Zhengyang Qu 1 Vaibhav Rastogi 1 Xinyi Zhang 12 Yan Chen 1 Tiantian Zhu 3 and Zhong Chen 4 1 1 Northwestern University IL US 2 Fudan University Shanghai China ID: 1038712
Download Presentation The PPT/PDF document "AutoCog: Measuring the Description-to-pe..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1. AutoCog: Measuring the Description-to-permission Fidelity in Android ApplicationsZhengyang Qu1, Vaibhav Rastogi1, Xinyi Zhang1,2, Yan Chen1, Tiantian Zhu3, and Zhong Chen411Northwestern University, IL, US, 2Fudan University, Shanghai, China, 3Zhejiang University, Hangzhou, China,4Wind Mobile, Toronto, Canada
2. OutlineProblem StatementApproach & DesignEvaluationConclusions2
3. OutlineProblem StatementApproach & DesignEvaluationConclusions3
4. MotivationsAndroid Permission SystemAccess control by permission systemFew users can understand security implications from requested permissions User expectation v.s. Application BehaviorUser expectation based on application descriptionPermission defines application behaviorAssess how well permission align with description4
5. Desired SystemsApplication developersEnd users Requirements:Rich semantic informationIndependent of external resourceAutomation5
6. Challenge & ContributionsInferring description semanticsSimilar meaning may be conveyed in a vast diversity of natural language text“friends”, “contact list”, “address book”Correlating description semantics with permission semanticsA number of functionalities described may map to the same permission“enable navigation”, “display map”, “find restaurant nearby”61. Leverage stat-of-the-art NLP techniques2. Design a learning-based algorithm
7. System PrototypeAvailable on Google Playhttps://play.google.com/store/apps/details?id=com.version1.autocog7
8. OutlineProblem StatementApproach & DesignDescription Semantics (DS) ModelDescription-to-Permission Relatedness (DPR) ModelEvaluationConclusion8
9. System Overview9
10. System Overview10
11. System Overview11
12. Ontology modelingLogical dependency between verb phrase and noun phrase<“scan”, “barcode”> for CAMERA, <“record”, “voice”> for RECORD_AUDIOLogical dependency between noun phrases <“scanner”, “barcode”>, <“note”, “voice”>Noun phrase with possessive<“your”, “camera”>, <“own”, “voice”>12
13. Description Semantics Model (Contribution 1)Extract Abstract SemanticsExplicit Semantic Analysis (ESA)Computing the semantic relatedness of textsLeverage a big document corpus (Wikipedia) as the knowledge base and constructs a vector representationAdvantages:Rich semantic information, Quantitative representation of semantics13
14. Description-to-Permission Relatedness (DPR) Model (Contribution 2)Learning-based methodInput: application permission, application descriptionOutput: <np-counterpart, noun phrase> correlated with each sensitive permission14
15. Samples in DPR ModelPermissionSemantic PatternsWRITE_EXTERNAL_STORAGE<delete, audio file>, <convert, file format>ACCESS_FINE_LOCATION<display, map>, <find, branch atm>, <your location>ACCESS_COARSE_LOCATION<set, gps navigation>, <remember, location>GET_ACCOUNTS<manage, account>, <integrate, facebook>RECEIVE_BOOT_COMPLETED<change, hd paper>, <display, notification>CAMERA<deposit, check>, <scanner, barcode>, <snap, photo>READ_CONTACTS<block, text message>, <beat, facebook friend>RECORD_AUDIO<send, voice message>, <note, voice>WRITE_SETTINGS<set, ringtone>, <enable, flight mode>WRITE_CONTACTS<wipe, contact list>, <secure, text message>READ_CALENDAR<optimize, time>, <synchronize, calendar>15
16. Learning Algorithm for DPRS1: Grouping noun phrasesCreate semantic relatedness score matrix <“map”, [(“map”, 1.00), (“map view”, 0.96), (“interactive map”, 0.89), …]>S2: Selecting Noun Phrases Correlated with PermissionsNot biased to frequently occurring noun phrasesJointly consider conditional probabilities:P(perm | np) and P(np | perm)16
17. Learning Algorithm for DPR(cont’d)S3: Pairing np-counterpart with Noun Phrase“Retrieve Running Apps permission is required because, if the user is not looking at the widget actively (for e.g. he might using another app like Google Maps)”17
18. OutlineProblem StatementApproach & DesignEvaluationConclusions18
19. EvaluationTraining set: 36,060 applicationsValidation set: 1,785 applications (150-200 for each permissions), 11 sensitive permissions19
20. Closely Related WorkWhyper, Pandita et al., USENIX Security 2013Leverages API documentation to generate a semantics modelAPIs are mapped to permissions using PScoutLimitationsLimited semantic information“Blow into the mic to extinguish the flame…” for RECORD_AUDIO permission not in API documentLack of associated APIsRECEIVE_BOOT_COMPLETED has no associated APIsLack of automation20
21. Accuracy Comparison21SystemPrecision (%)Recall (%)F-score (%)Accuracy (%)AutoCog92.692.092.393.2Whyper85.566.574.879.9
22. Results22Case Studies:AutoCog TP/ Whyper FN:“Filter by contact, in/out SMS”, “5 calendar views”AutoCog TN/Whyper FP“Saving event attendance status now works on Android 4.0”AutoCog FN/Whyper TP“Ability to navigate to a Contact if that Contact has address”AutoCog FP/Whyper TN“Set recording as ringtone”Latency: 4.5 s check an application
23. ConclusionsAutoCog is a system to measure the description-to-permission fidelityLearning-based algorithm to generate DPR model, better accuracy performance, ability to extend over other permissionsOngoing workOptimize the training algorithm to improve the scalabilitySimplify our semantics models23
24. AutoCog App24
25. 25Thank you!http://list.cs.northwestern.edu/mobile/Questions?
26. NLP ModuleSentence boundary disambiguation (SBD)Description is split into sentences for subsequent sentence structure analysis (Stanford Parser)Grammatical structure analysisStanford Parser outputs typed dependencies and PoS tagging of each wordExtract pairs of noun phrase and np-counterpartRemove stopwords and named entities; Normalized by lowercasing and lemmatization26
27. Description-to-Permission Relatedness (DPR) Model (Contribution 2)27
28. DecisionExtract all pairs of noun phrase and np-counterpartCondition:28
29. Deployment29
30. DPR Model (cont’d)Pairing np-counterpart with Noun PhraseTo explore the context and semantic dependenciesSP: total number of descriptions where the pair <nc, np’> is detected, the number of application requesting the permission is 30
31. Measurement ResultsAnother 45,811 applications, DPR model trained in accuracy evaluation31Negative correlation between the number of questionable permissions of one application by a specific developer with the total number of applications published by that developer:r = -0.405, p < 0.001
32. Backup32
33. Back up33