Reputation Based Security Model for Android Applications

Tesfay, Welderufael B.; Booth, Todd; Andersson, Karl

doi:10.1109/trustcom.2012.236

Cited by 16 publications

(11 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Based on comment analysis, this work derives probabilistic model to assess reputation of any application and therefore estimates whether it is honest or dishonest seen as malicious or benign in terms of security aspects. Tesfay et al [8] put in place a private cloud to control user installations of Android applications and to keep track of feedbacks from users. They evaluate reputation of applications based on feedbacks, vendor's reputation and number of users who run the same application.…”

Section: Related Workmentioning

confidence: 99%

“…As for any social ecosystem, an application (seen as an agent) should be associated with a reputation score to predict bad behaviors [7]. Tesfay et al [8] evaluate security-related reputation based on user feedbacks, number of users who installed the studied application and the reputation of vendors. This proposal is subjective, does not exploit sentiment analysis on feedbacks and is subject to false reputation in case there are few feedbacks.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Security-Related Reputation Scheme of Android Apps Based on NLP Analysis of Comments

Tchakounté¹,

Pagore²,

Atemkeng³

et al. 2020

Preprint

View full text Add to dashboard Cite

Comments are exploited by product vendors to measure satisfaction of consumers. With the advent of Natural Language Processing (NLP), comments on Google Play can be processed to extract knowledge on applications such as their reputation. Proposals in that direction are either informal or interested merely on functionality. Unlike, this work aims to determine reputation of Android applications in terms of confidentiality, integrity, availability and authentication (CIAA). This work proposes a model of assessing app reputation relying on sentiment analysis and text analysis of comments. While assuming that comments are reliable, we collect Google Play applications subject to comments which include security keywords. An in-depth analysis of keywords based on Naive Bayes classification is made to provide polarity of any comment. Based on comment polarity, reputation is evaluated for the whole application. Experiments made on real applications including dozens to billions of comments, reveal that developers lack to make efforts to guarantee CIAA services. A fine-grained analysis shows that not security reputed applications can be reputed in specific CIAA services. Results also show that applications with negative security polarities display in general positive functional polarities. This result suggests that security checking should include careful comment analysis to improve security of applications.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A Security-Related Reputation Scheme of Android Apps Based on NLP Analysis of Comments

Tchakounté¹,

Pagore²,

Atemkeng³

et al. 2020

Preprint

View full text Add to dashboard Cite

show abstract

“…Within data, there are around 45K different developer names and 40K certificate issuer names. Following [28], we have created two new features called developerRep and issuerRep which account for the percentage of applications that each developer and certificate issuer have tagged as malware. The reader must note that Google Play allows self-signed applications, i.e.…”

Section: Entity-related Features: Developers and Certificate Issuersmentioning

confidence: 99%

Android Malware Characterization Using Metadata and Machine Learning Techniques

Martín

Hernández

Muñoz

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Android malware has emerged as a consequence of the increasing popularity of smartphones and tablets. While most previous work focuses on inherent characteristics of Android apps to detect malware, this study analyses indirect features and metadata to identify patterns in malware applications. Our experiments show the following: (1) the permissions used by an application offer only moderate performance results; (2) other features publicly available at Android markets are more relevant in detecting malware, such as the application developer and certificate issuer; and (3) compact and efficient classifiers can be constructed for the early detection of malware applications prior to code inspection or sandboxing.

show abstract

“…In [13], we (Tesfay, Andersson and Booth) described a cloud and reputation based security model for Android phones. Comment: Our new solution can implement that cloud and reputation based security model, in our proposed Password Management Service.…”

Section: Related Workmentioning

confidence: 99%

Stronger authentication for password credential Internet Services

Booth

Andersson

2017

2017 Third International Conference on Mobile and Secure Services (MobiSecServ)

Self Cite

View full text Add to dashboard Cite

Abstract-Most Web and other on-line service providers ("Internet Services") only support legacy ID (or email) and password (ID/PW) credential authentication. However, there are numerous vulnerabilities concerning ID/PW credentials. Scholars and the industry have proposed several improved security solutions, such as MFA, however most of the Internet Services have refused to adopt these solutions. Mobile phones are much more sensitive to these vulnerabilities (so this paper focuses on mobile phones). Many users take advantage of password managers, to keep track of all their Internet Service profiles. However, the Internet Service profiles found in password managers, are normally kept on the PC or mobile phone's disk, in an encrypted form. Our first contribution is a design guideline, whereby the Internet Service profiles never need to touch the client's disk. Most users would benefit, if they had the ability to use MFA, to login to a legacy Internet Service, which only supports ID/PW credential authentication. Our second contribution is a design guideline, whereby users can choose, for each legacy ID/PW Internet Service, which specific MFA they wish to use. We have also presenting conceptual design guidelines, showing that both of our contributions are minor changes to existing password managers, which can be implemented easily with low overhead.

show abstract

Reputation Based Security Model for Android Applications

Cited by 16 publications

References 12 publications

A Security-Related Reputation Scheme of Android Apps Based on NLP Analysis of Comments

A Security-Related Reputation Scheme of Android Apps Based on NLP Analysis of Comments

Android Malware Characterization Using Metadata and Machine Learning Techniques

Stronger authentication for password credential Internet Services

Contact Info

Product

Resources

About