Song, Yidong Cui\",\"doi\":\"10.1109/CCIS.2012.6664265\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Permission-based security model of Android restricts applications to access specific resources, but malicious applications can invade more easily in such user-centric pattern. Through the analysis of the Android Permission-based security model and the permission features of Android applications, we establish the permission model to quantify the functional characteristics of the application, and then provide an assessment method in which we use the network visualization techniques and clustering algorithm to determine whether the testing application is potentially malicious application or not so as to help users choose applications before installation. We test the assessment method on 873 applications available online and do the statistic and analysis of the results to find that this method can do efforts in finding potentially malicious applications.\",\"PeriodicalId\":392558,\"journal\":{\"name\":\"2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems\",\"volume\":\"118 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCIS.2012.6664265\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCIS.2012.6664265","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

Android基于权限的安全模式限制了应用程序对特定资源的访问，但在这种以用户为中心的模式下，恶意应用程序更容易入侵。通过分析基于Android permission的安全模型和Android应用的权限特征，建立权限模型，量化应用的功能特征，并给出一种评估方法，利用网络可视化技术和聚类算法来判断测试应用是否存在潜在的恶意应用，从而帮助用户在安装前选择应用。我们对873个在线应用程序进行了测试，并对结果进行了统计和分析，发现该方法可以有效地发现潜在的恶意应用程序。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A security assessment method for Android applications based on permission model

Permission-based security model of Android restricts applications to access specific resources, but malicious applications can invade more easily in such user-centric pattern. Through the analysis of the Android Permission-based security model and the permission features of Android applications, we establish the permission model to quantify the functional characteristics of the application, and then provide an assessment method in which we use the network visualization techniques and clustering algorithm to determine whether the testing application is potentially malicious application or not so as to help users choose applications before installation. We test the assessment method on 873 applications available online and do the statistic and analysis of the results to find that this method can do efforts in finding potentially malicious applications.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems

自引率

0.00%

发文量