Towards using unstructured user input request for malware detection

Olukoya, O. , Mackenzie, L. and Omoronyia, I. (2020) Towards using unstructured user input request for malware detection. Computers and Security, 93, 101783. (doi: 10.1016/j.cose.2020.101783)

211314.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.



Privacy analysis techniques for mobile apps are mostly based on system-centric data originating from well-defined system API calls. But these apps may also collect sensitive information via their unstructured input sources that elude privacy analysis. The consequence is that users are unable to determine the extent to which apps may impact on their privacy when downloaded and installed on mobile devices. To this end, we present a privacy analysis framework for unstructured input. Our approach leverages app meta-data descriptions and taxonomy of sensitive information, to identify sensitive unstructured user input. The outcome is an understanding of the level of user privacy risk posed by an app based on its unstructured user input request. Subsequently, we evaluate the usefulness of the unstructured sensitive user input for malware detection. We evaluate our methods using 175K benign apps and 175K malware APKs. The outcome highlights that malicious app detector built on unstructured sensitive user achieve an average balance accuracy of 0.996 demonstrated with Trojan-Banker and Trojan-SMS when the malware family and target applications are known and balanced accuracy of 0.70 with generic malware.

Item Type:Articles
Glasgow Author(s) Enlighten ID:Omoronyia, Dr Inah and Mackenzie, Dr Lewis and Olukoya, Mr Oluwafemi
Authors: Olukoya, O., Mackenzie, L., and Omoronyia, I.
College/School:College of Science and Engineering > School of Computing Science
Journal Name:Computers and Security
ISSN (Online):1872-6208
Published Online:29 February 2020
Copyright Holders:Copyright © 2020 Elsevier
First Published:First published in Computers and Security 93:101783
Publisher Policy:Reproduced in accordance with the copyright policy of the publisher

University Staff: Request a correction | Enlighten Editors: Update this record