Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  百年期刊
Journal of Tsinghua University(Science and Technology)    2018, Vol. 58 Issue (2) : 131-136     DOI: 10.16511/j.cnki.qhdxxb.2018.26.007
COMPUTER SCIENCE AND TECHNOLOGY |
Credit index measurement method for Android application security based on AHP
XU Junfeng1, WANG Jiajie1, ZHU Kelei1, ZHANG Puhan1, MA Yufei2
1. China Information Technology Security Evaluation Center, Beijing 100085, China;
2. School of Software, University of Science and Technology of China, Hefei 230026, China
Download: PDF(1355 KB)  
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks    
Abstract  The openness and popularity of Android systems has resulted in, Android applications facing serious security risks such as malicious injection and re-packaging. The traditional measurement methods of Android software security can generally determine its security level for its security index measurement accuracy, but they cannot provide accurate software credit measurements and security index sorting. This paper assigns a safety coefficient to indicate the scope of security after a reverse analysis of the Android software for the security classification. Then, the analytic hierarchy process (AHP) evaluation model is used for a preliminary safety score of the Android software. Meanwhile, the Android software certification strength and the violation records in the external application market are used to calculate the final AHP security index twice. Tests show that this measurement method can accurately measure the security index of Android software products.
Keywords Android reverse engineering      Android security measurement      analytic hierarchy process     
ZTFLH:  TP319.4  
Issue Date: 15 February 2018
Service
E-mail this article
E-mail Alert
RSS
Articles by authors
XU Junfeng
WANG Jiajie
ZHU Kelei
ZHANG Puhan
MA Yufei
Cite this article:   
XU Junfeng,WANG Jiajie,ZHU Kelei, et al. Credit index measurement method for Android application security based on AHP[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(2): 131-136.
URL:  
http://jst.tsinghuajournals.com/EN/10.16511/j.cnki.qhdxxb.2018.26.007     OR     http://jst.tsinghuajournals.com/EN/Y2018/V58/I2/131
  
  
  
  
  
  
  
  
[1] 徐君锋, 吴世忠, 张利. Android软件安全攻防对抗技术及发展[J]. 北京理工大学学报, 2017, 37(2):163-167. XU J F, WU S Z, ZHANG L. Survey on attack and defense technologies of Android software security[J]. Transactions of Beijing Institute of Technology, 2017, 37(2):163-167. (in Chinese)
[2] 卿斯汉. Android安全研究进展[J]. 软件学报, 2016, 27(1):45-71. QING S H. Research progress on Android security[J]. Journal of Software, 2016, 27(1):45-71. (in Chinese)
[3] BAGHERI H, SADEGHI A, GARCIA J, et al. COVERT:Compositional analysis of Android inter-App permission leakage[J]. IEEE Transactions on Software Engineering, 2015, 41(9):866-886.
[4] WANG W, WANG X, FENG D W, et al. Exploring permission-induced risk in Android applications for malicious application detection[J]. IEEE Transactions on Information Forensics and Security, 2014, 9(11):1869-1882.
[5] CEN L, GATES C S, SI L, et al. A probabilistic discriminative model for Android malware detection with decompiled source code[J]. IEEE Transactions on Dependable and Secure Computing, 2015, 12(4):400-412.
[6] YANG Z M, YANG M. LeakMiner:Detect information leakage on Android with static taint analysis[C]//Proceedings of the Third World Congress on Software Engineering. Wuhan, China:IEEE, 2012:101-104.
[7] JING Y M, AHN G J, ZHAO Z M, et al. Towards automated risk assessment and mitigation of mobile applications[J]. IEEE Transactions on Dependable and Secure Computing, 2015, 12(5):571-584.
[8] YERIMA S Y, SEZER S, MUTTIK I. High accuracy Android malware detection using ensemble learning[J]. IET Information Security, 2015, 9(6):313-320.
[9] ZHENG M, SUN M S, LUI J C S. DroidTrace:A ptrace based Android dynamic analysis system with forward ution capability[C]//Proceedings of 2014 International Wireless Communications and Mobile Computing Conference. Nicosia, Cyprus:IEEE, 2014:128-133.
[10] BARTEL A, KLEIN J, MONPERRUS M, et al. Static analysis for extracting permission checks of a large scale framework:The challenges and solutions for Analyzing android[J]. IEEE Transactions on Software Engineering, 2014, 40(6):617-632.
[11] GUTJAHR W J. Software dependability evaluation based on Markov usage models[J]. Performance Evaluation, 2000, 40(4):199-222.
[12] SHI E, PERRIG A, VAN DOORN L. BIND:A fine-grained attestation service for secure distributed systems[C]//Proceedings of 2005 IEEE Symposium on Security and Privacy. Oakland, USA:IEEE, 2005:154-168.
[13] 乐洪舟, 张玉清, 王文杰, 等. Android动态加载与反射机制的静态污点分析研究[J]. 计算机研究与发展, 2017, 54(2):313-327. LE H Z, ZHANG Y Q, WANG W J, et al. Android static taint analysis of dynamic loading and reflection mechanism[J]. Journal of Computer Research and Development, 2017, 54(2):313-327. (in Chinese)
[14] FERNANDES E, CRISPO B, CONTI M. FM 99.9, radio virus:Exploiting FM radio broadcasts for malware deployment[J]. IEEE Transactions on Information Forensics and Security, 2013, 8(6):1027-1037.
[15] 宁卓, 胡婷, 孙知信. 基于动态分析的Android应用程序安全研究[J]. 计算机科学, 2016, 43(S2):324-328. NING Z, HU T, SUN Z X. Security survey on Android application based on dynamic analysis[J]. Computer Science, 2016, 43(S2):324-328. (in Chinese)
[16] JARABEK C, BARRERA D, AYCOCK J. ThinAV:Truly lightweight mobile cloud-based anti-malware[C]//Proceedings of the 28th Annual Computer Security Applications Conference. Orlando, USA:ACM 2012:209-218.
[17] 李舟军, 吴春明, 王啸. 基于沙盒的Android应用风险行为分析与评估[J]. 清华大学学报(自然科学版), 2016, 56(5):453-460. LI Z J, WU C M, WANG X. Assessment of Android application's risk behavior based on a sandbox system[J]. Journal of Tsinghua University (Science and Technology), 2016, 56(5):453-460. (in Chinese)
[1] LIU Kang, LIU Zhaowei, CHEN Yongcan, MA Fangping, WANG Haoran, HUANG Huibao, XIE Hui. Dynamic Bayesian network model for the safety risk evaluation of a diversion tunnel structure[J]. Journal of Tsinghua University(Science and Technology), 2023, 63(7): 1041-1049.
[2] DU Yuji, FU Ming, DUANMU Weike, HOU Longfei, LI Jing. Risk assessment method of gas pipeline networks based on fuzzy analytic hierarchy process and improved coefficient of variation[J]. Journal of Tsinghua University(Science and Technology), 2023, 63(6): 941-950.
[3] WEI Yixin, HAN Yilei, LU Diannan, QIU Tong. Theoretical feasibility based biosynthetic pathway evaluation method[J]. Journal of Tsinghua University(Science and Technology), 2023, 63(5): 697-703.
[4] CHEN Daoxiang, LIN Peng, DING Peng, LI Guo, CHEN Tao, YU Zhuojing. Vibro-stone column filling schemes based on Group AHP[J]. Journal of Tsinghua University(Science and Technology), 2022, 62(12): 1915-1921.
[5] JIANG Guangyu, WANG Zhongjing, SUO Ying. Hierarchical analysis and fuzzy evaluation of comprehensive performance of typical water-saving irrigation techniques in Northwest China[J]. Journal of Tsinghua University(Science and Technology), 2019, 59(12): 981-989.
[6] CHEN Tao, CHEN Zhichao. Comprehensive disaster-bearing capacity assessment of the urban area using grid cells based on an evidential reasoning method[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(6): 570-575.
[7] LU Zhaolin, LI Shengbo, Schroeder Felix, ZHOU Jichen, CHENG Bo. Driving comfort evaluation of passenger vehicles with natural language processing and improved AHP[J]. Journal of Tsinghua University(Science and Technology), 2016, 56(2): 137-143.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
Copyright © Journal of Tsinghua University(Science and Technology), All Rights Reserved.
Powered by Beijing Magtech Co. Ltd