The document discusses a method for classifying Android applications as malicious or clean using Maximum Severity Rating (MSR) classification. MSR calculates the permissions requested by an application and compares it to averages for malicious and clean applications to determine if it is above or below the averages. The method also enhances the permission agreement screen with improved visualization to help users make more informed decisions about granting permissions. The goal is to help non-technical users verify applications properly and reject actually malicious ones based on their permission requests.
2. Introduction
Maximum Severity Rating (MSR)
Classification
EnhancedVisualization of Permission set
Experimental results
Limitation
Conclusion
Q & A
3. Android is widely spreading among Smartphone users, its security
threats are also increasing immensely
In permission model based OS, malicious applications can only
execute malfunctions with previously granted permissions
Attackers require more permissions than what the normal
applications need.
Example> accessing call log, sending SMS and reading contact
information
Our method focuses especially on the procedure of permission
agreement, and concentrate to help the users verifying an
application properly with rejection of a malicious application.
4.
5. Maximum Severity Rating (MSR) classification
attempts to find malicious applications by examining
requested permissions.
MSR classification calculates the permissions set of an
application to inform whether it is malicious or not to
the user
Our method assists the users who do not have
sufficient knowledge about a permission-based
security model.
The final decision to install an application is to be made by
a user
6. 25
25
1
i
i
xMR
xMRrMR
Avg , rMR is sample difference ratio
25
25
1
i
i
xNR
xNRrNR
Avg , rNR is sample difference ratio
25
25
1
i
i
xMR
xMRrMR
Avg , rMR is sample difference ratio
25
25
1
i
i
xNR
xNRrNR
Avg , rNR is sample difference ratio
7. 25
25
1
i
i
xMR
xMRrMR
Avg , rMR is sample difference ratio
25
25
1
i
i
xNR
xNRrNR
Avg , rNR is sample difference ratio
25
25
1
i
i
xMR
xMRrMR
Avg , rMR is sample difference ratio
25
25
1
i
i
xNR
xNRrNR
Avg , rNR is sample difference ratio
8. 25
25
1
i
i
xMR
xMRrMR
Avg , rMR is sample difference ratio
25
25
1
i
i
xNR
xNRrNR
Avg , rNR is sample difference ratio
25
25
1
i
i
xMR
xMRrMR
Avg , rMR is sample difference ratio
25
25
1
i
i
xNR
xNRrNR
Avg , rNR is sample difference ratio
9. An application is indicated as a malicious
application if average value of normal
application is less than malicious application
Otherwise, it is recognized as a clean
application
10. Enhanced visualization based on improved
user interface can lead the users more
cognitive to the risks
A user interface of permission agreement
screen which is redesigned for enhancement
of the ratio to make the right decision
12. Need more samples to conduct more
accurate experimental result.
We used 2 clean / 1 malicious sample apps
How to collect malicious app samples?
13. Maximum Severity Rating(MSR) classification
to indicate a comprehensive assessment of
an application
Enhanced visualization with redesign of a
permission-grant screen to assist an
improvement of right decisions from the
users