Skip to main content
SpringerLink
Log in

APP Vetting Based on the Consistency of Description and APK

  • Conference paper
  • First Online:
Trusted Systems (INTRUST 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9473))

Included in the following conference series:

Abstract

Android has witnessed a substantial growth over the years, in the market share as well as in the number of malwares. In this paper, we proposed a novel approach to detect potentially malicious applications, based on the semantic relatedness between the applications’ descriptions and the apk files. We gathered an application database of 7,570 valid applications for training and testing, finding that about 16.6 % of the tested applications exhibit a lack of relatedness between the apk files and descriptions, due to either inadequate embedded text in apk file, too short a description, unsuited description, or being a malicious application. In additions, there are 4 % of applications unjustly deemed as unrelated. Our study showed that the semantic based approach is applicable in terms of malware detection and in judging the soundness of descriptions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Number of android applications. Technical report, AppBrain (2014)

    Google Scholar 

  2. Research also shows steady and significant drop in number of malicious apps being removed in past three years. Technical report, RiskIQ (2014)

    Google Scholar 

  3. An open-source api for the android market. https://code.google.com/p/android-market-api. Accessed 2014

  4. Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: Pscout: Analyzing the android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 217–228. ACM, New York (2012)

    Google Scholar 

  5. Chau, M., Reith, R., Ubrani, J.: Worldwide quarterly mobile phone tracker. Technical report, International Data Corporation (2014)

    Google Scholar 

  6. Enck, W., Ongtang, M., Mcdaniel, P.D.: On lightweight mobile phone application certification. In: ACM Conference on Computer and Communications Security, pp. 235–245 (2009)

    Google Scholar 

  7. Fang, Z., Han, W., Li, Y.: Permission based android security: issues and countermeasures. Comput. Secur. (COSE) 43, 205–218 (2014)

    Article  Google Scholar 

  8. Fellbaum, C.: WordNet An Electronic Lexical Database (1998)

    Google Scholar 

  9. Gabrilovich, E., Markovitch, S.: Computing semantic relatedness using wikipedia-based explicit semantic analysis. In: International Joint Conference on Artificial Intelligence, pp. 1606–1611 (2007)

    Google Scholar 

  10. Google. android-apktool. https://code.google.com/p/android-apktool. Accessed 2014

  11. Han, W., Fang, Z., Yang, L.T., Pan, G., Wu, Z.: Collaborative policy administration. IEEE Trans. Parallel Distrib. Syst. (TPDS) 25(2), 498–507 (2014)

    Article  Google Scholar 

  12. Jordan, M.I., Jacobs, R.A.: Hierarchical mixtures of experts and the EM algorithm. In: International Symposium on Neural Networks (1993)

    Google Scholar 

  13. Knoth, P., Zilka, L., Zdrahal, Z.: Cross-lingual link discovery in wikipedia using explicit semantic analysis. In: The 9th NTCIR Workshop Meeting, pp. 6–9, Tokyo, Japan, December 2011. Knowledge Media Institute

    Google Scholar 

  14. Porter, M.: An algorithm for suffix stripping. Program-electron. Libr. Inf. Syst. 14, 130–137 (1980)

    Article  Google Scholar 

  15. Pregibon, D.: Logistic regression diagnostics. Ann. Stat. 9, 705–724 (1981)

    Article  MATH  MathSciNet  Google Scholar 

  16. Qu, Z., Rastogi, V., Zhang, X., Chen, Y., Zhu, T., Chen, Z.: AutoCog: measuring the description-to-permission fidelity in android applications. In: ACM Conference on Computer and Communications Security (2014)

    Google Scholar 

  17. Zhang, X., Han, W., Fang, Z., Yin, Y., Mustafa, H.: Role mining algorithm evaluation and improvement in large volume android applications. In: Proceedings of the First International Workshop on Security in embedded systems and smartphones (SESP 2013), conjunction with ASIACCS 2013 (2013)

    Google Scholar 

Download references

Acknowledgement

This paper is supported by 12th Five-Year National Development Foundation for Cryptography (MMJJ201301008), Key Lab of Information Network Security, Ministry of Public Security (C13612), Natural Science Foundation of Shanghai (12ZR1402600). We thanks anonymous reviewers for their comments.

Author information

Authors and Affiliations

  1. Software School, Fudan University, Shanghai, China

    Weili Han, Wei Wang, Xinyi Zhang, Weiwei Peng & Zheran Fang

  2. Key Lab of Information Network Security, Ministry of Public Security, Shanghai, China

    Weili Han

  3. Shanghai Key Laboratory of Data Science, Fudan University, Shanghai, China

    Weili Han

Authors
  1. Weili Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xinyi Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Weiwei Peng
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zheran Fang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Weili Han .

Editor information

Editors and Affiliations

  1. Google, New York, New York, USA

    Moti Yung

  2. Beijing Institute of Technology, Beijing, China

    Liehuang Zhu

  3. Institute for Infocomm Research, Singapore

    Yanjiang Yang

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Han, W., Wang, W., Zhang, X., Peng, W., Fang, Z. (2015). APP Vetting Based on the Consistency of Description and APK. In: Yung, M., Zhu, L., Yang, Y. (eds) Trusted Systems. INTRUST 2014. Lecture Notes in Computer Science(), vol 9473. Springer, Cham. https://doi.org/10.1007/978-3-319-27998-5_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27998-5_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27997-8

  • Online ISBN: 978-3-319-27998-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation