Abstract
The increasing market share of the Android platform is partly caused by a growing number of applications (apps) available on the Android market: by now (January 2011) roughly 200.000. This popularity in combination with the lax market approval process attracts the injection of malicious apps into the market. Android features a fine-grained permission system allowing the user to review the permissions an app requests and grant or deny access to resources prior to installation. In this paper, we extract these security permissions along other metadata of 130.211 apps and apply a new analysis method called Activation Patterns. Thereby, we are able to gain a new understanding of the apps through extracting knowledge about security permissions, their relations and possible anomalies, executing semantic search queries, finding relations between the description and the employed security permissions, or identifying clusters of similar apps. The paper describes the employed method and highlights its benefits in several analysis examples - e.g. screening the market for possible malicious apps that should be further investigated.
Original language | English |
---|---|
Title of host publication | Security and Privacy in Mobile Information and Communication Systems - Third International ICST Conference, MobiSec 2011, Revised Selected Papers |
Pages | 1-12 |
Number of pages | 12 |
DOIs | |
Publication status | Published - 9 Jul 2012 |
Event | 3rd ICST Conference on Security and Privacy for Mobile Information and Communication Systems, MobiSec 2011 - Aalborg, Denmark Duration: 17 May 2011 → 19 May 2011 |
Publication series
Name | Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering |
---|---|
Volume | 94 LNICST |
ISSN (Print) | 1867-8211 |
Conference
Conference | 3rd ICST Conference on Security and Privacy for Mobile Information and Communication Systems, MobiSec 2011 |
---|---|
Country | Denmark |
City | Aalborg |
Period | 17/05/11 → 19/05/11 |
Fingerprint
Keywords
- Activation Patterns
- Android Malware
- Android Market
- Anomaly Detection
- Machine Learning
- Security Permissions
- Semantic Search
- Unsupervised Clustering
ASJC Scopus subject areas
- Computer Networks and Communications
Cite this
Android Market Analysis with Activation Patterns. / Teufl, Peter; Kraxberger, Stefan; Orthacker, Clemens; Lackner, Günther; Gissing, Michael; Marsalek, Alexander; Leibetseder, Johannes; Prevenhueber, Oliver.
Security and Privacy in Mobile Information and Communication Systems - Third International ICST Conference, MobiSec 2011, Revised Selected Papers. 2012. p. 1-12 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering; Vol. 94 LNICST).Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Research › peer-review
}
TY - GEN
T1 - Android Market Analysis with Activation Patterns
AU - Teufl, Peter
AU - Kraxberger, Stefan
AU - Orthacker, Clemens
AU - Lackner, Günther
AU - Gissing, Michael
AU - Marsalek, Alexander
AU - Leibetseder, Johannes
AU - Prevenhueber, Oliver
PY - 2012/7/9
Y1 - 2012/7/9
N2 - The increasing market share of the Android platform is partly caused by a growing number of applications (apps) available on the Android market: by now (January 2011) roughly 200.000. This popularity in combination with the lax market approval process attracts the injection of malicious apps into the market. Android features a fine-grained permission system allowing the user to review the permissions an app requests and grant or deny access to resources prior to installation. In this paper, we extract these security permissions along other metadata of 130.211 apps and apply a new analysis method called Activation Patterns. Thereby, we are able to gain a new understanding of the apps through extracting knowledge about security permissions, their relations and possible anomalies, executing semantic search queries, finding relations between the description and the employed security permissions, or identifying clusters of similar apps. The paper describes the employed method and highlights its benefits in several analysis examples - e.g. screening the market for possible malicious apps that should be further investigated.
AB - The increasing market share of the Android platform is partly caused by a growing number of applications (apps) available on the Android market: by now (January 2011) roughly 200.000. This popularity in combination with the lax market approval process attracts the injection of malicious apps into the market. Android features a fine-grained permission system allowing the user to review the permissions an app requests and grant or deny access to resources prior to installation. In this paper, we extract these security permissions along other metadata of 130.211 apps and apply a new analysis method called Activation Patterns. Thereby, we are able to gain a new understanding of the apps through extracting knowledge about security permissions, their relations and possible anomalies, executing semantic search queries, finding relations between the description and the employed security permissions, or identifying clusters of similar apps. The paper describes the employed method and highlights its benefits in several analysis examples - e.g. screening the market for possible malicious apps that should be further investigated.
KW - Activation Patterns
KW - Android Malware
KW - Android Market
KW - Anomaly Detection
KW - Machine Learning
KW - Security Permissions
KW - Semantic Search
KW - Unsupervised Clustering
UR - http://www.scopus.com/inward/record.url?scp=84869597391&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-30244-2_1
DO - 10.1007/978-3-642-30244-2_1
M3 - Conference contribution
SN - 9783642302435
T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering
SP - 1
EP - 12
BT - Security and Privacy in Mobile Information and Communication Systems - Third International ICST Conference, MobiSec 2011, Revised Selected Papers
ER -