迈向应用程序勾结的威胁评估框架。

Towards a threat assessment framework for apps collusion.

作者信息

Kalutarage Harsha Kumara, Nguyen Hoang Nga, Shaikh Siraj Ahmed

机构信息

1The Centre for Secure Information Technologies, Queen's University of Belfast, Belfast, UK.

2Centre for Mobility and Transport Research, Coventry University, Coventry, CV1 5FB UK.

出版信息

Telecommun Syst. 2017;66(3):417-430. doi: 10.1007/s11235-017-0296-1. Epub 2017 Mar 7.

DOI:10.1007/s11235-017-0296-1

PMID:32009772

原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC6961490/

Abstract

App collusion refers to two or more apps working together to achieve a malicious goal that they otherwise would not be able to achieve individually. The permissions based security model of Android does not address this threat as it is rather limited to mitigating risks of individual apps. This paper presents a technique for quantifying the collusion threat, essentially the first step towards assessing the collusion risk. The proposed method is useful in finding the collusion candidate of interest which is critical given the high volume of Android apps available. We present our empirical analysis using a classified corpus of over 29,000 Android apps provided by Intel Security.

摘要

应用程序勾结是指两个或多个应用程序协同工作以实现恶意目标，而这些目标是它们单独无法实现的。安卓基于权限的安全模型无法应对这种威胁，因为它在很大程度上仅限于降低单个应用程序的风险。本文提出了一种量化勾结威胁的技术，这实际上是评估勾结风险的第一步。鉴于可用安卓应用程序数量众多，所提出的方法有助于找到感兴趣的勾结候选对象，这一点至关重要。我们使用英特尔安全提供的超过29000个安卓应用程序的分类语料库进行了实证分析。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7a04/6961490/8624a7e9041c/11235_2017_296_Fig1_HTML.jpg

相似文献

Towards a threat assessment framework for apps collusion.迈向应用程序勾结的威胁评估框架。

Telecommun Syst. 2017;66(3):417-430. doi: 10.1007/s11235-017-0296-1. Epub 2017 Mar 7.

A detection method for android application security based on TF-IDF and machine learning.基于 TF-IDF 和机器学习的安卓应用安全检测方法。

PLoS One. 2020 Sep 11;15(9):e0238694. doi: 10.1371/journal.pone.0238694. eCollection 2020.

MADFU: An Improved Malicious Application Detection Method Based on Features Uncertainty.MADFU：一种基于特征不确定性的改进型恶意应用检测方法。

Entropy (Basel). 2020 Jul 20;22(7):792. doi: 10.3390/e22070792.

Protecting contacts against privacy leaks in smartphones.保护智能手机中的联系人隐私不泄露。

PLoS One. 2018 Jul 11;13(7):e0191502. doi: 10.1371/journal.pone.0191502. eCollection 2018.

Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android.探索移动健康的另一面：iOS 和 Android 上移动健康应用的信息安全和隐私。

JMIR Mhealth Uhealth. 2015 Jan 19;3(1):e8. doi: 10.2196/mhealth.3672.

FSDroid:- A feature selection technique to detect malware from Android using Machine Learning Techniques: FSDroid.FSDroid：一种使用机器学习技术从安卓系统中检测恶意软件的特征选择技术：FSDroid。

Multimed Tools Appl. 2021;80(9):13271-13323. doi: 10.1007/s11042-020-10367-w. Epub 2021 Jan 14.

Risk Assessment for Mobile Systems Through a Multilayered Hierarchical Bayesian Network.通过多层分层贝叶斯网络评估移动系统的风险。

IEEE Trans Cybern. 2016 Aug;46(8):1749-59. doi: 10.1109/TCYB.2016.2537649. Epub 2016 Apr 4.

Can You Hear Me Now? Audio and Visual Interactions That Change App Choices.你现在能听到我说话吗？改变应用选择的音频和视觉交互。

Front Psychol. 2020 Oct 15;11:2227. doi: 10.3389/fpsyg.2020.02227. eCollection 2020.

An Android Communication App Forensic Taxonomy.一款安卓通信应用取证分类法。

J Forensic Sci. 2016 Sep;61(5):1337-50. doi: 10.1111/1556-4029.13164. Epub 2016 Jul 22.

Security Recommendations for mHealth Apps: Elaboration of a Developer's Guide.移动医疗应用安全建议：开发者指南详述。

J Med Syst. 2016 Jun;40(6):152. doi: 10.1007/s10916-016-0513-6. Epub 2016 May 4.

引用本文的文献

An accurate approach to discriminate android colluded malware from single app malware using permissions intelligence.一种利用权限智能来区分安卓协同恶意软件和单个应用恶意软件的准确方法。

Sci Rep. 2025 Mar 28;15(1):10680. doi: 10.1038/s41598-025-86568-w.

文献AI研究员

20分钟写一篇综述，助力文献阅读效率提升50倍。

立即体验

用中文搜PubMed

大模型驱动的PubMed中文搜索引擎

马上搜索

文档翻译

学术文献翻译模型，支持多种主流文档格式。

立即体验

迈向应用程序勾结的威胁评估框架。

Towards a threat assessment framework for apps collusion.

作者信息

机构信息

出版信息

相似文献

引用本文的文献

文献AI研究员

用中文搜PubMed

文档翻译

Suppr 超能文献

相似文献

引用本文的文献