网络与信息安全学报 (Apr 2021)
Classified risk assessment method of Android application based on multi-factor clustering selection
Abstract
Most existing risk assessments of Android applications directly assign weights to factors according to experience, and calculate security risks by counting the frequency statistics of few factors.A new method for risk assessment of Android applications is proposed, which can provide both quantitative and qualitative assessment.This method integrates multiple risk factors such as system permissions, API calls, the action properties of Intent Filter, and data flow.The risks of factors are assigned based on their risk classification and addition, and the weights of factor subsets are distributed based on hierarchical clustering.Experiments show that the assessment results can effectively reflect the real security risks of Android applications.