Using Probabilistic Generative Models for Ranking Risks of Android Apps
Chris Gates - Purdue University
Feb 06, 2013Size: 161.9MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractOne of Android's main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it presents the risk information of each app in a “stand-alone” fashion and in a way that requires too much technical knowledge and time to distill useful information.
We introduce the notion of risk scoring and risk ranking for Android apps, to improve risk communication for Android apps, and identify three desiderata for an effective risk scoring scheme. We propose to use probabilistic generative models for risk scoring schemes, and identify several such models, ranging from the simple Naive Bayes, to advanced hierarchical mixture models. Experimental results conducted using real-world datasets show that probabilistic generative models significantly outperform existing approaches, and that Naive Bayes models give a promising risk scoring approach.
About the SpeakerChristopher Gates is a PhD student in the Computer Science department of Purdue University and a member of CERIAS. He received his Masters Degree in Computer Science in 2005 from Rutgers University, and then worked at a startup company in NYC before deciding to pursue his PhD. His research interests are in information security and machine learning. In particular, his research focuses on using data to help users make more informed and safer security decisions. His research advisor is Prof. Ninghui Li.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.