Cargando…

A Modified FlowDroid Based on Chi-Square Test of Permissions

Android devices are currently widely used in many fields, such as automatic control, embedded systems, the Internet of Things and so on. At the same time, Android applications (apps) always use multiple permissions, and permissions can be abused by malicious apps that disclose users’ privacy or brea...

Descripción completa

Detalles Bibliográficos
Autores principales: Kang, Hongzhaoning, Liu, Gang, Wu, Zhengping, Tian, Yumin, Zhang, Lizhi
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2021
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7912706/
https://www.ncbi.nlm.nih.gov/pubmed/33573210
http://dx.doi.org/10.3390/e23020174
_version_ 1783656637488168960
author Kang, Hongzhaoning
Liu, Gang
Wu, Zhengping
Tian, Yumin
Zhang, Lizhi
author_facet Kang, Hongzhaoning
Liu, Gang
Wu, Zhengping
Tian, Yumin
Zhang, Lizhi
author_sort Kang, Hongzhaoning
collection PubMed
description Android devices are currently widely used in many fields, such as automatic control, embedded systems, the Internet of Things and so on. At the same time, Android applications (apps) always use multiple permissions, and permissions can be abused by malicious apps that disclose users’ privacy or breach the secure storage of information. FlowDroid has been extensively studied as a novel and highly precise static taint analysis for Android applications. Aiming at the problem of complex detection and false alarms in FlowDroid, an improved static detection method based on feature permission and risk rating is proposed. Firstly, the Chi-square test is used to extract correlated permissions related to malicious apps, and mutual information is used to cluster the permissions to generate feature permission clusters. Secondly, risk calculation method based on permissions and combinations of permissions are proposed to identify dangerous data flows. Experiments show that this method can significantly improve detection efficiency while maintaining the accuracy of dangerous data flow detection.
format Online
Article
Text
id pubmed-7912706
institution National Center for Biotechnology Information
language English
publishDate 2021
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-79127062021-02-28 A Modified FlowDroid Based on Chi-Square Test of Permissions Kang, Hongzhaoning Liu, Gang Wu, Zhengping Tian, Yumin Zhang, Lizhi Entropy (Basel) Article Android devices are currently widely used in many fields, such as automatic control, embedded systems, the Internet of Things and so on. At the same time, Android applications (apps) always use multiple permissions, and permissions can be abused by malicious apps that disclose users’ privacy or breach the secure storage of information. FlowDroid has been extensively studied as a novel and highly precise static taint analysis for Android applications. Aiming at the problem of complex detection and false alarms in FlowDroid, an improved static detection method based on feature permission and risk rating is proposed. Firstly, the Chi-square test is used to extract correlated permissions related to malicious apps, and mutual information is used to cluster the permissions to generate feature permission clusters. Secondly, risk calculation method based on permissions and combinations of permissions are proposed to identify dangerous data flows. Experiments show that this method can significantly improve detection efficiency while maintaining the accuracy of dangerous data flow detection. MDPI 2021-01-30 /pmc/articles/PMC7912706/ /pubmed/33573210 http://dx.doi.org/10.3390/e23020174 Text en © 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Kang, Hongzhaoning
Liu, Gang
Wu, Zhengping
Tian, Yumin
Zhang, Lizhi
A Modified FlowDroid Based on Chi-Square Test of Permissions
title A Modified FlowDroid Based on Chi-Square Test of Permissions
title_full A Modified FlowDroid Based on Chi-Square Test of Permissions
title_fullStr A Modified FlowDroid Based on Chi-Square Test of Permissions
title_full_unstemmed A Modified FlowDroid Based on Chi-Square Test of Permissions
title_short A Modified FlowDroid Based on Chi-Square Test of Permissions
title_sort modified flowdroid based on chi-square test of permissions
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7912706/
https://www.ncbi.nlm.nih.gov/pubmed/33573210
http://dx.doi.org/10.3390/e23020174
work_keys_str_mv AT kanghongzhaoning amodifiedflowdroidbasedonchisquaretestofpermissions
AT liugang amodifiedflowdroidbasedonchisquaretestofpermissions
AT wuzhengping amodifiedflowdroidbasedonchisquaretestofpermissions
AT tianyumin amodifiedflowdroidbasedonchisquaretestofpermissions
AT zhanglizhi amodifiedflowdroidbasedonchisquaretestofpermissions
AT kanghongzhaoning modifiedflowdroidbasedonchisquaretestofpermissions
AT liugang modifiedflowdroidbasedonchisquaretestofpermissions
AT wuzhengping modifiedflowdroidbasedonchisquaretestofpermissions
AT tianyumin modifiedflowdroidbasedonchisquaretestofpermissions
AT zhanglizhi modifiedflowdroidbasedonchisquaretestofpermissions