Malicious iOS apps detection through Multi-Criteria Decision-Making Approach
Abstract
In today’s era, smartphones are used in daily lives because they are ubiquitous and can be customized by installing third-party apps. As a result, the menaces because of these apps, which are potentially risky for user’s privacy, have increased. Information on smartphones is perhaps, more personal than compared to data stored on desktops or computers, making it an easy target for intruders. After Android, the most prevalently used mobile operating system is Apple’s iOS. Both Android and iOS follow permission-based access control to prevent user’s privacy. However, the users are unaware whether the app is breaching the user’s privacy. To combat this problem, in the paper we propose a hybrid approach to detect malicious iOS apps based on its permissions. In the first phase weights have been assigned to app permissions using multi-criteria decision-making approach namely Analytic Hierarchy Process (AHP) and in the second phase machine learning & ensemble learning techniques have been employed to train the classifiers for detecting malicious apps. To test the efficacy of the proposed method dataset comprising of 1150 apps from 12 app categories has been used. The results demonstrate the proposed approach improves the efficacy of detecting malicious iOS apps for majority of categories.References
Wikipedia, “iOS.” https://en.wikipedia.org/wiki/IOS (accessed Apr. 06, 2021).
Apple Inc., “App Store Downloads on iTunes.” https://apps.apple.com/in/genre/ios/id36 (accessed Apr. 06, 2021).
J. Erickson, C. Gibler, J. Crussell, and H. Chen, “AndroidLeaks: Detecting Privacy Leaks In Android Applications,” pp. 1–17, 2011, [Online]. Available: http://www.cs.ucdavis.edu/research/tech-reports/2011/CSE-2011-10.pdf.
B. Krupp, “Enhancing Security And Privacy For Mobile Systems,” Dr. Diss. Dep. Electr. Comput. Eng. Clevel. State Univ., p. 148, 2015.
J. Khan, H. Abbas, and J. Al-Muhtadi, “Survey on mobile user’s data privacy threats and defense mechanisms,” Procedia Comput. Sci., vol. 56, no. 1, pp. 376–383, 2015, doi: 10.1016/j.procs.2015.07.223.
WIRED, “Thousands of Android and iOS Apps Leak Data From the Cloud.” https://www.wired.com/story/ios-android-leaky-apps-cloud/ (accessed Apr. 07, 2021).
R. Millman, “Oxford researchers expose personal data harvesting in third-party Facebook and Google apps.” https://www.itpro.co.uk/privacy/32190/oxford-researchers-expose-personal-data-harvesting-in-third-party-facebook-and-google (accessed Apr. 07, 2021).
Ptsecurity.com, “Vulnerability and threats in mobile applications,” Ptsecurity.Com, 2019.
P. Xiong, X. Wang, W. Niu, T. Zhu, and G. Li, “Android malware detection with contrasting permission patterns,” China Commun., vol. 11, no. 8, pp. 1–14, 2014, doi: 10.1109/CC.2014.6911083.
X. Liu and J. Liu, “A two-layered permission-based android malware detection scheme,” Proc. - 2nd IEEE Int. Conf. Mob. Cloud Comput. Serv. Eng. MobileCloud 2014, vol. 128, pp. 142–148, 2014, doi: 10.1109/MobileCloud.2014.22.
D. Congyi and S. Guangshun, “Method for Detecting Android Malware Based on Ensemble Learning,” ACM Int. Conf. Proceeding Ser., pp. 28–31, 2020, doi: 10.1145/3409073.3409084.
L. D. Coronado-De-Alba, A. Rodriguez-Mota, and P. J. Escamilla-Ambrosio, “Feature selection and ensemble of classifiers for Android malware detection,” 2016 8th IEEE Latin-American Conf. Commun. LATINCOM 2016, vol. 128, pp. 2–7, 2016, doi: 10.1109/LATINCOM.2016.7811605.
F. Idrees, M. Rajarajan, M. Conti, T. M. Chen, and Y. Rahulamathavan, “PIndroid: A novel Android malware detection system using ensemble learning methods,” Comput. Secur., vol. 68, pp. 36–46, 2017, doi: 10.1016/j.cose.2017.03.011.
T. G. Mesevage, “Machine Learning Classifiers - The Algorithms & How They Work.” https://monkeylearn.com/blog/what-is-a-classifier/ (accessed May 28, 2021).
V. Zhou, “Machine Learning for Beginners: An Introduction to Neural Networks .” https://towardsdatascience.com/machine-learning-for-beginners-an-introduction-to-neural-networks-d49f22d238f9 (accessed May 28, 2021).
A. J. Bhatt, C. Gupta, and S. Mittal, “iABC: Towards a hybrid framework for analyzing and classifying behaviour of iOS applications using static and dynamic analysis,” J. Inf. Secur. Appl., vol. 41, pp. 144–158, 2018, doi: 10.1016/j.jisa.2018.07.005.
T. L. Saaty, “Decision making with the analytic hierarchy process,” 2008.
DOI:
https://doi.org/10.31449/inf.v49i1.5664Downloads
Published
Issue
Section
License
I assign to Informatica, An International Journal of Computing and Informatics ("Journal") the copyright in the manuscript identified above and any additional material (figures, tables, illustrations, software or other information intended for publication) submitted as part of or as a supplement to the manuscript ("Paper") in all forms and media throughout the world, in all languages, for the full term of copyright, effective when and if the article is accepted for publication. This transfer includes the right to reproduce and/or to distribute the Paper to other journals or digital libraries in electronic and online forms and systems.
I understand that I retain the rights to use the pre-prints, off-prints, accepted manuscript and published journal Paper for personal use, scholarly purposes and internal institutional use.
In certain cases, I can ask for retaining the publishing rights of the Paper. The Journal can permit or deny the request for publishing rights, to which I fully agree.
I declare that the submitted Paper is original, has been written by the stated authors and has not been published elsewhere nor is currently being considered for publication by any other journal and will not be submitted for such review while under review by this Journal. The Paper contains no material that violates proprietary rights of any other person or entity. I have obtained written permission from copyright owners for any excerpts from copyrighted works that are included and have credited the sources in my article. I have informed the co-author(s) of the terms of this publishing agreement.
Copyright © Slovenian Society Informatika
