Computer Science

Computer Science ›› 2023, Vol. 50 ›› Issue (10): 327-335.doi: 10.11896/jsjkx.220800181

• Information Security • Previous Articles     Next Articles

Android Application Privacy Disclosure Detection Method Based on Static and Dynamic Combination

DING Xuhui1, ZHANG Linlin2, ZHAO Kai1, WANG Xusheng1   

  1. 1 College of Information Science and Engineering,Xinjiang University,Urumqi 830046,China
    2 College of Software,Xinjiang University,Urumqi 830046,China
  • Received:2022-08-18 Revised:2023-06-25 Online:2023-10-10 Published:2023-10-10
  • About author:DING Xuhui,born in 1995,postgra-duate.His main research interests include information security,privacy protection and privacy leakage detection.ZHANG Linlin,born in 1974,Ph.D,professor.Her main research interests include mobile application security,malware detection,privacy protection,etc.
  • Supported by:
    Natural Science Foundation of Xinjiang Uygur Autonomous Region,China(2022D01C429,2022D01C427),National Natural Science Foundation of China(12061071) and Key R & D Program of Xinjiang Uygur Autonomous Region(2022B03023).

PDF (PC)

1281

Abstract: Under the background of big data,the problem of Android software stealing users' personal information is becoming more and more serious.Aiming at the problems of high false positive rate in static analysis and easy missing in dynamic analysis,a privacy disclosure detection method based on the combination of static and dynamic features is proposed.The multi-dimensional static features and dynamic features extracted from the application are fused,and the gradient descent algorithm is used to allocate optimal weights for SVM,RF,XGBoost,LightGBM and CatBoost,and the risk of privacy disclosure is detected by integrated learning weighted voting.Through the experimental analysis of 2 951 applications,the accuracy rate of this method reaches 95.14%,which is obviously better than a single feature and a single classifier,and can effectively detect the privacy disclosure risk of Android applications.

Key words: Android, Privacy disclosure, Static analysis, Dynamic analysis, Ensemble learning

CLC Number: 

  • TP309
[1]中国互联网络信息中心.第49次《中国互联网络发展状况统计报告》[R/OL].中国网信网,2021-09-15.http://www.cnnic.cn/hlwfzyj/hlwxzbg/hlwtjbg/202202/P020220407403488048001.pdf.
[2]360网络安全响应中心.2021年上半年度中国手机安全状况报告[R/OL].360[2021-08-24].https://www.360.cn/n/12015.html.
[3]FU Y,LU XM,GAO X,et al.A survey on key technologies of privacy leakage detection for Android platform[C]// 2nd International Symposium on Big Data and Applied Statistics.2019:1-5.
[4]SHARMA S,K RISHNA R,KQUMAR R.An Ensemble-based Supervised Machine Learning Framework for Android Ransomware Detection[J].International Arab Journal of Information Technology,2021,18(3):422-429.
[5]HUANG J M,HUANG W C,MIAO F Y,et al.Detecting Improper Behaviors of Stubbornly Requesting Permissions in Android Applications[J].International Journal of Network Security,2019,22(3):381-391.
[6]XIAO J M,CHEN S Z,HE Q,et al.An Android application risk evaluation framework based on minimum permission set identification[J].Journal of Systems and Software,2020,163:110533.
[7]WANG L,LI F,LI L,et al.Principle and Practice of Taint Ana-lysis[J].Journal of Software,2017,28(4):860-882.
[8]ZHANG J,TIAN C,DUAN Z H.FastDroid:efficient taint ana-lysis for Android applications[C]// 41th International Confe-rence on Software Engineering:Companion Proceedings(ICSE).2019:236-237.
[9]YU L,LUO X P,CHEN J C,et al.PPChecker:Towards Acces-sing the Trustworthiness of Android Apps' Privacy Policies[J].IEEE Transactions on Software Engineering,2021,2(47):221-242.
[10]LI T,WANG Y J,XING Y X,et al.Research on multi-dimensional privacy Disclosure evaluation Model of mobile terminal [J].Journal of Computers,2018,41(9):2134-2147.
[11]HE Y Z,YANG X J,HU B H,et al.Dynamic privacy leakageanalysis of Android third-party libraries[J].Journal of Information Security and Applications,2019,46(2):259-270.
[12]ITO K,HASEGAWA H,YAMAGUCHI Y,et al.Detecting Privacy Information Abuse by Android Apps from API Call Logs[C]//13th International Workshop on Security(IWSEC).2018:143-157.
[13]HE Y Z,WANG C,XU G Q,et al.Privacy-preserving categorization of mobile applications based on large-scale usage data[J].Information Sciences,2019,514(1):557-570.
[14]COLETTA A,MASELLI G,PIVA M.My SIM is Leaking My Data:Exposing Self-Login Privacy Breaches in Smartphones[J].arXiv:2003.08458,2020.
[15]HATAMIAN M,SAMUEL W,NURUL M,et al.A Privacy and Security Analysis of Early-deployed COVID-19 Contact Tracing Android Apps[J].Empirical Software Engineering,2021,26(3):1-51.
[16]ZHANG Z P,FU M,FENG X Y.A Lightweight Dynamic Enforcement of Privacy Protection for Android[J].Journal of Computer Science and Technology,2019,34(4):901-923.
[17]SUN L C,LI Z Q,YAN Q B,et al.SigPID:significant permission identification for android malware detection[C]//11th International Conference on Malicious and Unwanted Software(MALWARE).2016:1-8.
[18]YANG Y,DU X H,YANG Z.PRADroid:Privacy Risk Assessment for Android Applications[C]//5th International Confe-rence on Cryptography.2021:90-95.
[19]MERIO A,GEORGIU G C.RiskInDroid:Machine Learning-based Risk Analysis on Android[C]//32nd International Conference on ICT Systems Security and Privacy Protection.2017:538-552.
[20]ARORA A,PEDDOJU S K,CONTI M,et al.PermPair:Android Malware Detection UsingPermission Pairs[J].IEEE Transactions on Information Forensics and Security,2020,15(1):1968-1982.
[21]WANG X Y,QIN X,HOSSEINI M B,et al.GUILeak:tracing privacy policy claims on user input data for Android applications[C]//40th International Conference on Software Engineering(ICSE).2018:37-47.
[22]RANGANATH V P,MITRAL J.Are free Android app security analysis tools effective in detecting known vulnerabilities? [J].Empirical Software Engineering,2020,25(1):178-219.
[23]ARZT S,RASTHOFER S,FRITZ C,et al.FlowDroid:precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for Android apps[C]//35th SIGPLAN Conference on Programming Language Design & Implementation.2014:259-269.
[24]BACKES M,BUGIEL S,DERR E,et al.On Demystifying the Android Application Framework:Re-Visiting Android Permission Specification Analysis[C]// 25th USENIX Security Symposium.2016:1101-1118.
[25]PAN X,CAO Y Z,DU X C,et al.FlowCog:context-aware semantics extraction and analysis of information flow leaks in android apps[C]//27th USENIX Security Symposium.2018:1669-1685.
[26]LIU X,LIU JQ,WANG W,et al.Discovering and understanding android sensor usage behaviors with data flow analysis[J].World Wide Web,2018,21(1):105-126.
[27]BAI J,WANG W,QIN Y.BridgeTaint:A Bi-directional Dyna-mic Taint Tracking Method for JavaScript Bridges in Android Hybrid Applications[J].IEEE Transactions on Information Forensics and Security,2019,14(3):677-692.
[28]KLIEBER W,FLYNN L,SNAVELY W,et al.Practical Precise Taint-flow Static Analysis for Android App Sets[C]//13th International Conference on Availability,Reliability and Security(ARES).2018:1-7.
[29]WANG L,ZHOU Q,HE D J,et al.Multi-source Taint Analysis Technique for Privacy Leak Detection of Android Apps[J].Journal of Software,2019,30(2):211-230.
[30]HU Y J,ZHANG L L,ZHAO K,et al.Android Privacy LeakDetection Method Based on Static Taint Analysis [J].Journal of Cyber Security,2020,5(5):144-151.
[31]ALI A,MARCINEK P,ALZAHRANI A,et al.PUREDroid:Permission Usage and Risk Estimation for Android Applications[C]//3rd International Conference on Information System and Data Mining.2019:179-184.
[32]ALKINDI Z,SARRAB M,ALZIDI N.CUPA:A Configurable User Privacy Approach for Android Mobile Application[C]//7th IEEE International Conference on Cyber Security and Cloud Computing(CSCloud).2020:216-221.
[33]QIN X,NEUHAUS R,GONZALES D,et al.Taming WebViews in the Detection of Android Privacy Leaks[C]//6th Annual Symposium on Hot Topics in the Science of Security.2019:1-2.
[34]ENCK W,GILBERT P,HAN S,et al.TaintDroid:An information-flowtracking system for realtime privacy monitoring on smartphones[J].ACM Transactions on Computer Systems,2014,32(2):393-407.
[1] YUAN Jiangfeng, LI Haoxiang, YOU Wei, HUANG Jianjun, SHI Wenchang, LIANG Bin. Locating Third-party Library Functions in Obfuscated Applications [J]. Computer Science, 2023, 50(7): 293-301.
[2] ZHANG Desheng, CHEN Bo, ZHANG Jianhui, BU Youjun, SUN Chongxin, SUN Jia. Browser Fingerprint Recognition Based on Improved Self-paced Ensemble Algorithm [J]. Computer Science, 2023, 50(7): 317-324.
[3] FU Xiong, NIE Xiaohan, WANG Junchang. Study on Android Fake Application Detection Method Based on Interface Similarity [J]. Computer Science, 2023, 50(6A): 220300114-7.
[4] YANG Qianlong, JIANG Lingyun. Study on Load Balancing Algorithm of Microservices Based on Machine Learning [J]. Computer Science, 2023, 50(5): 313-321.
[5] YU Xingzhan, LU Tianliang, DU Yanhui, WANG Xirui, YANG Cheng. Android Malware Family Classification Method Based on Synthetic Image and Xception Improved Model [J]. Computer Science, 2023, 50(4): 351-358.
[6] LIU Xinwei, TAO Chuanqi. Method of Java Redundant Code Detection Based on Static Analysis and Knowledge Graph [J]. Computer Science, 2023, 50(3): 65-71.
[7] HU Zhongyuan, XUE Yu, ZHA Jiajie. Survey on Evolutionary Recurrent Neural Networks [J]. Computer Science, 2023, 50(3): 254-265.
[8] YAN Yuanting, MA Yingao, REN Yanping, ZHANG Yanping. Imbalanced Undersampling Based on Constructive Neural Network and Global Density Information [J]. Computer Science, 2023, 50(10): 48-58.
[9] HE Yulin, ZHU Penghui, HUANG Zhexue, Fournier-Viger PHILIPPE. Classification Uncertainty Minimization-based Semi-supervised Ensemble Learning Algorithm [J]. Computer Science, 2023, 50(10): 88-95.
[10] ZHANG Guang-hua, GAO Tian-jiao, CHEN Zhen-guo, YU Nai-wen. Study on Malware Classification Based on N-Gram Static Analysis Technology [J]. Computer Science, 2022, 49(8): 336-343.
[11] YAO Ye, ZHU Yi-an, QIAN Liang, JIA Yao, ZHANG Li-xiang, LIU Rui-liang. Android Malware Detection Method Based on Heterogeneous Model Fusion [J]. Computer Science, 2022, 49(6A): 508-515.
[12] LIN Xi, CHEN Zi-zhuo, WANG Zhong-qing. Aspect-level Sentiment Classification Based on Imbalanced Data and Ensemble Learning [J]. Computer Science, 2022, 49(6A): 144-149.
[13] KANG Yan, WU Zhi-wei, KOU Yong-qi, ZHANG Lan, XIE Si-yu, LI Hao. Deep Integrated Learning Software Requirement Classification Fusing Bert and Graph Convolution [J]. Computer Science, 2022, 49(6A): 150-158.
[14] WANG Yi, LI Zheng-hao, CHEN Xing. Recommendation of Android Application Services via User Scenarios [J]. Computer Science, 2022, 49(6A): 267-271.
[15] ZHAO Jing-wen, FU Yan, WU Yan-xia, CHEN Jun-wen, FENG Yun, DONG Ji-bin, LIU Jia-qi. Survey on Multithreaded Data Race Detection Techniques [J]. Computer Science, 2022, 49(6): 89-98.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.