Avaliação e Recomendação de Aplicativos para Dispositivos Móveis com Foco em Segurança e Privacidade
Resumo
O crescimento no número de dispositivos móveis e a diversidade de interesse de desenvolvedores maliciosos. Como apps despertaram o consequência, usuários têm receio de instalar apps por causa dos riscos associados a segurança e privacidade. Atualmente, sistemas de recomendação vêm sendo utilizados para a escolha de apps. No entanto, a maioria das abordagens não avalia segurança e quando o faz leva em consideração apenas as permissões das apps. Nesse contexto, este trabalho apresenta um sistema que avalia as apps e sugere apenas aplicativos seguros para serem instalados, aumentando a confiabilidade das apps baixadas. Experimentos preliminares mostram resultados satisfatórios em comparação com trabalhos da literatura.Referências
Akhuseyinoglu, Nuray Baltaci, and Kamil Akhuseyinoglu. 2016. “AntiWare: An Automated Android Malware Detection Tool Based on Machine Learning Approach and Official Market Metadata.” Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON).
Android.“Requesting Permissions.” Disponível em: https://developer.android.com/ guide/topics/permissions/requesting.html, Janeiro 2018.
Bilic, Denise Giusto.“Balanço 2017: Análise de Riscos E Ameaças Para Dispositivos Móveis.” Disponível em: https://www.welivesecurity.com/br/2017/12/29/balanco-2017-riscos-e-ameacas-para-dispositivos-moveis/, Abril 2017.
Cong Zheng, Wenjun Hu, Xiao Zhang, Zhi Xu. “Cloak and Dagger Attack with No Permission.” Disponível em: https://unit42.paloaltonetworks.com/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/, Abril 2017. David Blei, 2012. “Probabilistic Topic Models” Communications of the ACM, páginas 77-84.
Feng Dong, Yanhui Guo, Chengze Li, Guoai Xu e Fang We, 2016 “ClassifyDroid: Large scale Android applications classification using semi-supervised Multinomial Naive Bayes” International Conference on Cloud Computing and Intelligence Systems (CCIS).
Haoyu Wang, Jason Hong e Yao Guo. 2015 “Using Text Mining to Infer the Purpose of Permission Use in Mobile Apps” International Joint Conference on Pervasive and Ubiquitous Computing, páginas 1107-118.
Hengshu Zhu, Hui Xiong, Yong Ge e Enhong Chen 2014. “Mobile App Recommendations with Security and Privacy Awareness Categories and Subject Descriptors.” ACM SIGKDD International conference on Knowledge discovery and data mining, páginas 951-960.
Jisha, R C, Ram Krishnan, and Varun Vikraman. 2018. “User Ratings and Permissions.” International Conference on Advances in Computing, Communications and Informatics, páginas 1000–1005.
Koodous. “Koodous.” Disponível em: https://koodous.com/, Janeiro 2019.
Kywe, Su Mon, Yingjiu Li, Kunal Petal, and Michael Grace. 2016. “Attacking Android Smartphone Systems without Permissions.” Annual Conference on Privacy, Security and Trust (PST).
Lashkari, Arash Habibi, Andi Fitriah A Kadir, Laya Taheri, and Ali A Ghorbani. “Toward Developing a Systematic Approach to Generate Benchmark Android Malware Datasets and Classification.”International Carnahan Conference on Security Technology (ICCST), páginas 1–7.
Li Ma, Yuexiang Yang, Xiaolei Wang e Jie He 2016. “Ultra-Lightweight Malware Detection of Android Using 2-Level Machine Learning,” International Conference on Information Science and Control Engineering (ICISCE), páginas 729–733.
Liu Rui, Jiannong Cao, and Kehuan Zhang. “When Privacy Meets Usability : Unobtrusive Privacy Permission Recommendation System for Mobile Apps Based on Crowdsourcing” IEEE Transactions on Services Computing, páginas 864-878.
Mansoor Lqbal. “App Download and Usage Statistics” Disponível em: https://www.businessofapps.com/data/app-statistics/, Abril 2019.
Martín, Ignacio, José Alberto Hernández, Alfonso Muñoz, and Antonio Guzmán. “Android Malware Characterization Using Metadata and Machine Learning Techniques” International Journal of Security and Communication Networks.
Rashidi, Fung and Vu. 2014. “RecDroid: A Resource Access Permission Control Portal and Recommendation Service for Smartphone Users.”ACM MobiCom Workshop on Security and Privacy in Mobile Environments, páginas 13–17.
Rohit Goyal, Angelo Spognardi, Nicola Dragoni e Marios Argyriou, 2016 “SafeDroid: A distributed malware detection service for android,” International Conference on Service-Oriented Computing and Applications (SOCA), páginas 59–66.
Xin Su, Dafang Zhang, Wenjia Liy e Wenwei Li 2015 “Android App Recommendation Approach Based on Network Traffic Measurement and Analysis.” International Symposium on Computers and Communication (ISCC), páginas 112-118.
Shifu Hou, Aaron Saas, Lifei Chen e Yanfang Ye, 2016 “Deep4MalDroid: A deep learning framework for android malware detection based on Linux kernel system call graphs,” International Conference on Web Intelligence Workshops (WIW), páginas 104–111.
Shukla, Ankur. 2017. “Permission Recommender System for Android” International Conference on Security of Information and Networks, páginas 13–16.
Statista. “Annual Number of Mobile Apps Downloads.” Disponível em: https://www.statista.com/statistics/271644/worldwide-free-and-paid-mobile-app-store-downloads/, Maio 2019.
Statista. “Number of Smartphone Users Worldwide.” Disponível em: https://www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/, Novembro 2019.
Stephen Feldman, Dillon Stadther e Bing Wa 2015. “Manilyzer: Automated Android malware detection through manifest analysis,” International Conference on Mobile Ad Hoc and Sensor Systems, páginas 767–772.
Xu, Kun, Weidong Zhang, and Zheng Yan. 2018. “A Privacy-Preserving Mobile Application Recommender System Based on Trust Evaluation.” Journal of Computational Science, páginas 87–107.
Zhenlong Yuan, Yongqiang Lu e Yibo Xue 2016. “Droiddetector: android malware characterization and detection using deep learning,” Tsinghua Science and Technology, páginas 114–123.
Android.“Requesting Permissions.” Disponível em: https://developer.android.com/ guide/topics/permissions/requesting.html, Janeiro 2018.
Bilic, Denise Giusto.“Balanço 2017: Análise de Riscos E Ameaças Para Dispositivos Móveis.” Disponível em: https://www.welivesecurity.com/br/2017/12/29/balanco-2017-riscos-e-ameacas-para-dispositivos-moveis/, Abril 2017.
Cong Zheng, Wenjun Hu, Xiao Zhang, Zhi Xu. “Cloak and Dagger Attack with No Permission.” Disponível em: https://unit42.paloaltonetworks.com/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/, Abril 2017. David Blei, 2012. “Probabilistic Topic Models” Communications of the ACM, páginas 77-84.
Feng Dong, Yanhui Guo, Chengze Li, Guoai Xu e Fang We, 2016 “ClassifyDroid: Large scale Android applications classification using semi-supervised Multinomial Naive Bayes” International Conference on Cloud Computing and Intelligence Systems (CCIS).
Haoyu Wang, Jason Hong e Yao Guo. 2015 “Using Text Mining to Infer the Purpose of Permission Use in Mobile Apps” International Joint Conference on Pervasive and Ubiquitous Computing, páginas 1107-118.
Hengshu Zhu, Hui Xiong, Yong Ge e Enhong Chen 2014. “Mobile App Recommendations with Security and Privacy Awareness Categories and Subject Descriptors.” ACM SIGKDD International conference on Knowledge discovery and data mining, páginas 951-960.
Jisha, R C, Ram Krishnan, and Varun Vikraman. 2018. “User Ratings and Permissions.” International Conference on Advances in Computing, Communications and Informatics, páginas 1000–1005.
Koodous. “Koodous.” Disponível em: https://koodous.com/, Janeiro 2019.
Kywe, Su Mon, Yingjiu Li, Kunal Petal, and Michael Grace. 2016. “Attacking Android Smartphone Systems without Permissions.” Annual Conference on Privacy, Security and Trust (PST).
Lashkari, Arash Habibi, Andi Fitriah A Kadir, Laya Taheri, and Ali A Ghorbani. “Toward Developing a Systematic Approach to Generate Benchmark Android Malware Datasets and Classification.”International Carnahan Conference on Security Technology (ICCST), páginas 1–7.
Li Ma, Yuexiang Yang, Xiaolei Wang e Jie He 2016. “Ultra-Lightweight Malware Detection of Android Using 2-Level Machine Learning,” International Conference on Information Science and Control Engineering (ICISCE), páginas 729–733.
Liu Rui, Jiannong Cao, and Kehuan Zhang. “When Privacy Meets Usability : Unobtrusive Privacy Permission Recommendation System for Mobile Apps Based on Crowdsourcing” IEEE Transactions on Services Computing, páginas 864-878.
Mansoor Lqbal. “App Download and Usage Statistics” Disponível em: https://www.businessofapps.com/data/app-statistics/, Abril 2019.
Martín, Ignacio, José Alberto Hernández, Alfonso Muñoz, and Antonio Guzmán. “Android Malware Characterization Using Metadata and Machine Learning Techniques” International Journal of Security and Communication Networks.
Rashidi, Fung and Vu. 2014. “RecDroid: A Resource Access Permission Control Portal and Recommendation Service for Smartphone Users.”ACM MobiCom Workshop on Security and Privacy in Mobile Environments, páginas 13–17.
Rohit Goyal, Angelo Spognardi, Nicola Dragoni e Marios Argyriou, 2016 “SafeDroid: A distributed malware detection service for android,” International Conference on Service-Oriented Computing and Applications (SOCA), páginas 59–66.
Xin Su, Dafang Zhang, Wenjia Liy e Wenwei Li 2015 “Android App Recommendation Approach Based on Network Traffic Measurement and Analysis.” International Symposium on Computers and Communication (ISCC), páginas 112-118.
Shifu Hou, Aaron Saas, Lifei Chen e Yanfang Ye, 2016 “Deep4MalDroid: A deep learning framework for android malware detection based on Linux kernel system call graphs,” International Conference on Web Intelligence Workshops (WIW), páginas 104–111.
Shukla, Ankur. 2017. “Permission Recommender System for Android” International Conference on Security of Information and Networks, páginas 13–16.
Statista. “Annual Number of Mobile Apps Downloads.” Disponível em: https://www.statista.com/statistics/271644/worldwide-free-and-paid-mobile-app-store-downloads/, Maio 2019.
Statista. “Number of Smartphone Users Worldwide.” Disponível em: https://www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/, Novembro 2019.
Stephen Feldman, Dillon Stadther e Bing Wa 2015. “Manilyzer: Automated Android malware detection through manifest analysis,” International Conference on Mobile Ad Hoc and Sensor Systems, páginas 767–772.
Xu, Kun, Weidong Zhang, and Zheng Yan. 2018. “A Privacy-Preserving Mobile Application Recommender System Based on Trust Evaluation.” Journal of Computational Science, páginas 87–107.
Zhenlong Yuan, Yongqiang Lu e Yibo Xue 2016. “Droiddetector: android malware characterization and detection using deep learning,” Tsinghua Science and Technology, páginas 114–123.
Publicado
02/09/2019
Como Citar
ROCHA, Thiago; SOUTO, Eduardo.
Avaliação e Recomendação de Aplicativos para Dispositivos Móveis com Foco em Segurança e Privacidade. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 19. , 2019, São Paulo.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 155-168.
DOI: https://doi.org/10.5753/sbseg.2019.13969.
