Abstract
With the mobile Internet rapidly developing and the number of mobile applications increasing sharply, the security of the mobile apps has been paid more and more attention in recent years. Many analysis methods for single app have been used in detecting the vulnerability and malicious code. Since mobile apps always related to each other by invoking components, some researchers began to focus on the analysis for multi-applications. But facing with millions of mobile applications, with limited resources, how to improve the ability of security analysis and protection is a difficult problem. For this purpose, we introduce a novel method to mine the correlation among a large number of applications, and finding the nodes that are in the critical position in the process of invoking components. In the proposed method, we first extract the important information from apps and build a database of components. Then, we try to analysis the potential relationship of apps based on the process of invoking components. Moreover, we proposed a novel metric of importance, which can help to find the apps which play important roles in the app-network. We did some experiments to evaluate the proposed method, the experiments show that, we can assess the influence of apps, and figure out the priority of targets during massive application analysis, whether for purpose of detection or protection.
Similar content being viewed by others
References
AppBrain: Android statistics: number of android applications (2016)
Baidu: Bdsuite android market. https://www.baidu.com/ (2017)
Tencent: Myapp market. https://android.myapp.com/ (2017)
Malhotra, R.: an empirical framework for defect prediction using machine learning techniques with Android software. Appl. Soft Comput. 40(10), 993–1006 (2016)
Li, L., Bartel, A., Bissyand’e, T. F., Klein, J., Le Traon, Y.: ApkCombiner: combining multiple android apps to support inter-app analysis. In: Proceedings of the 30th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC 2015) (2015)
Lu, L., Li, Z., Wu, Z., Lee, W., Jiang, G.: Chex: statically vetting android apps for component hijacking vulnerabilities. In: Proceedings of the 2012 ACM conference on Computer and communications security. ACM, pp. 229–240 (2012)
Hoog, A.: The incident response playbook for android and ios. In: RSA Conference 2016 (2016)
Wooyun.: Wormhole analysis report. Technical Report (2015)
Sbirlea, D., Burke, M.G., Guarnieri, S., Pistoia, M., Sarkar, V.: Automatic detection of inter-application permission leaks in android applications. IBM J. Res. Dev. 57(6), 10-1 (2013)
Du, Y., Wang, X., Wang, J.: A static android malicious code detection method based on multi-source fusion. Secur. Commun. Netw. 8(17), 3238–3246 (2015)
Zhao, Z., Wang, J., Wang, C.: An unknown malware detection scheme based on the features of graph. Secur. Commun. Netw. 6(2), 239–246 (2013)
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R., Shastry, B.: Towards taming privilege-escalation attacks on android. In: NDSS, vol. 17, p. 19 (2012)
Li, L.: Boosting static security analysis of android apps through code instrumentation. Ph.D. dissertation, University of Luxembourg, Luxembourg (2016)
Jacomy, M., Venturini, T., Heymann, S., Bastian, M.: Forceatlas2, a continuous graph layout algorithm for handy network visualization designed for the gephi software. PloS ONE 9(6), e98679 (2014)
Marforio, C., Francillon, A., Capkun, S., Capkun, S., Capkun, S.: Application collusion attack on the permission-based security model and its implications for modern smartphone systems. Department of Computer Science, ETH Zurich, Zurich (2011)
Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., Yves, L.: Effective inter-component communication mapping in android with EPICC: an essential step towards holistic security analysis. In: USENIX Security 2013 (2013)
Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Yves, L., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. vol. 49, no. 6, pp. 259–269 (2014)
Klieber, W., Flynn, L., Bhosale, A., Jia, L., Bauer, L.: Android taint flow analysis for app sets, pp. 1–6 (2014)
Octeau, D., Luchaup, D., Dering, M., Jha, S., McDaniel, P.: “Composite constant propagation: application to android inter-component communication analysis. In: Proceedings of the 37th International Conference on Software Engineering, IEEE Press, vol. 1, pp. 77–88 (2015)
Octeau, D., Jha, S., Dering, M., McDaniel, P., Bartel, A., Li, L., Klein, J., Yves, L.: Combining static analysis with probabilistic models to enable market-scale android inter-component analysis. In: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, pp. 469–484 (2016)
Zhao, Y., Song, W.: Survey on social-aware data dissemination over mobile wireless networks. IEEE Access 5, 6049–6059 (2017)
Zhou, J., Wang, Q., Tsai, S., Xue, Y., Dong, W.: How to evaluate the job satisfaction of development personnel. IEEE Trans. Syst. Man Cybern. 47(11), 2809–2816 (2017)
Baldinelli, G., Bonafoni, S., Rotili, A.: Albedo retrieval from multispectral Landsat 8 observation in Urban environment: algorithm validation by in situ measurements. IEEE J. Sel. Topics Appl. Earth Obs. Remote Sens. 10(10), 4504–4511 (2017)
Bai, X., Lee, I., Ning, Z., Tolba, A., Xia, F.: The role of positive and negative citations in scientific evaluation. IEEE Access 5, 17607–17617 (2017)
Guo, J., Guo, H.L., Wang, Z.Y.: An activation force based affinity measure for analyzing complex networks. Sci. Rep. 1, 113 (2011)
Page, L., Brin, S., Motwani, R., Winograd, T.: The pagerank citation ranking: bringing order to the web. Tech. Rep. (1999)
Acknowledgements
This work is supported by National Natural Science Foundation of China (CN) Project (U153610079, 61401038).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Li, Q., Li, C., Gao, G. et al. A novel method to find important apps base on the analysis of components relationship. Cluster Comput 22 (Suppl 3), 5479–5489 (2019). https://doi.org/10.1007/s10586-017-1308-3
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-017-1308-3