Clustering and Visualization of Mobile Application Permissions for End Users and Malware Analysts


Canbek G., BAYKAL N., SAĞIROĞLU Ş.

5th International Symposium on Digital Forensic and Security (ISDFS), Tirgu Mures, Romanya, 26 - 28 Nisan 2017 identifier

  • Yayın Türü: Bildiri / Tam Metin Bildiri
  • Basıldığı Şehir: Tirgu Mures
  • Basıldığı Ülke: Romanya
  • Orta Doğu Teknik Üniversitesi Adresli: Evet

Özet

Application permissions at the core of Android security mechanism are the first leading transparent feature for users to assess any mobile application before download or installation and for experts to analyse any malware. Representing vast, dispersed permissions and achieving clarity is not a trivial matter. In this study, we first examined Android permissions, their groups and formal representations with the limitations. We also surveyed limited studies on clustering/visualization of permissions. We grouped 251 Android permissions into 12 clusters semantically and mimed a new visualization approach that looks more conventional to both end users and experts and helps comprehending permissions easily and quickly. We applied the proposed clustering and visualization on calculated discriminative malign permissions concept for malware analysis and demonstrated potential effectiveness of the approach. Our approach improves expressing and understanding of large number of mobile application permissions in a better context, provides more understanding and insight, and helps interpreting or inferring interesting patterns related to permissions for malware classification.