Security-oriented view of app behaviour using textual descriptions and user-granted permission requests

Olukoya, O. , Mackenzie, L. and Omoronyia, I. (2020) Security-oriented view of app behaviour using textual descriptions and user-granted permission requests. Computers and Security, 89, 101685. (doi: 10.1016/j.cose.2019.101685)

[img] Text
205065.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

973kB

Abstract

One of the major Android security mechanisms for enforcing restrictions on the core facilities of a device that an app can access is permission control. However, there is an enormous amount of risk with regards to granting permissions since 97% of malicious mobile malware targets Android. As malware is becoming more complicated, recent research proposed a promising approach that checks implemented app behaviour against advertised app behaviour for inconsistencies. In this paper, we investigate such inconsistencies by matching the permission an app requests with the natural language descriptions of the app which gives an intuitive idea of user expected behaviour of the app. Then, we propose exploiting an enhanced app description to improve malware detection based on app descriptions and permissions. To evaluate the performance, we carried out various experiments with 56K apks. Our proposed enhancement reduces the false positives of the state-of-the-art approaches, Whyper, AutoCog, CHABADA by at least 87%, and TAPVerifier by at least 57%. We proposed a novel approach for evaluating the robustness of textual descriptions for permission-based malware detection. Our experimental results demonstrate a high detection recall rate of 98.72% on 71 up-to-date malware families and a precision of 90% on obfuscated samples of benign and malware apks. Our results also show that analysing sensitive permissions requested and UI textual descriptions provides a promising avenue for sustainable Android malware detection.

Item Type:Articles
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Omoronyia, Dr Inah and Mackenzie, Dr Lewis and Olukoya, Mr Oluwafemi
Authors: Olukoya, O., Mackenzie, L., and Omoronyia, I.
College/School:College of Science and Engineering > School of Computing Science
Journal Name:Computers and Security
Publisher:Elsevier
ISSN:0167-4048
ISSN (Online):1872-6208
Published Online:06 December 2019
Copyright Holders:Copyright © 2019 Elsevier Ltd.
First Published:First published in Computers and Security 89:101685
Publisher Policy:Reproduced in accordance with the copyright policy of the publisher

University Staff: Request a correction | Enlighten Editors: Update this record