| Whether the behavior of mobile app is malicious is related to the user's expectation of the app.For example,a map navigation app is reasonable to obtain user location information,but an app that claims just to have calculator functionality gets location information that may be rejected by users.Related work proposed to detect malicious apps by detecting inconsistencies between app descriptions and app behavior.However,third-party libraries are widely used in Android apps.Recent study showed that more than 60%of the code belongs to third-party libraries in Android apps on average,which will greatly impact the detection of abnormal behavior.Therefore,based on Natural Language Processing,machine learning and third-party libraries identification techniques,this article has implemented an improved abnormal behavior detection tool by analyzing the description for Android apps.First,this research analyzes the app description using Natural Language Processing technique,and use K-means++ algorithm and genetic algorithm to cluster apps based on app description and find the optimal number of clusters,then we could obtain the app set of similar description(function).Then,the static analysis is applied to detect the third party libraries and analyze the sensitive behavior of the app.Finally,in a collection of similar description android apps,the apps with abnormal behavior are detected as outlier apps.This paper analyzes more than 276K apps in the Google Play app market,and the experimental results show that the proposed method is effective to detect outlier apps,and the third-party libraries have a great impact on the abnormal behavior detection of Android apps. |
PDF Full Text Request