Research On Security Detection And Risk Assessment For Android Application

The development and popularity of mobile devices have brought many personalized services for end users.Nowadays,a variety of mobile devices have been used all the time,and a variety of mobile applications(apps)have changed the daily lives of users.For example,users can enjoy takeaway service without leaving their home,buy goods without taking cash,share interesting moments with friends every time.In the context of global informationization,users can access any services and information anytime and anywhere.With the help of these personalized services,the development of mobile devices are entering into the high-speed channel.However,the development of mobile devices also causes the attention of criminals,and mobile devices have becoming the most valuable target for attackers.Specifically,among all the attack surfaces of mobile device,Android application is the most impor-tant and serious one.During the widely used of Android applications,a lot of security problems have been exposured,such as malware,data leakage,and payment security.In this paper,we mainly focus on the malware detection and privacy risk assessment.By analyzing the security problem of Android applications,we have proposed several detection and protection solutions,and hope these solutions can help farther research.Firstly,according to the behavior characteristics of Android ransomware,we have proposed a ransomware detection system based on evidence chain generation,called RansomGuard.To satisfy the requirement of light-weight,RansomGuard utilizes in-ductive learning with modular classification rules to identify ransomware sample.Specif-ically,we have managed to collect 2721 ransomware samples,and extracted six features of them,including lock screen,encrypt file,permission,threaten text,payment,and network communication.To help general users understand the detection result,we also design an evidence chain generation method by utilizing the Nature Language Genera-tion technique.The generated evidence can describe all the security-related information we have collected,and give the reason why RansomGuard alerts it as a ransomware-like application.Secondly,according to the specific characteristics of encryption ransomware,we have proposed a novel real-time detection system,called RansomProber.The basic intuition is that benign app will remind the user before performing sensitive behaviors,while ransomware must hide itself by running in the background or displaying fraud-ulent interfaces.This motivates our work on the automatic user-intent analysis of file encrypting.Specifically,we have extracted three UI indicators,including File List,Hint Text and Button.By analyzing the UI widgets of related activities and the coor-dinates of user's finger movements,RansomProber can infer whether the file encryption operations are initiated by users.Thirdly,for the privacy leakage problem of benign apps and malicious apps,we have proposed a semantics-aware privacy risk assessment framework,called SPRisk.SPRisk considers the sensitivity discrepancy of privacy-related factors at semantic level,includ-ing Source,Sink,UI_Invoke,State_Change,Permission,and Third_Party Library.SPRisk can provide qualitative and quantitative assessment results,which shows the privacy risk in the format of risk level and risk score.For an app,the risk level presents a coarse-grained division,and the risk score indicates how risky the app is in a fine-grained view.Furthermore,to find the reasonable weight distribution of each factor automatically,we exploit a self-learning weight assignment method,which is based on fuzzy clustering and knowledge dependency theory.