Attention: There Is An Inconsistency Between Android Permissions And Application Metadata!

Attention: There Is An Inconsistency Between Android Permissions And Application Metadata!.

Contents. Introduction Related Work Dataset A Primer On Deep Learning Model Experiments Conclusion And Future Work References.

Since mobile applications make our lives easier, there is many mobile applications customized for our needs in the application markets. While the application markets provide us a platform for downloading applications, it is also used by malware developers in order to distribute their malicious applications. From the privacy and security point of view, if the functionality of applications is given in sufficient detail in their descriptions, then the requirement of requested permissions could be well-understood. In this study, we propose two novel models that address the inconsistencies between the application descriptions and the requested permissions. The proposed models are based on the current state-of-art neural architectures called attention mechanisms..

Introduction. With the developments in mobile technology, mobile devices have become an integral part of our lives. They provide many useful functionalities through mobile applications such as reading/writing e-mails, mobile banking, video conferencing. almost 2 million available applications on the official iOS market in the second quarter of 2019. A primary line of defense against such malicious attempts is to prevent them from entering market stores. Two common types of malware analysis and detection techniques are static and dynamic analysis..

Related Work. Before installing a mobile application, customers see the initial metadata in the form of screenshots and descriptions. As a result, application descriptions are an essential component of communication between app developers and consumers. As a result, app descriptions must provide sufficient information about the requirement of a requested risky permission, known as description to permission fidelity. The closest work to the current study in terms of the applied technique has very recently been proposed by Feng et al. The framework called AC-Net also utilizes recurrent neural networks Some recent studies explore the use of privacy policy for enhancing the description-to-behavior fidelity..

Dataset. we use supervised machine learning techniques in order to find inconsistencies between requested permissions and application descriptions. we have created an annotated description dataset and selected the permissions for this dataset with careful attention. All datasets have included both permission sentences and statement sentences according to if they include the indication of permission or not in the sentence, respectively..

Table Description automatically generated.

Diagram Description automatically generated.

A Primer On Deep Learning. Multilayer perceptron’s Neural networks are a type of parameterized function approximators. They have the ability of a highly nonlinear mapping between the input and output. Here, we introduce multilayer perceptron's (MLP) and discuss how inference is performed in neural networks. Figure 1 demonstrates a typical MLP with two hidden layers Recurrent neural networks Recurrent neural networks (RNNs) are a type of artificial neural networks mainly designed to handle sequential data. The primary difference with MLPs is that RNNs have shared parameters for each input feature that enables passing information from history to the future time steps..

Model. Preprocessing Sentence-based encoder.

Model. We propose two neural network models to infer the required permissions from the metadata of a mobile application to detect any inconsistencies between the requested permissions and the application data. In both models, we use descriptions to detect whether a permission required by an application is explained or not. Recurrent neural networks (RNNs)have shown superior performance on sequential data in the last decade..

Diagram Description automatically generated.

Preprocessing. Prior to processing the sequential data, we preprocess application descriptions. Those preprocessing tasks involve sentence tokenization, word tokenization, punctuation removal, stop words elimination, non-alpha characters removal, and stemming..

Sentence-based encoder. Diagram Description automatically generated.

Diagram Description automatically generated.

Experiments. Evaluation metrics Results of the document-based model.

Evaluation metrics. There is a significant imbalance between the classes in AC NET dataset. For instance, only 522 of 24724 sentences are marked for the Camera permission. As an evaluation metric, standard accuracy is not appropriate because of the imbalance problem in the dataset. We would have obtained very high accuracy scores based on the classification results for the evaluation..

Results of the document-based model. In this section, the document-based model is evaluated for measuring the description-to-permission fidelity. The sentence-based models proposed for assessing the fidelity might not fit very well for this problem, since sentences may be irrelevant if we think them in isolation. It is not possible to compare sentence-based and document models through examples..

Table 12 Statistics of AC-Net Permissions READ_CONTACTS RECORD_AUDIO READ_CALENDAR ACCESS FINE LOCATION CALL PHONE CAMERA GET_TASKS READ_SMS STORAGE WRITE SETTINGS % of labeled sentences 3.82 1.30 1.17 2.93 1.31 2.12 1.39 0.80 2.12 5.41 2.47 % of labeled documents 30.8 10.5 7.3 21.5 8.0 16.1 10.1 6.8 15.0 40.8 15.8.

Diagram Description automatically generated.

Conclusion And Future Work. In this study, we investigate at how natural language processing and recurrent neural networks might be used to solve the description-to-fidelity problem in Android apps. Two approaches are proposed to accomplish this: sentence-based and document-based. Because both employ recurrent neural networks, our sentence-based model is comparable to the latest neural model AC-NET. Our approach, on the other hand, employs an attention technique to capture contextual semantics. Almost all natural language processing tasks have indicated that attention mechanisms perform better. We also include an attention mechanism in our proposed model to recognize permission-related terms in a description sentence, allowing us to give various weights to different description sentences, which sets us apart from AC-NET and previous research on the description-to-permission fidelity problem..

References. Android developer guide. https:// developer.android.com /. Last accessed in May, 2019 (2019) Camera api.https :// developer.android.com /guide/topics/media/ camera.html . Last accessed in May 2019 (2019).

Birthday cake on the table. Thank you.