CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Using Probabilistic Generative Models for Ranking Risks of Android Apps

Chris Gates - Purdue University

Feb 06, 2013

Size: 161.9MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

Abstract

One of Android's main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it presents the risk information of each app in a “stand-alone” fashion and in a way that requires too much technical knowledge and time to distill useful information.

We introduce the notion of risk scoring and risk ranking for Android apps, to improve risk communication for Android apps, and identify three desiderata for an effective risk scoring scheme. We propose to use probabilistic generative models for risk scoring schemes, and identify several such models, ranging from the simple Naive Bayes, to advanced hierarchical mixture models. Experimental results conducted using real-world datasets show that probabilistic generative models significantly outperform existing approaches, and that Naive Bayes models give a promising risk scoring approach.

About the Speaker

Christopher Gates is a PhD student in the Computer Science department of Purdue University and a member of CERIAS. He received his Masters Degree in Computer Science in 2005 from Rutgers University, and then worked at a startup company in NYC before deciding to pursue his PhD. His research interests are in information security and machine learning. In particular, his research focuses on using data to help users make more informed and safer security decisions. His research advisor is Prof. Ninghui Li.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.