Abstract
Mobile systems are facing a number of application vulnerabilities that can be combined together and utilized to penetrate systems with devastating impact. When assessing the overall security of a mobile system, it is important to assess the security risks posed by each mobile applications (apps), thus gaining a stronger understanding of any vulnerabilities present. This paper aims at developing a three-layer framework that assesses the potential risks which apps introduce within the Android mobile systems. A Bayesian risk graphical model is proposed to evaluate risk propagation in a layered risk architecture. By integrating static analysis, dynamic analysis, and behavior analysis in a hierarchical framework, the risks and their propagation through each layer are well modeled by the Bayesian risk graph, which can quantitatively analyze risks faced to both apps and mobile systems. The proposed hierarchical Bayesian risk graph model offers a novel way to investigate the security risks in mobile environment and enables users and administrators to evaluate the potential risks. This strategy allows to strengthen both app security as well as the security of the entire system.
Highlights
The Android-based platform has reached the top of the smartphone market, and claimed nearly 79% of smartphone share in 2013 [1], [2]
The overall malware detection rate from among 1, 260 samples can be as low as 15.32% even with Google‘s new application verification service [2], and the overall detection rate utilising its anti-virus tools give an overall detection rates of 20.41% [3], which is significantly lower than the third part anti-virus apps that range from 51.02% 100% [1]–[4]
This paper aims to develop a risk analysis framework to systematically assess the potential risks present in a mobile system
Summary
The Android-based platform has reached the top of the smartphone market, and claimed nearly 79% of smartphone share in 2013 [1], [2]. The hierarchical Bayesian risk graph (HBRG) features: (1) A different approach than most existing static analysis, this model integrates the potential risks analysis over: static risk layer, dynamic risk layer, and behavioral risk layer; (2) It can help users to find the dominating risk causes; (3) It is able to determine out-system cause and effects (e.g. for two different mobile systems A and B, it can analyse the probability that B will fail if A fails); and (4) Provide risks scores, so that when evaluating the potential risks in a mobile system, the model will grade each application with an app-related risk-score as well as a score for the whole mobile system
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
