TY - JOUR
T1 - Semantics-Aware Privacy Risk Assessment Using Self-Learning Weight Assignment for Mobile Apps
AU - Chen, Jing
AU - Wang, Chiheng
AU - He, Kun
AU - Zhao, Ziming
AU - Chen, Min
AU - Du, Ruiying
AU - Ahn, Gail-Joon
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2021/1/1
Y1 - 2021/1/1
N2 - Most of the existing mobile application (app) vetting mechanisms only estimate risks at a coarse-grained level by analyzing app syntax but not semantics. We propose a semantics-aware privacy risk assessment framework (SPRisk), which considers the sensitivity discrepancy of privacy-related factors at semantic level. Our framework can provide qualitative (i.e., risk level) and quantitative (i.e., risk score) assessment results, both of which help users make decisions to install an app or not. Furthermore, to find the reasonable weight distribution of each factor automatically, we exploit a self-learning weight assignment method, which is based on fuzzy clustering and knowledge dependency theory. We implement a prototype system and evaluate the effectiveness of SPRisk with 192,445 normal apps and 7,111 malicious apps. A measurement study further reveals some interesting findings, such as the privacy risk distribution of Google Play Store, the diversity of official and unofficial marketplaces, which provide insights into understanding the seriousness of privacy threat in the Android ecosystem.
AB - Most of the existing mobile application (app) vetting mechanisms only estimate risks at a coarse-grained level by analyzing app syntax but not semantics. We propose a semantics-aware privacy risk assessment framework (SPRisk), which considers the sensitivity discrepancy of privacy-related factors at semantic level. Our framework can provide qualitative (i.e., risk level) and quantitative (i.e., risk score) assessment results, both of which help users make decisions to install an app or not. Furthermore, to find the reasonable weight distribution of each factor automatically, we exploit a self-learning weight assignment method, which is based on fuzzy clustering and knowledge dependency theory. We implement a prototype system and evaluate the effectiveness of SPRisk with 192,445 normal apps and 7,111 malicious apps. A measurement study further reveals some interesting findings, such as the privacy risk distribution of Google Play Store, the diversity of official and unofficial marketplaces, which provide insights into understanding the seriousness of privacy threat in the Android ecosystem.
KW - Android
KW - privacy risk assessment
KW - self-learning weight assignment
KW - semantics-aware
UR - http://www.scopus.com/inward/record.url?scp=85054372886&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85054372886&partnerID=8YFLogxK
U2 - 10.1109/TDSC.2018.2871682
DO - 10.1109/TDSC.2018.2871682
M3 - Article
AN - SCOPUS:85054372886
SN - 1545-5971
VL - 18
SP - 15
EP - 29
JO - IEEE Transactions on Dependable and Secure Computing
JF - IEEE Transactions on Dependable and Secure Computing
IS - 1
M1 - 8470120
ER -