Risk assessment of mobile applications based on machine learned malware dataset

Hyunki Kim; Taejoo Cho; Gail-Joon Ahn; Jeong Hyun Yi

doi:10.1007/s11042-017-4756-0

Risk assessment of mobile applications based on machine learned malware dataset

Hyunki Kim, Taejoo Cho, Gail-Joon Ahn, Jeong Hyun Yi

Research output: Contribution to journal › Article › peer-review

19 Scopus citations

Abstract

With the expected development of the Internet of Things, in which all devices will be connected, mobile devices will play a greater role in providing personalized services and will store larger amounts of personal information. However, the number of malicious applications is also increasing, with the aim being to steal user personal information. Furthermore, given the open-market policies of Android and the distribution structure of the Google Play store, any application developer can readily distribute such applications. On the other hand, end users cannot easily determine whether an application is malicious or not. Therefore, we propose an Android application package (APK) Vulnerability Identification System (AVIS) that can identify malicious applications in advance using the Naïve Bayes classification scheme. To achieve this goal, AVIS builds a dataset by downloading sample applications and extracting their framework methods. To verify the accuracy of AVIS, we analyze sample applications. The APK vulnerability score determined by AVIS is expected to be used as a core metric for quantitatively evaluating the vulnerability of mobile applications.

Original language	English (US)
Pages (from-to)	5027-5042
Number of pages	16
Journal	Multimedia Tools and Applications
Volume	77
Issue number	4
DOIs	https://doi.org/10.1007/s11042-017-4756-0
State	Published - Feb 1 2018

Keywords

Machine learning
Malware analysis
Mobile security

ASJC Scopus subject areas

Software
Media Technology
Hardware and Architecture
Computer Networks and Communications

Access to Document

10.1007/s11042-017-4756-0

Cite this

@article{b277846e461d4fc1ab309b7ca0d68cf9,

title = "Risk assessment of mobile applications based on machine learned malware dataset",

abstract = "With the expected development of the Internet of Things, in which all devices will be connected, mobile devices will play a greater role in providing personalized services and will store larger amounts of personal information. However, the number of malicious applications is also increasing, with the aim being to steal user personal information. Furthermore, given the open-market policies of Android and the distribution structure of the Google Play store, any application developer can readily distribute such applications. On the other hand, end users cannot easily determine whether an application is malicious or not. Therefore, we propose an Android application package (APK) Vulnerability Identification System (AVIS) that can identify malicious applications in advance using the Na{\"i}ve Bayes classification scheme. To achieve this goal, AVIS builds a dataset by downloading sample applications and extracting their framework methods. To verify the accuracy of AVIS, we analyze sample applications. The APK vulnerability score determined by AVIS is expected to be used as a core metric for quantitatively evaluating the vulnerability of mobile applications.",

keywords = "Machine learning, Malware analysis, Mobile security",

author = "Hyunki Kim and Taejoo Cho and Gail-Joon Ahn and {Hyun Yi}, Jeong",

note = "Funding Information: Acknowledgements This research was supported in part by the Global Research Laboratory (GRL) program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT, and Future Planning (NRF-2014K1A1A2043029), and in part by Next-Generation Information Computing Development Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Science, ICT & Future Planning (NRF-2014M3C4A7030649). Publisher Copyright: {\textcopyright} 2017, Springer Science+Business Media New York.",

year = "2018",

month = feb,

day = "1",

doi = "10.1007/s11042-017-4756-0",

language = "English (US)",

volume = "77",

pages = "5027--5042",

journal = "Multimedia Tools and Applications",

issn = "1380-7501",

publisher = "Springer Netherlands",

number = "4",

}

TY - JOUR

T1 - Risk assessment of mobile applications based on machine learned malware dataset

AU - Kim, Hyunki

AU - Cho, Taejoo

AU - Ahn, Gail-Joon

AU - Hyun Yi, Jeong

N1 - Funding Information: Acknowledgements This research was supported in part by the Global Research Laboratory (GRL) program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT, and Future Planning (NRF-2014K1A1A2043029), and in part by Next-Generation Information Computing Development Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Science, ICT & Future Planning (NRF-2014M3C4A7030649). Publisher Copyright: © 2017, Springer Science+Business Media New York.

PY - 2018/2/1

Y1 - 2018/2/1

N2 - With the expected development of the Internet of Things, in which all devices will be connected, mobile devices will play a greater role in providing personalized services and will store larger amounts of personal information. However, the number of malicious applications is also increasing, with the aim being to steal user personal information. Furthermore, given the open-market policies of Android and the distribution structure of the Google Play store, any application developer can readily distribute such applications. On the other hand, end users cannot easily determine whether an application is malicious or not. Therefore, we propose an Android application package (APK) Vulnerability Identification System (AVIS) that can identify malicious applications in advance using the Naïve Bayes classification scheme. To achieve this goal, AVIS builds a dataset by downloading sample applications and extracting their framework methods. To verify the accuracy of AVIS, we analyze sample applications. The APK vulnerability score determined by AVIS is expected to be used as a core metric for quantitatively evaluating the vulnerability of mobile applications.

AB - With the expected development of the Internet of Things, in which all devices will be connected, mobile devices will play a greater role in providing personalized services and will store larger amounts of personal information. However, the number of malicious applications is also increasing, with the aim being to steal user personal information. Furthermore, given the open-market policies of Android and the distribution structure of the Google Play store, any application developer can readily distribute such applications. On the other hand, end users cannot easily determine whether an application is malicious or not. Therefore, we propose an Android application package (APK) Vulnerability Identification System (AVIS) that can identify malicious applications in advance using the Naïve Bayes classification scheme. To achieve this goal, AVIS builds a dataset by downloading sample applications and extracting their framework methods. To verify the accuracy of AVIS, we analyze sample applications. The APK vulnerability score determined by AVIS is expected to be used as a core metric for quantitatively evaluating the vulnerability of mobile applications.

KW - Machine learning

KW - Malware analysis

KW - Mobile security

UR - http://www.scopus.com/inward/record.url?scp=85018771743&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85018771743&partnerID=8YFLogxK

U2 - 10.1007/s11042-017-4756-0

DO - 10.1007/s11042-017-4756-0

M3 - Article

AN - SCOPUS:85018771743

SN - 1380-7501

VL - 77

SP - 5027

EP - 5042

JO - Multimedia Tools and Applications

JF - Multimedia Tools and Applications

IS - 4

ER -

Risk assessment of mobile applications based on machine learned malware dataset

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this