Abstract

Most of the existing app vetting mechanisms only estimate risks at a coarse-grained level by analyzing apps syntax but not semantics. We propose a semantics-aware privacy risk assessment framework (SPRisk), which considers the sensitivity discrepancy of privacy-related factors at semantic level. Our framework can provide qualitative (i.e., risk level) and quantitative (i.e., risk score) assessment results, both of which help users make decisions to install an app or not. Furthermore, to find the reasonable weight distribution of each factor automatically, we exploit a self-learning weight assignment method, which is based on fuzzy clustering and knowledge dependency theory. We implement a prototype system and evaluate the effectiveness of SPRisk with 192,445 normal apps and 7,111 malicious apps. A measurement study further reveals some interesting findings, such as the privacy risk distribution of Google Play Store, the diversity of official and unofficial marketplaces, which provide insights into understanding the seriousness of privacy threat in the Android ecosystem.

Original languageEnglish (US)
JournalIEEE Transactions on Dependable and Secure Computing
DOIs
StateAccepted/In press - Jan 1 2018

Fingerprint

Application programs
Risk assessment
Semantics
Fuzzy clustering
Ecosystems

Keywords

  • Android
  • Androids
  • Data privacy
  • Humanoid robots
  • Privacy
  • Privacy Risk Assessment
  • Risk management
  • Self-learning Weight Assignment
  • Semantics
  • Semantics-aware
  • Sensitivity

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Cite this

Semantics-Aware Privacy Risk Assessment Using Self-Learning Weight Assignment for Mobile Apps. / Chen, Jing; Wang, Chiheng; He, Kun; Zhao, Ziming; Chen, Min; Du, Ruiying; Ahn, Gail-Joon.

In: IEEE Transactions on Dependable and Secure Computing, 01.01.2018.

Research output: Contribution to journalArticle

@article{680d0dcb9c1047118bb2ea7238db316b,
title = "Semantics-Aware Privacy Risk Assessment Using Self-Learning Weight Assignment for Mobile Apps",
abstract = "Most of the existing app vetting mechanisms only estimate risks at a coarse-grained level by analyzing apps syntax but not semantics. We propose a semantics-aware privacy risk assessment framework (SPRisk), which considers the sensitivity discrepancy of privacy-related factors at semantic level. Our framework can provide qualitative (i.e., risk level) and quantitative (i.e., risk score) assessment results, both of which help users make decisions to install an app or not. Furthermore, to find the reasonable weight distribution of each factor automatically, we exploit a self-learning weight assignment method, which is based on fuzzy clustering and knowledge dependency theory. We implement a prototype system and evaluate the effectiveness of SPRisk with 192,445 normal apps and 7,111 malicious apps. A measurement study further reveals some interesting findings, such as the privacy risk distribution of Google Play Store, the diversity of official and unofficial marketplaces, which provide insights into understanding the seriousness of privacy threat in the Android ecosystem.",
keywords = "Android, Androids, Data privacy, Humanoid robots, Privacy, Privacy Risk Assessment, Risk management, Self-learning Weight Assignment, Semantics, Semantics-aware, Sensitivity",
author = "Jing Chen and Chiheng Wang and Kun He and Ziming Zhao and Min Chen and Ruiying Du and Gail-Joon Ahn",
year = "2018",
month = "1",
day = "1",
doi = "10.1109/TDSC.2018.2871682",
language = "English (US)",
journal = "IEEE Transactions on Dependable and Secure Computing",
issn = "1545-5971",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Semantics-Aware Privacy Risk Assessment Using Self-Learning Weight Assignment for Mobile Apps

AU - Chen, Jing

AU - Wang, Chiheng

AU - He, Kun

AU - Zhao, Ziming

AU - Chen, Min

AU - Du, Ruiying

AU - Ahn, Gail-Joon

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Most of the existing app vetting mechanisms only estimate risks at a coarse-grained level by analyzing apps syntax but not semantics. We propose a semantics-aware privacy risk assessment framework (SPRisk), which considers the sensitivity discrepancy of privacy-related factors at semantic level. Our framework can provide qualitative (i.e., risk level) and quantitative (i.e., risk score) assessment results, both of which help users make decisions to install an app or not. Furthermore, to find the reasonable weight distribution of each factor automatically, we exploit a self-learning weight assignment method, which is based on fuzzy clustering and knowledge dependency theory. We implement a prototype system and evaluate the effectiveness of SPRisk with 192,445 normal apps and 7,111 malicious apps. A measurement study further reveals some interesting findings, such as the privacy risk distribution of Google Play Store, the diversity of official and unofficial marketplaces, which provide insights into understanding the seriousness of privacy threat in the Android ecosystem.

AB - Most of the existing app vetting mechanisms only estimate risks at a coarse-grained level by analyzing apps syntax but not semantics. We propose a semantics-aware privacy risk assessment framework (SPRisk), which considers the sensitivity discrepancy of privacy-related factors at semantic level. Our framework can provide qualitative (i.e., risk level) and quantitative (i.e., risk score) assessment results, both of which help users make decisions to install an app or not. Furthermore, to find the reasonable weight distribution of each factor automatically, we exploit a self-learning weight assignment method, which is based on fuzzy clustering and knowledge dependency theory. We implement a prototype system and evaluate the effectiveness of SPRisk with 192,445 normal apps and 7,111 malicious apps. A measurement study further reveals some interesting findings, such as the privacy risk distribution of Google Play Store, the diversity of official and unofficial marketplaces, which provide insights into understanding the seriousness of privacy threat in the Android ecosystem.

KW - Android

KW - Androids

KW - Data privacy

KW - Humanoid robots

KW - Privacy

KW - Privacy Risk Assessment

KW - Risk management

KW - Self-learning Weight Assignment

KW - Semantics

KW - Semantics-aware

KW - Sensitivity

UR - http://www.scopus.com/inward/record.url?scp=85054372886&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85054372886&partnerID=8YFLogxK

U2 - 10.1109/TDSC.2018.2871682

DO - 10.1109/TDSC.2018.2871682

M3 - Article

AN - SCOPUS:85054372886

JO - IEEE Transactions on Dependable and Secure Computing

JF - IEEE Transactions on Dependable and Secure Computing

SN - 1545-5971

ER -