Android设备中基于流量特征的隐私泄露评估方案

doi:10.11959/j.issn.1000-436x.2020020

Abstract

Abstract:

Aiming at the privacy leakage,which was caused by collecting user information by third-party host in Android operating system App,a privacy leakage evaluation scheme HostRisk was proposed.HostRisk was based on TF-IDF model and hierarchical clustering method,which was applied in mobile device.The TF-IDF model calculated the business relevance between Apps and hosts via the behavior characteristics of the hosts in these Apps.For the business related hosts that fail to express the business relevance characteristics,those hosts were adjusted and optimized via the average connected hierarchical agglomerative clustering method.Finally,the harmful degree of privacy leakage was evaluated based on the ranking of all hosts in the App.The experimental results verify the effectiveness and efficiency of the scheme.

Key words: Android, privacy leakage, privacy assessment, privacy preservation

CLC Number:

TN929

Zhu WANG,Kun HE,Xinyu WANG,Ben NIU,Fenghua LI. Traffic characteristic based privacy leakage assessment scheme for Android device[J]. Journal on Communications, 2020, 41(2): 155-164.

Figures/Tables 9

References 33

[1]	LI F H , LI H , NIU B ,et al. Privacy computing:concept,computing framework,and future development trends[J]. Elsevier Engineering, 2019,5(6): 1179-1192.
[2]	REN J , RAO A , LINDORFER M ,et al. Recon:revealing and controlling PII leaks in mobile network traffic[C]// The 14th Annual International Conference on Mobile Systems,Applications,and Services. ACM, 2016: 361-374.
[3]	WANG H , GUO Y . Understanding third-party libraries in mobile App analysis[C]// 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C). IEEE, 2017: 515-516.
[4]	BOOK T , WALLACH D S . A case of collusion:a study of the interface between ad libraries and their Apps[C]// The Third ACM Workshop on Security and Privacy in Smartphones ＆ Mobile Devices. ACM, 2013: 79-86.
[5]	STEVENS R , GIBLER C , CRUSSELL J ,et al. Investigating user privacy in android ad libraries[C]// Workshop on Mobile Security Technologies (MoST). Citeseer, 2012:10.
[6]	GRACE M C , ZHOU W , JIANG X ,et al. Unsafe exposure analysis of mobile in-App advertisements[C]// The Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, 2012: 101-112.
[7]	LIN J , AMINI S , HONG J I ,et al. Expectation and purpose:understanding users’ mental models of mobile App privacy through crowdsourcing[C]// The 2012 ACM Conference on Ubiquitous Computing. ACM, 2012: 501-510.
[8]	LI M , WANG W , WANG P ,et al. LibD:scalable and precise third-party library detection in android markets[C]// 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE). ACM, 2017: 335-346.
[9]	MA Z , WANG H , GUO Y ,et al. LibRadar:fast and accurate detection of third-party libraries in Android Apps[C]// The 38th International Conference on Software Engineering Companion. 2016: 653-656.
[10]	KUZUNO H , TONAMI S . Signature generation for sensitive information leakage in android applications[C]// 2013 IEEE 29th International Conference on Data Engineering Workshops (ICDEW). IEEE, 2013: 112-119.
[11]	LI J , ZHAI L , ZHANG X ,et al. Research of android malware detection based on network traffic monitoring[C]// 2014 9th IEEE Conference on Industrial Electronics and Applications. IEEE, 2014: 1739-1744.
[12]	HE Y , YANG X , HU B ,et al. Dynamic privacy leakage analysis of android third-party libraries[J]. Journal of Information Security and Applications, 2019,46: 259-270.
[13]	FANG Z , HAN W , LI Y . Permission based Android security:issues and countermeasures[J]. Computers ＆ Security, 2014,43: 205-218.
[14]	ENCH W , OCTEAU D , MCDANIEL P D ,et al. A study of Android application security[C]// USENIX Security Symposium. 2011:2.
[15]	BOOK T , PRIDGEN A , WALLACH D S . Longitudinal analysis of android ad library permissions[J]. arXiv Preprint,arXiv:1303.0857, 2013.
[16]	NARAYNAN A , CHEN L , CHAN C K . Addetect:automated detection of Android ad libraries using semantic analysis[C]// 2014 IEEE Ninth International Conference on Intelligent Sensors,Sensor Networks and Information Processing (ISSNIP). IEEE, 2014: 1-6.
[17]	SUN M , TAN G . Nativeguard:protecting android applications from third-party native libraries[C]// The 2014 ACM Conference on Security and Privacy in Wireless ＆ Mobile Networks. ACM, 2014: 165-176.
[18]	BACKES M , BUGIEL S , DERR E . Reliable third-party library detection in android and its security applications[C]// The 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2016: 356-367.
[19]	CRUSSEL J , GIBLER C , CHEN H . Andarwin:scalable detection of semantically similar android applications[C]// European Symposium on Research in Computer Security. 2013: 182-199.
[20]	WANG H , GUO Y , MA Z ,et al. Wukong:a scalable and accurate two-phase approach to android app clone detection[C]// The 2015 International Symposium on Software Testing and Analysis. 2015: 71-82.
[21]	王浩宇, 郭耀, 马子昂 ,等. 大规模移动应用第三方库自动检测和分类方法[J]. 软件学报, 2017,6: 1373-1388.
	WANG H Y , GUO Y , MA Z A ,et al. Automated detection and classi-fication of third-party libraries in large scale Android Apps[J]. Journal of Software, 2017,6: 1373-1388.
[22]	LIU B , LIU B , JIN H ,et al. Efficient privilege de-escalation for adlibraries in mobile Apps[C]// The 13th Annual International Conference on Mobile Systems,Applications,and Services. 2015: 89-103.
[23]	TANG Z , XUE M , MENG G ,et al. Securing Android applications via edge assistant third-party library detection[J]. Computers ＆ Security, 2019,80: 257-272.
[24]	ENCK W , ONGTANG M , MCDANIEL P . On lightweight mobile phone application certification[C]// The 16th ACM conference on Computer and Communications Security. ACM, 2009: 235-245.
[25]	SEO S H , GUPTA A , SALLAM A M ,et al. Detecting mobile malware threats to homeland security through static analysis[J]. Journal of Network and Computer Applications, 2014,38: 43-53.
[26]	TENENBOIM-CHEKINA L , BARAD O , SHABTAI A ,et al. Detecting application update attack on mobile devices through network features[C]// 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). IEEE, 2013: 91-92.
[27]	ZHOU Y , WANG Z , ZHOU W ,et al. Hey,you,get off of my market:detecting malicious apps in official and alternative android markets[C]// 19th Annual Network ＆ Distributed System Security Symposium. 2012: 50-52.
[28]	李梦玉, 马严, 黄小红 ,等. 基于URL的恶意访问检测方法[J]. 通信学报, 2018,39(Z1): 92-98.
	LI M Y , MA Y , HUANG X H ,et al. Malicious access detection method based on URL[J]. Journal on Communications, 2018,39(Z1): 92-98.
[29]	李佳, 云晓春, 李书豪 ,等. 基于混合结构深度神经网络的 HTTP恶意流量检测方法[J]. 通信学报, 2019,40(1): 28-37.
	LI J , YUN X C , LI S H ,et al. HTTP malicious traffic detection method based on hybrid structure deep neural network[J]. Journal on Commu-nications, 2019,40(1): 28-37.
[30]	GRACE M , ZHOU Y , ZHANG Q ,et al. Riskranker:scalable and accurate zero-day Android malware detection[C]// The 10th International Conference on Mobile Systems,Applications,and Services. 2012: 281-294.
[31]	KUMAR R , ZHANG X , WANG W ,et al. A multimodal malware detection technique for Android IoT devices using various features[J]. IEEE Access, 2019,7: 64411-64430.
[32]	ALSWAINA F , ELLEITHY K . Android malware permission-based multi-class classification using extremely randomized trees[J]. IEEE Access, 2018,6: 76217-76227.
[33]	LEVANDOWSKY M , WINTER D . Distance between sets[J]. Nature, 1971,234(5323):34.

Metrics

Recommended 0

No Suggested Reading articles found!

代表工作	检测方法	特征	检测类别	粒度	覆盖率	准确率
Grace等^[6]	特征统计	行为	广告库	App	低	低
Ma等^[9]	聚类	分组依赖关系	第三方库	开发分组	低	中
Seo等^[25]	特征统计	关键字	恶意App	开发分组	低	低
Teneboim-Chekina等^[26]	聚类	流量特征	恶意App	数据分组	中	高
李梦玉等^[28]	神经网络	URL日志	恶意App	数据分组	中	高

权重	取值
w₁	0.6
w₂	0.2
w₃	0.2

域名地址	IP地址	通信协议				通信量					平均数据分组大小/B
		HTTP数据分组		HTTPS数据分组		上传量		下载量		上传下载比
		个数	占比	个数	占比	总量/B	占比	总量/B	占比	上传下载比
xdrig.com	52.80.186.222	0	0	1	5.76×10^-6	32	5.73×10^-8	0	0	32	32
amap.com	106.11.186.5	18	1.7×10^-4	12	6.91×10^-5	13 320	2.46×10^-5	14 219	0.002 7	0.94	917.97
google-analytics.com	203.208.40.39	0	0	105	6.05×10^-4	88 434	1.64×10^-4	5 747	0.001 1	15.38	896.96
doubleclick.net	203.208.41.77	0	0	17	9.8×10^-5	6 735	1.25×10^-5	1 251	2.4×10^-4	5.38	469.76
wrating.com	106.11.12.3	0	0	11	6.34×10^-5	9 803	1.81×10^-5	674	1.29×10^-4	14.54	952.45
综合	—	70 182	—	173 475	—	540 411 034	—	5 219 493	—	—	2 239.33

域名地址	注册机构名称	分值
pstatp.com	App所属公司	1.0
ixigua.com	App所属公司	2.0
snssdk.com	App所属公司	5.0
byteimg.com	App所属公司	4.0
bytecdn.cn	App所属公司	12.0
#	#	#
wrating.com	第三方数据科技公司	48.92
doubleclick.net	第三方数据科技公司	50.0
google-analytics.com	第三方数据科技公司	56.23
amap.com	第三方数据科技公司	58.0
xdrig.com	第三方数据科技公司	69.5

阈值	1万/s	10万/s	50万/s	100万/s
0.10	0.005	0.648	7.940	63.268
0.25	0.004	0.645	10.048	80.436
0.50	0.005	0.664	10.806	87.788
0.75	0.004	0.756	11.727	90.650
1.00	0.004	0.672	11.052	89.660

Traffic characteristic based privacy leakage assessment scheme for Android device

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 33

Related Articles 15

Metrics

Recommended 0

[1]	Jiale ZHANG, Chengcheng ZHU, Xiaobing SUN, Bing CHEN. Membership inference attack and defense method in federated learning based on GAN [J]. Journal on Communications, 2023, 44(5): 193-205.
[2]	Changgen PENG, Ting GAO, Huilan LIU, Hongfa DING. PCA-based membership inference attack for machine learning models [J]. Journal on Communications, 2022, 43(1): 149-160.
[3]	Yubo SONG, Qi CHEN, Rui SONG, Aiqun HU. Android application privacy protection mechanism based on virtual machine bytecode injection [J]. Journal on Communications, 2021, 42(6): 171-181.
[4]	Jiawei QIN, Hua ZHANG, Hanbing YAN, Nengqiang HE, Tengfei TU. Research on context-aware Android application vulnerability detection [J]. Journal on Communications, 2021, 42(11): 13-27.
[5]	Chen FANG, Yuanbo GUO, Yifeng WANG, Yongjin HU, Jiali MA, Han ZHANG, Yangyang HU. Edge computing privacy protection method based on blockchain and federated learning [J]. Journal on Communications, 2021, 42(11): 28-40.
[6]	Xinyu WANG,Ben NIU,Fenghua LI,Kun HE. Risk assessing and privacy-preserving scheme for privacy leakage in APP [J]. Journal on Communications, 2019, 40(5): 13-23.
[7]	Weihao LI,Jin CAO,Hui LI. Privacy self-correlation privacy-preserving scheme in LBS [J]. Journal on Communications, 2019, 40(5): 57-66.
[8]	Yuanzhi YAO,Feng WANG,Wenbo YAN,Nenghai YU. Image privacy preservation scheme based on QR code and reversible visible watermarking [J]. Journal on Communications, 2019, 40(11): 65-75.
[9]	Yatao YANG,Xinguang HAN,Jierun HUANG,Yang ZHAO. Bidirectional authentication key agreement protocol supporting identity’s privacy preservation based on RLWE [J]. Journal on Communications, 2019, 40(11): 180-186.
[10]	Hongyu YANG,Zaiming WANG. Android collusion attack detection model [J]. Journal on Communications, 2018, 39(6): 27-36.
[11]	Xiaoying ZHANG,Hui PENG,Hong CHEN. State-of-the-art survey of privacy-preserving data aggregation in wireless sensor networks [J]. Journal on Communications, 2018, 39(10): 130-142.
[12]	Bo CHEN,Yong-tao PAN,Tie-ming CHEN. Android malware detection method based on SimHash [J]. Journal on Communications, 2017, 38(Z2): 30-36.
[13]	Yan LIU,Yong-ping ZHANG,Cheng ZHU,Jun GAO,Qi-ming LIU. Intelligent forecasting and monitoring of air index based on big data and internet of things [J]. Journal on Communications, 2017, 38(Z2): 129-138.
[14]	Chang-li ZHOU,Hui TIAN,Chun-guang MA,Song-tao YANG. Research on LBS privacy preservation based on pseudorandom permutation in road network [J]. Journal on Communications, 2017, 38(6): 19-29.
[15]	Song-jie WEI,Gao-xiang WU,Na LUO,Zhao-wei SHI,Zi-yang ZHOU. DroidBet:event-driven automatic detection of network behaviors for Android applications [J]. Journal on Communications, 2017, 38(5): 84-95.