SAMLDroid: A Static Taint Analysis and Machine Learning Combined High-Accuracy Method for Identifying Android Apps with Location Privacy Leakage Risks

SAMLDroid: A Static Taint Analysis and Machine Learning Combined High-Accuracy Method for Identifying Android Apps with Location Privacy Leakage Risks

Insecure applications (apps) are increasingly used to steal users’ location information for illegal purposes, which has aroused great concern in recent years. Although the existing methods, i.e., static and dynamic taint analysis, have shown great merit for identifying such apps, which mainly rely o...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Guangwu Hu, Bin Zhang, Xi Xiao, Weizhe Zhang, Long Liao, Ying Zhou, Xia Yan
Formato: article
Lenguaje:EN
Publicado: MDPI AG 2021
Materias:
android
machine learning
static taint analysis
dynamic taint analysis
location privacy protection
Science
Q
Astrophysics
QB460-466
Physics
QC1-999
Acceso en línea:https://doaj.org/article/a59ad402148c4998bb7a63e93287ea21
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:a59ad402148c4998bb7a63e93287ea21
record_format dspace
spelling oai:doaj.org-article:a59ad402148c4998bb7a63e93287ea212021-11-25T17:30:05ZSAMLDroid: A Static Taint Analysis and Machine Learning Combined High-Accuracy Method for Identifying Android Apps with Location Privacy Leakage Risks10.3390/e231114891099-4300https://doaj.org/article/a59ad402148c4998bb7a63e93287ea212021-11-01T00:00:00Zhttps://www.mdpi.com/1099-4300/23/11/1489https://doaj.org/toc/1099-4300Insecure applications (apps) are increasingly used to steal users’ location information for illegal purposes, which has aroused great concern in recent years. Although the existing methods, i.e., static and dynamic taint analysis, have shown great merit for identifying such apps, which mainly rely on statically analyzing source code or dynamically monitoring the location data flow, identification accuracy is still under research, since the analysis results contain a certain false positive or true negative rate. In order to improve the accuracy and reduce the misjudging rate in the process of vetting suspicious apps, this paper proposes SAMLDroid, a combined method of static code analysis and machine learning for identifying Android apps with location privacy leakage, which can effectively improve the identification rate compared with existing methods. SAMLDroid first uses static analysis to scrutinize source code to investigate apps with location acquiring intentions. Then it exploits a well-trained classifier and integrates an app’s multiple features to dynamically analyze the pattern and deliver the final verdict about the app’s property. Finally, it is proved by conducting experiments, that the accuracy rate of SAMLDroid is up to 98.4%, which is nearly 20% higher than Apparecium.Guangwu HuBin ZhangXi XiaoWeizhe ZhangLong LiaoYing ZhouXia YanMDPI AGarticleandroidmachine learningstatic taint analysisdynamic taint analysislocation privacy protectionScienceQAstrophysicsQB460-466PhysicsQC1-999ENEntropy, Vol 23, Iss 1489, p 1489 (2021)
institution DOAJ
collection DOAJ
language EN
topic android
machine learning
static taint analysis
dynamic taint analysis
location privacy protection
Science
Q
Astrophysics
QB460-466
Physics
QC1-999
spellingShingle android
machine learning
static taint analysis
dynamic taint analysis
location privacy protection
Science
Q
Astrophysics
QB460-466
Physics
QC1-999
Guangwu Hu
Bin Zhang
Xi Xiao
Weizhe Zhang
Long Liao
Ying Zhou
Xia Yan
SAMLDroid: A Static Taint Analysis and Machine Learning Combined High-Accuracy Method for Identifying Android Apps with Location Privacy Leakage Risks
description Insecure applications (apps) are increasingly used to steal users’ location information for illegal purposes, which has aroused great concern in recent years. Although the existing methods, i.e., static and dynamic taint analysis, have shown great merit for identifying such apps, which mainly rely on statically analyzing source code or dynamically monitoring the location data flow, identification accuracy is still under research, since the analysis results contain a certain false positive or true negative rate. In order to improve the accuracy and reduce the misjudging rate in the process of vetting suspicious apps, this paper proposes SAMLDroid, a combined method of static code analysis and machine learning for identifying Android apps with location privacy leakage, which can effectively improve the identification rate compared with existing methods. SAMLDroid first uses static analysis to scrutinize source code to investigate apps with location acquiring intentions. Then it exploits a well-trained classifier and integrates an app’s multiple features to dynamically analyze the pattern and deliver the final verdict about the app’s property. Finally, it is proved by conducting experiments, that the accuracy rate of SAMLDroid is up to 98.4%, which is nearly 20% higher than Apparecium.
format article
author Guangwu Hu
Bin Zhang
Xi Xiao
Weizhe Zhang
Long Liao
Ying Zhou
Xia Yan
author_facet Guangwu Hu
Bin Zhang
Xi Xiao
Weizhe Zhang
Long Liao
Ying Zhou
Xia Yan
author_sort Guangwu Hu
title SAMLDroid: A Static Taint Analysis and Machine Learning Combined High-Accuracy Method for Identifying Android Apps with Location Privacy Leakage Risks
title_short SAMLDroid: A Static Taint Analysis and Machine Learning Combined High-Accuracy Method for Identifying Android Apps with Location Privacy Leakage Risks
title_full SAMLDroid: A Static Taint Analysis and Machine Learning Combined High-Accuracy Method for Identifying Android Apps with Location Privacy Leakage Risks
title_fullStr SAMLDroid: A Static Taint Analysis and Machine Learning Combined High-Accuracy Method for Identifying Android Apps with Location Privacy Leakage Risks
title_full_unstemmed SAMLDroid: A Static Taint Analysis and Machine Learning Combined High-Accuracy Method for Identifying Android Apps with Location Privacy Leakage Risks
title_sort samldroid: a static taint analysis and machine learning combined high-accuracy method for identifying android apps with location privacy leakage risks
publisher MDPI AG
publishDate 2021
url https://doaj.org/article/a59ad402148c4998bb7a63e93287ea21
work_keys_str_mv AT guangwuhu samldroidastatictaintanalysisandmachinelearningcombinedhighaccuracymethodforidentifyingandroidappswithlocationprivacyleakagerisks
AT binzhang samldroidastatictaintanalysisandmachinelearningcombinedhighaccuracymethodforidentifyingandroidappswithlocationprivacyleakagerisks
AT xixiao samldroidastatictaintanalysisandmachinelearningcombinedhighaccuracymethodforidentifyingandroidappswithlocationprivacyleakagerisks
AT weizhezhang samldroidastatictaintanalysisandmachinelearningcombinedhighaccuracymethodforidentifyingandroidappswithlocationprivacyleakagerisks
AT longliao samldroidastatictaintanalysisandmachinelearningcombinedhighaccuracymethodforidentifyingandroidappswithlocationprivacyleakagerisks
AT yingzhou samldroidastatictaintanalysisandmachinelearningcombinedhighaccuracymethodforidentifyingandroidappswithlocationprivacyleakagerisks
AT xiayan samldroidastatictaintanalysisandmachinelearningcombinedhighaccuracymethodforidentifyingandroidappswithlocationprivacyleakagerisks
_version_ 1718412303602286592

Ejemplares similares