Android Market Analysis with Activation Patterns

Peter Teufl; Stefan Kraxberger; Clemens Orthacker; Günther Lackner; Michael Gissing; Alexander Marsalek; Johannes Leibetseder; Oliver Prevenhueber

doi:10.1007/978-3-642-30244-2_1

Android Market Analysis with Activation Patterns

Peter Teufl^*, Stefan Kraxberger, Clemens Orthacker, Günther Lackner, Michael Gissing, Alexander Marsalek, Johannes Leibetseder, Oliver Prevenhueber

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference paper

Abstract

The increasing market share of the Android platform is partly caused by a growing number of applications (apps) available on the Android market: by now (January 2011) roughly 200.000. This popularity in combination with the lax market approval process attracts the injection of malicious apps into the market. Android features a fine-grained permission system allowing the user to review the permissions an app requests and grant or deny access to resources prior to installation. In this paper, we extract these security permissions along other metadata of 130.211 apps and apply a new analysis method called Activation Patterns. Thereby, we are able to gain a new understanding of the apps through extracting knowledge about security permissions, their relations and possible anomalies, executing semantic search queries, finding relations between the description and the employed security permissions, or identifying clusters of similar apps. The paper describes the employed method and highlights its benefits in several analysis examples - e.g. screening the market for possible malicious apps that should be further investigated.

Original language	English
Title of host publication	Security and Privacy in Mobile Information and Communication Systems - Third International ICST Conference, MobiSec 2011, Revised Selected Papers
Pages	1-12
Number of pages	12
DOIs	https://doi.org/10.1007/978-3-642-30244-2_1
Publication status	Published - 9 Jul 2012
Event	3rd ICST Conference on Security and Privacy for Mobile Information and Communication Systems, MobiSec 2011 - Aalborg, Denmark Duration: 17 May 2011 → 19 May 2011

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering
Volume	94 LNICST
ISSN (Print)	1867-8211

Conference

Conference	3rd ICST Conference on Security and Privacy for Mobile Information and Communication Systems, MobiSec 2011
Country	Denmark
City	Aalborg
Period	17/05/11 → 19/05/11

Keywords

Activation Patterns
Android Malware
Android Market
Anomaly Detection
Machine Learning
Security Permissions
Semantic Search
Unsupervised Clustering

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1007/978-3-642-30244-2_1

Link to publication in Scopus

Fingerprint Dive into the research topics of 'Android Market Analysis with Activation Patterns'. Together they form a unique fingerprint.

Cite this

Teufl, P., Kraxberger, S., Orthacker, C., Lackner, G., Gissing, M., Marsalek, A., Leibetseder, J., & Prevenhueber, O. (2012). Android Market Analysis with Activation Patterns. In Security and Privacy in Mobile Information and Communication Systems - Third International ICST Conference, MobiSec 2011, Revised Selected Papers (pp. 1-12). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering; Vol. 94 LNICST). https://doi.org/10.1007/978-3-642-30244-2_1

Android Market Analysis with Activation Patterns. / Teufl, Peter; Kraxberger, Stefan; Orthacker, Clemens; Lackner, Günther; Gissing, Michael; Marsalek, Alexander ; Leibetseder, Johannes; Prevenhueber, Oliver.

Security and Privacy in Mobile Information and Communication Systems - Third International ICST Conference, MobiSec 2011, Revised Selected Papers. 2012. p. 1-12 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering; Vol. 94 LNICST).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper

Teufl, P, Kraxberger, S, Orthacker, C, Lackner, G, Gissing, M, Marsalek, A , Leibetseder, J & Prevenhueber, O 2012, Android Market Analysis with Activation Patterns. in Security and Privacy in Mobile Information and Communication Systems - Third International ICST Conference, MobiSec 2011, Revised Selected Papers. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, vol. 94 LNICST, pp. 1-12, 3rd ICST Conference on Security and Privacy for Mobile Information and Communication Systems, MobiSec 2011, Aalborg, Denmark, 17/05/11. https://doi.org/10.1007/978-3-642-30244-2_1

Teufl P, Kraxberger S, Orthacker C, Lackner G, Gissing M, Marsalek A et al. Android Market Analysis with Activation Patterns. In Security and Privacy in Mobile Information and Communication Systems - Third International ICST Conference, MobiSec 2011, Revised Selected Papers. 2012. p. 1-12. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering). https://doi.org/10.1007/978-3-642-30244-2_1

Teufl, Peter ; Kraxberger, Stefan ; Orthacker, Clemens ; Lackner, Günther ; Gissing, Michael ; Marsalek, Alexander ; Leibetseder, Johannes ; Prevenhueber, Oliver. / Android Market Analysis with Activation Patterns. Security and Privacy in Mobile Information and Communication Systems - Third International ICST Conference, MobiSec 2011, Revised Selected Papers. 2012. pp. 1-12 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering).

@inproceedings{8b0ad1b59caf4672b56b34a1d0d50685,

title = "Android Market Analysis with Activation Patterns",

abstract = "The increasing market share of the Android platform is partly caused by a growing number of applications (apps) available on the Android market: by now (January 2011) roughly 200.000. This popularity in combination with the lax market approval process attracts the injection of malicious apps into the market. Android features a fine-grained permission system allowing the user to review the permissions an app requests and grant or deny access to resources prior to installation. In this paper, we extract these security permissions along other metadata of 130.211 apps and apply a new analysis method called Activation Patterns. Thereby, we are able to gain a new understanding of the apps through extracting knowledge about security permissions, their relations and possible anomalies, executing semantic search queries, finding relations between the description and the employed security permissions, or identifying clusters of similar apps. The paper describes the employed method and highlights its benefits in several analysis examples - e.g. screening the market for possible malicious apps that should be further investigated.",

keywords = "Activation Patterns, Android Malware, Android Market, Anomaly Detection, Machine Learning, Security Permissions, Semantic Search, Unsupervised Clustering",

author = "Peter Teufl and Stefan Kraxberger and Clemens Orthacker and G{\"u}nther Lackner and Michael Gissing and Alexander Marsalek and Johannes Leibetseder and Oliver Prevenhueber",

year = "2012",

month = jul,

day = "9",

doi = "10.1007/978-3-642-30244-2_1",

language = "English",

isbn = "9783642302435",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering",

pages = "1--12",

booktitle = "Security and Privacy in Mobile Information and Communication Systems - Third International ICST Conference, MobiSec 2011, Revised Selected Papers",

note = "3rd ICST Conference on Security and Privacy for Mobile Information and Communication Systems, MobiSec 2011 ; Conference date: 17-05-2011 Through 19-05-2011",

}

TY - GEN

T1 - Android Market Analysis with Activation Patterns

AU - Teufl, Peter

AU - Kraxberger, Stefan

AU - Orthacker, Clemens

AU - Lackner, Günther

AU - Gissing, Michael

AU - Marsalek, Alexander

AU - Leibetseder, Johannes

AU - Prevenhueber, Oliver

PY - 2012/7/9

Y1 - 2012/7/9

N2 - The increasing market share of the Android platform is partly caused by a growing number of applications (apps) available on the Android market: by now (January 2011) roughly 200.000. This popularity in combination with the lax market approval process attracts the injection of malicious apps into the market. Android features a fine-grained permission system allowing the user to review the permissions an app requests and grant or deny access to resources prior to installation. In this paper, we extract these security permissions along other metadata of 130.211 apps and apply a new analysis method called Activation Patterns. Thereby, we are able to gain a new understanding of the apps through extracting knowledge about security permissions, their relations and possible anomalies, executing semantic search queries, finding relations between the description and the employed security permissions, or identifying clusters of similar apps. The paper describes the employed method and highlights its benefits in several analysis examples - e.g. screening the market for possible malicious apps that should be further investigated.

AB - The increasing market share of the Android platform is partly caused by a growing number of applications (apps) available on the Android market: by now (January 2011) roughly 200.000. This popularity in combination with the lax market approval process attracts the injection of malicious apps into the market. Android features a fine-grained permission system allowing the user to review the permissions an app requests and grant or deny access to resources prior to installation. In this paper, we extract these security permissions along other metadata of 130.211 apps and apply a new analysis method called Activation Patterns. Thereby, we are able to gain a new understanding of the apps through extracting knowledge about security permissions, their relations and possible anomalies, executing semantic search queries, finding relations between the description and the employed security permissions, or identifying clusters of similar apps. The paper describes the employed method and highlights its benefits in several analysis examples - e.g. screening the market for possible malicious apps that should be further investigated.

KW - Activation Patterns

KW - Android Malware

KW - Android Market

KW - Anomaly Detection

KW - Machine Learning

KW - Security Permissions

KW - Semantic Search

KW - Unsupervised Clustering

UR - http://www.scopus.com/inward/record.url?scp=84869597391&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-30244-2_1

DO - 10.1007/978-3-642-30244-2_1

M3 - Conference paper

AN - SCOPUS:84869597391

SN - 9783642302435

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering

SP - 1

EP - 12

BT - Security and Privacy in Mobile Information and Communication Systems - Third International ICST Conference, MobiSec 2011, Revised Selected Papers

T2 - 3rd ICST Conference on Security and Privacy for Mobile Information and Communication Systems, MobiSec 2011

Y2 - 17 May 2011 through 19 May 2011

ER -