A novel hybrid method to analyze security vulnerabilities in Android applications

Tang, Junwei; Li, Ruixuan; Wang, Kaipeng; Gu, Xiwu; Xu, Zhiyong

doi:10.26599/tst.2019.9010067

Cited by 33 publications

(21 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In this step, we use Ex (A, pi, feeA,i) to represent the expense of club CA incurred by the transfer fee feeA,i of player pi (i = 1, 2, …, n). Thus, for club CA, all its transfer fee expense forms a transfer expense vector (denoted by TEVA) shown in (7). Similar to TIVA in (1), TEVA is also an n-dimensional vector.…”

Section: Solution: Tptelsh+bmentioning

confidence: 99%

“…Generally, legal player transfer events are helpful and beneficial for the whole sport industry including football field. However, in certain situations, the multiple clubs involved in a player transfer event are apt to hide their inner transfer transaction details, as to gain more social or economic profits [6][7][8][9]. For example, some football clubs have taken part in the illegal laundering money crime activities through modifying the transfer fees of a player in player transfer events.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Trusted Player Transfer Evaluation for Sport Markets Based on Blockchain and Locality-Sensitive Hashing

Liu

et al. 2021

IEEE Access

View full text Add to dashboard Cite

With the wide popularity of various sport items and the continuous prosperity of sport business, player transfer events are becoming more and more frequent, which gives birth to a big player transfer market with attractive attentions of spectators. However, for the purposes of business competition or concerns of privacy disclosure, the multiple parties involved in an identical player transfer event are often reluctant to release the concrete transfer fees of a player as the transfer fee is always sensitive enough for the player himself or herself as well as the involved multiple sport clubs. The hidden player transfer fees block the fair and transparent sport business trades and cheat prospective spectators to some extent, which decreases the spectator trust towards player market value and finally, lowers the spectators' satisfaction towards sport business. In this situation, it is becoming a necessity to develop a trusted player transfer evaluation method supported by all the parties involved in player transfer events. Inspired by this challenging task, a trusted player transfer evaluation method with privacy protection is put forward in this paper, which is mainly based on Locality-Sensitive Hashing (LSH) and Blockchain technologies and named TPTELSH+B. At last, a series of simulated experiments are deployed to validate the feasibility of our proposed TPTELSH+B algorithm. Experimental results report that TPTELSH+B has a good evaluation performance with competitive approaches.

show abstract

Section: Solution: Tptelsh+bmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Trusted Player Transfer Evaluation for Sport Markets Based on Blockchain and Locality-Sensitive Hashing

Liu

et al. 2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Recently, the fairness of delegating computation is one of the hot topics in current research, and the existing researches utilize a trusted third-party (e.g., bank [11], semi-trusted third-party [12,13], trusted third-party [14,15]) to overcome these issues. However, in the protocol process, with a third-party, the potential security problems will inevitably occur [16,17], e.g., unreasonable Nash equilibrium, privacy leakage, and low efficiency. To eliminate the drawbacks, many researchers adopt smart contracts to realize the Peer-to-Peer (P2P) transaction between the clients and the computing parties [18].…”

Section: Introductionmentioning

confidence: 99%

A rational delegating computation protocol based on reputation and smart contract

Chen

Wang

et al. 2021

J Cloud Comp

View full text Add to dashboard Cite

The delegating computation has become an irreversible trend, together comes the pressing need for fairness and efficiency issues. To solve this problem, we leverage game theory to propose a smart contract-based solution. First, according to the behavioral preferences of the participants, we design an incentive contract to describe the motivation of the participants. Next, to satisfy the fairness of the rational delegating computation, we propose a rational delegating computation protocol based on reputation and smart contract. More specifically, rational participants are to gain the maximum utility and reach the Nash equilibrium in the protocol. Besides, we design a reputation mechanism with a reputation certificate, which measures the reputation from multiple dimensions. The reputation is used to assure the client’s trust in the computing party to improve the efficiency of the protocol. Then, we conduct a comprehensive experiment to evaluate the proposed protocol. The simulation and analysis results show that the proposed protocol solves the complex traditional verification problem. We also conduct a feasibility study that involves implementing the contracts in Solidity and running them on the official Ethereum network. Meanwhile, we prove the fairness and correctness of the protocol.

show abstract

“…The last aspect is a major challenge since it preserves confidentiality, integrity and availability of user data. On Android, most of the approaches use static analysis relying on static features related to applications [7][8][9][10][11], dynamic analysis relying on features observed during their execution [12][13][14] and hybrid analysis combining the both [15][16][17]. Despite Google Play Protect provided by Google, to filter threats, there are still malicious applications carefully designed by bad people to have an impact on the security and privacy of users [8,18].…”

Section: Introductionmentioning

confidence: 99%

CIAA-RepDroid: A Fine-Grained and Probabilistic Reputation Scheme for Android Apps Based on Sentiment Analysis of Reviews

et al. 2020

View full text Add to dashboard Cite

To keep its business reliable, Google is concerned to ensure the quality of apps on the store. One crucial aspect concerning quality is security. Security is achieved through Google Play protect and anti-malware solutions. However, they are not totally efficient since they rely on application features and application execution threads. Google provides additional elements to enable consumers to collectively evaluate applications providing their experiences via reviews or showing their satisfaction through rating. The latter is more informal and hides details of rating whereas the former is textually expressive but requires further processing to understand opinions behind it. Literature lacks approaches which mine reviews through sentiment analysis to extract useful information to improve the security aspects of provided applications. This work goes in this direction and in a fine-grained way, investigates in terms of confidentiality, integrity, availability, and authentication (CIAA). While assuming that reviews are reliable and not fake, the proposed approach determines review polarities based on CIAA-related keywords. We rely on the popular classifier Naive Bayes to classify reviews into positive, negative, and neutral sentiment. We then provide an aggregation model to fusion different polarities to obtain application global and CIAA reputations. Quantitative experiments have been conducted on 13 applications including e-banking, live messaging and anti-malware apps with a total of 1050 security-related reviews and 7,835,322 functionality-related reviews. Results show that 23% of applications (03 apps) have a reputation greater than 0.5 with an accent on integrity, authentication, and availability, while the remaining 77% has a polarity under 0.5. Developers should make a lot of effort in security while developing codes and that more efforts should be made to improve confidentiality reputation. Results also show that applications with good functionality-related reputation generally offer a bad security-related reputation. This situation means that even if the number of security reviews is low, it does not mean that the security aspect is not a consumer preoccupation. Unlike, developers put much more time to test whether applications work without errors even if they include possible security vulnerabilities. A quantitative comparison against well-known rating systems reveals the effectiveness and robustness of CIAA-RepDroid to repute apps in terms of security. CIAA-RepDroid can be associated with existing rating solutions to recommend developers exact CIAA aspects to improve within source codes.

show abstract

A novel hybrid method to analyze security vulnerabilities in Android applications

Cited by 33 publications

References 14 publications

Trusted Player Transfer Evaluation for Sport Markets Based on Blockchain and Locality-Sensitive Hashing

Trusted Player Transfer Evaluation for Sport Markets Based on Blockchain and Locality-Sensitive Hashing

A rational delegating computation protocol based on reputation and smart contract

CIAA-RepDroid: A Fine-Grained and Probabilistic Reputation Scheme for Android Apps Based on Sentiment Analysis of Reviews

Contact Info

Product

Resources

About