IABC: Towards a hybrid framework for analyzing and classifying behaviour of iOS applications using static and dynamic analysis. (August 2018)

Record Type:: Journal Article
Title:: IABC: Towards a hybrid framework for analyzing and classifying behaviour of iOS applications using static and dynamic analysis. (August 2018)
Main Title:: IABC: Towards a hybrid framework for analyzing and classifying behaviour of iOS applications using static and dynamic analysis
Authors:: Bhatt, Arpita Jadhav
Gupta, Chetna
Mittal, Sangeeta
Abstract:: Highlights: Research work aims minimizing the privacy threats for end users. Model estimates the risk relevance of iOS permissions by using ranking algorithms. Model classifies an iOS application as benign or malicious. Model monitors misuse of risky permission across different application categories. Model proposes and implements dynamic analysis of iOS applications during run-time. Abstract: Is this app safe to use? - A wrong decision can result in privacy breach in iOS devices. In this digital era users extensively use smart devices to store their personal and important information. To ease users' tasks, thousands of free or paid apps are available in app store. However, recent studies reveal startling facts about various attacks and data harvesting incidents through these apps, where personal data is put at risk. Through this paper, we propose a permission induced risk model- iOS Application analyzer and Behavior Classifier (iABC), for iOS devices to detect privacy violations arising due to granting permissions during installation of applications. It is a two-layer process comprising of static and dynamic analysis. It uses reverse engineering to extract permission variables from applications and computes a risk score for each application using ranking algorithms. The approach considers application's category as a key feature for detecting malicious applications while computing static risk score. Different machine learning classifiers were employed to evaluate 1, 150 … (more)
Is Part Of:: Journal of information security and applications. Volume 41(2018)
Journal:: Journal of information security and applications
Issue:: Volume 41(2018)
Issue Display:: Volume 41, Issue 2018 (2018)
Year:: 2018
Volume:: 41
Issue:: 2018
Issue Sort Value:: 2018-0041-2018-0000
Page Start:: 144
Page End:: 158
Publication Date:: 2018-08
Subjects:: iOS applications -- Reverse engineering -- Machine learning -- Static analysis -- Dynamic analysis -- Static risk score
Computer security -- Periodicals
Information technology -- Security measures -- Periodicals
005.805
Journal URLs:: http://www.sciencedirect.com/ ↗
DOI:: 10.1016/j.jisa.2018.07.005 ↗
Languages:: English
ISSNs:: 2214-2126
Deposit Type:: Legaldeposit
View Content:: Available online (eLD content is only available in our Reading Rooms) ↗
Physical Locations:: British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store
Ingest File:: 7162.xml