One of Android’s main
defense mechanisms against malicious apps is a risk communication mechanism
which, before a user installs an app, warns the user about the permissions the
app requires, trusting that the user will make the right decision. This
approach has been shown to be ineffective as it presents the risk information
of each app in a “stand-alone” fashion and in a way that requires too much
technical knowledge and time to distill useful information. We discuss the
desired properties of risk signals and relative risk scores for Android apps in
order to generate another metric that users can utilize when choosing apps. We
present a wide range of techniques to generate both risk signals and risk
scores that are based on heuristics as well as principled machine learning
techniques. Experimental results conducted using real-world datasets show that
these methods can effectively identify malware as very risky, are simple to
understand, and easy to use
No comments:
Post a Comment