Study and Ranking of Vulnerabilities in the Indian Mobile Banking Applications Using Static Analysis and Bayes Classification

Abstract

Banking has stepped into the world with high-tech makeover by making the services as digitalized by means of mobile applications. Due to this digitalization, customer satisfaction and ease of use improved, especially in the case of retail banking. At the same time, there is a chance of getting our data compromised due to vulnerabilities in the mobile banking applications. These vulnerabilities exposed to threats may lead to security risk and finally cause damage to our assets. The quest to identify vulnerabilities in the mobile applications is now an emerging research area. Because, in previous days, hackers did damage to our assets for their fame but now, they are trying for espionage action and for getting the financial gain. We analyzed mobile applications of reputed banks in India. The main focus of this work is twofold. First, static code analysis (SCA) tools are used in this work to identify the vulnerabilities. But SCA tools are infeasible because of raising unexploitable vulnerabilities. Second, to partially solve this issue, we used machine learning classification algorithm for calculating the occurrence rate of the vulnerability in the mobile applications. We are alerting the banks by assigning rank to each vulnerability in the application based on the impact caused by that vulnerability by coupling the occurrence rate with severity score calculated by using common vulnerability scoring system (CVSS) score.