| In order to protect Android mobile device,Google has developed the permission system to implement security mechanism.However,permission false request and over-privilege result in mismatching between functionary and permission,bring potential risk to users.To solve the problem,this paper uses a large number of real Apps on Google Play,analyzes the relationship between function and permission,and proposes a risk evaluation method for Android application(App).This method combines Latent Dirichlet Allocation and collaborative filtering,uses a two-phase skewness-based filtering strategy to create the relationship between App's functionality and permission,build the mapping model and recommend reasonable permission configuration for the given App.Furthermore,based on the difference between the malicious Apps and popular Apps,we design risk evaluation model to detect the high risk permissions and evaluate the risk for the given App.The experiments based on 23000 Apps from Google Play shows that comparing with the state-of-the-art,our approach can effectively remove the abnormal applications and permissions,identify risk permissions.In summary,this paper presents a risk evaluation method based on the relationship between function and permission.It can be used to improve code specification for Android developer.Also,when a user is installing an App,it can recommend reasonable permission configuration in real time and reduce the risk of over-privilege. |
PDF Full Text Request