论文信息 - Predicting vulnerable classes in an Android application

Predicting vulnerable classes in an Android application

Smart phones have been outselling PCs for several years. The Android operating system dominates the smart phone market, and the Android Market (now Google Play Store) recently passed the mark of 15 billions application downloads. Therefore, there is a large base of users that is attractive for hackers to target. In this paper, we will examine the questions of whether mobile applications developed for the Android platform are vulnerable or not, and how to predict which classes of an Android application are vulnerable. This paper approaches an answer to these questions by analyzing one very popular application of the Android Market and developing a vulnerability prediction model with high accuracy (over 80%) and precision (over 75%).

Riccardo Scandariato | James Walden | R. Scandariato | J. Walden

[1] Michael Gegick,et al. Predicting attack-prone components with source code static analyzers , 2009 .

[2] James Walden,et al. SAVI: Static-Analysis Vulnerability Indicator , 2012, IEEE Security & Privacy.

[3] Andreas Zeller,et al. Predicting vulnerable software components , 2007, CCS '07.

[4] Patrick D. McDaniel,et al. Not So Great Expectations: Why Application Markets Haven't Failed Security , 2010, IEEE Security & Privacy.

[5] David A. Wagner,et al. Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[6] James Walden,et al. An Empirical Study of the Evolution of PHP Web Application Security , 2011, 2011 Third International Workshop on Security Measurements and Metrics.

[7] Laurie A. Williams,et al. Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities , 2011, IEEE Transactions on Software Engineering.