ScienceDirect A Novel Approach to Detect Android ...

Available online at www.sciencedirect.com

ScienceDirect Procedia Computer Science 45 (2015) 407 – 417

,QWHUQDWLRQDO&RQIHUHQFHRQ$GYDQFHG&RPSXWLQJ7HFKQRORJLHVDQG$SSOLFDWLRQV,&$&7$  

$1RYHO$SSURDFKWR'HWHFW$QGURLG0DOZDUH  a

6KDLNK%XVKUD$OPLQD0DGKXPLWD&KDWWHUMHHE

Department of Information Technology, Pillai’s Institute of Information Technology, Navi Mumbai, India [email protected] b Department of Computer Engineering, Pillai’s Institute of Information Technology, Navi Mumbai, India [email protected]

$EVWUDFW $QGURLG LV WKH ZRUOG¶V PRVW SRSXODU DQG WKH ODUJHVW LQVWDOOHG EDVH RI DQ\ PRELOH SODWIRUP ,W KDV JDLQHG KXJH SRSXODULW\ DPRQJ6PDUWSKRQHVDQGLVJURZLQJYHU\IDVWEHFDXVHLWJLYHVLWVXVHUVDZRUOGFODVVSODWIRUPIRUFUHDWLQJDSSVDQGJDPHVDQG DOORZVWKHPWREHGLVWULEXWHGLQVWDQWO\6HFRQGO\LWDOVRRIIHUVDPSOHIUHHWKLUGSDUW\DSSOLFDWLRQVWREHGRZQORDGHGDQGLQVWDOOHG IURP*RRJOH3OD\WKHSUHPLHUPDUNHWSODFHIRUVHOOLQJDQGGLVWULEXWLQJ$QGURLGDSSV$QGURLGRSHQQHVVKDVPDGHLWDIDYRXULWH IRUXVHUVDQGGHYHORSHUVDOLNH0DQ\DSSVDUHJHWWLQJGRZQORDGHGE\WKHXVHUIURPSOD\VWRUHHYHU\PRQWK+RZHYHUGXHWRWKLV WKH QXPEHU RI KDUPIXO DSSV LQ WKH IRUP RI PDOZDUHV JHWWLQJ GRZQORDGHG DUH DOVR LQFUHDVLQJ 7KHVH PDOZDUHV SHUIRUPV WKH YDULRXV DFWLYLWLHV EHKLQG WKH VFHQH VXFK DV VWHDOLQJ YDULRXV VHQVLWLYH LQIRUPDWLRQ RI WKH XVHUV DQG VLJQLQJ XS YLFWLPV WR VXEVFULSWLRQVHUYLFHV$VDUHVXOWRIWKLVXVHUVDUHJHWWLQJDIIHFWHGDQGWKHLUSULYDF\JHWVFRPSURPLVHG$VGHYHORSHUVDUHDOVR IUHHWRGHYHORSDQGSXEOLVKWKHLURZQFUHDWLRQLQDSOD\VWRUHZLWKRXWXQGHUJRLQJDQ\VFUXWLQ\RIWKHLUDSSVWKH\WHQGWRWDNHWKH DGYDQWDJHRIXVHU¶VLQDELOLW\WRDQDO\]HWKHULVNRIVXFKDSSV 7KLV SDSHU SURSRVHV D V\VWHP ZKLFK ZRXOG KHOS WKH XVHUV LQ DQDO\VLQJ DQG UHPRYLQJ VXFK KDUPIXO DSSV DQG WKHUHE\ SURWHFWLQJ WKHLU VHFXULW\ DQG SULYDF\ 7KLV LV DFKLHYHG E\ DQDO\VLQJ WKH YDULRXV SHUPLVVLRQV XVHG E\ DQ DSSOLFDWLRQ WKDW LW KDV UHTXHVWHGGXULQJLQVWDOODWLRQ7KHRYHUDOOSURFHVVRIDQDO\VLQJDSSVLVGRQHXVLQJFOXVWHULQJDQGFODVVLILFDWLRQWHFKQLTXHV7KH PDMRUREMHFWLYHRIWKHSURSRVHGV\VWHPLVWRGHWHFWDQGUHPRYHWKHPDOZDUHVWKDWDUHSUHVHQWLQWKHXVHU¶V$QGURLGGHYLFH  © 2015 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license ‹7KH$XWKRUV3XEOLVKHGE\(OVHYLHU%9 (http://creativecommons.org/licenses/by-nc-nd/4.0/). 3HHUUHYLHZXQGHUUHVSRQVLELOLW\RIVFLHQWLILFFRPPLWWHHRI,QWHUQDWLRQDO&RQIHUHQFHRQ$GYDQFHG&RPSXWLQJ7HFKQRORJLHVDQG Peer-review under responsibility of scientific committee of International Conference on Advanced Computing Technologies and $SSOLFDWLRQV,&$&7$  Applications (ICACTA-2015). Keywords: $QGURLG0DOZDUH3HUPLVVLRQV$SSV&OXVWHU0DOLFLRXV%HQLJQ

1877-0509 © 2015 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/). Peer-review under responsibility of scientific committee of International Conference on Advanced Computing Technologies and Applications (ICACTA-2015). doi:10.1016/j.procs.2015.03.170

408

Shaikh Bushra Almin and Madhumita Chatterjee / Procedia Computer Science 45 (2015) 407 – 417

,QWURGXFWLRQ $QGURLGLVEXLOWRQRSHQ/LQX[.HUQHO6LQFHLWLVDQRSHQVRXUFHLWJLYHVWKHRSSRUWXQLW\WRWKHGHYHORSHUVWR FRPH XS ZLWK WKHLU RZQ WHFKQRORJLFDO DGYDQFHPHQWV $QGURLG KDV RQOLQH PDUNHW IRU VRIWZDUH VWRUH ,W DOORZV $QGURLGXVHUVWRVHOHFWDQGGRZQORDGWKLUGSDUW\DSSOLFDWLRQVSURYLGHGE\WKHGHYHORSHUVRQWKHPDUNHW$QGURLGKDV VHFXULW\IHDWXUHVEXLOWLQWRLWVRSHUDWLQJV\VWHPFDOOHGDVSHUPLVVLRQPRGHO$QGURLGSHUPLVVLRQVDUHQRWKLQJEXWWKH ULJKWVJLYHQWRWKHDSSOLFDWLRQVWRDOORZWKHPWRGRFHUWDLQWDVNVOLNHVHQGUHFHLYH606WDNHSLFWXUHVXVHWKH*36RU PDNHSKRQHFDOOVHWF7KLVSHUPLVVLRQPRGHOWULHVWRUHVWULFWDQDFFHVVWRWKHV\VWHPVRUXVHU¶VLQIRUPDWLRQEXWLW QHYHUWKHOHVVSURYLGHVDZD\WRXVHRQO\FHUWDLQDOORZHGSHUPLVVLRQDFFRUGLQJWRXVHU$XVHUZKLOHLQVWDOOLQJDQ\ DSSOLFDWLRQLQ$QGURLGSKRQHLVILUVWSUHVHQWHGZLWKWKHOLVWRIDOOSHUPLVVLRQVUHTXLUHGE\LWDIWHUZKLFKDXVHUHLWKHU KDVWRJUDQWDOOWKHSHUPLVVLRQVRUUHMHFWLW,IDXVHUGRHVQ¶WJUDQWWKHVHSHUPLVVLRQVLWZLOOUHVXOWLQVWRSSLQJWKH LQVWDOODWLRQ7KXVLQRUGHUWRLQVWDOODQGXVHDQDSSOLFDWLRQXVHUKDVWRJUDQWDOOWKHSHUPLVVLRQVWKDWDQDSSOLFDWLRQ QHHGVDQGWKHQWKHLQVWDOOHGDSSOLFDWLRQUXQVXQGHUWKHJUDQWHGSHUPLVVLRQV $ XVHU ZKR ZLVKHV WR LQVWDOO DQG XVH DQ\ DSSOLFDWLRQ GRHVQ¶W XQGHUVWDQG WKH VLJQLILFDQFH DQG PHDQLQJ RI WKH SHUPLVVLRQVUHTXHVWHGE\DQDSSOLFDWLRQDQGWKHUHE\VLPSO\JUDQWVDOOWKHSHUPLVVLRQVDVDUHVXOWRIZKLFKKDUPIXO DSSOLFDWLRQVDOVRJHWLQVWDOOHGDQGSHUIRUPWKHLUPDOLFLRXVDFWLYLW\EHKLQGWKHVFHQH7KHXVHU¶VLQDELOLW\RIDQDO\]LQJ WKHULVNRIDQ\DSSOLFDWLRQUHVXOWVLQFRPSURPLVHGVHFXULW\DQGSULYDF\ ,Q WKLV ZRUNZH SURSRVH D V\VWHP WR SURWHFW $QGURLG XVHU¶V IURP PDOLFLRXV DSSOLFDWLRQV 7KHSURSRVHG V\VWHP ILUVWDSSOLHVDNPHDQVFOXVWHULQJDOJRULWKPRQWKHSHUPLVVLRQVRILQVWDOOHGDSSOLFDWLRQVWRFDWHJRUL]HWKHPLQWRRQH RI WKRVH PDOLFLRXV DSSOLFDWLRQV DQG WKHQ D QDwYH %D\HVLDQ FODVVLILFDWLRQ DOJRULWKP LV XVHG WR DFFXUDWHO\ FODVVLI\ ZKHWKHUDQDSSOLFDWLRQLVEHQLJQRUDPDOLFLRXVRQH7KHV\VWHPUHGXFHVWKHXVHU¶VEXUGHQRIDQDO\]LQJWKHULVNRI DSSOLFDWLRQVDQGDOVRDVVLVWVWKHPLQPDNLQJWKHGHFLVLRQRIUHPRYLQJDQDSSOLFDWLRQWKDWLVKDUPIXO 7KH UHVW RI WKLV SDSHU LV RUJDQL]HG DV IROORZV 6HFWLRQ  SURYLGHV VRPH UHODWHG ZRUN 6HFWLRQ  GHVFULEHV WKH SURSRVHGV\VWHPLQGHWDLO6HFWLRQGLVFXVVHVLQEULHIDERXWWKHLPSOHPHQWDWLRQ,Q6HFWLRQVDQGZHGLVFXVVWKH UHVXOWV RI RXU LPSOHPHQWDWLRQ DQG DOVR JLYH D FRPSDUDWLYH VWXG\ RI RXU SURSRVHG V\VWHP ZLWK H[LVWLQJ DQWLYLUXV V\VWHPV:HFRQFOXGHLQ6HFWLRQZLWKIXWXUHVFRSH 5HODWHGZRUN 7DND\XNLHWDOKDYHSURSRVHGDV\VWHPWKDWDVVHVVHVDQGSUHVHQWVWKHULVNOHYHORIDQ$QGURLGDSSOLFDWLRQWRWKH XVHUDWWKHWLPHRILQVWDOOLQJWKHDSSOLFDWLRQ>@7KHULVNDVVHVVPHQWLQYROYHVWKHIROORZLQJWZRSDUDPHWHU WKH QXPEHU RI GRZQORDGV DQG XVHU UDWLQJ RU UHYLHZ IURP WKH $QGURLG PDUNHW   WKH DQDO\VHV RI FRPELQDWLRQV RI SHUPLVVLRQVIRUPDOLFLRXVDSSOLFDWLRQV,QLWLDOO\DUXOHVHWLVPDGHWRGHFLGHZKHWKHUWKHFRPELQDWLRQRISHUPLVVLRQV DUHPDOLFLRXV7KHV\VWHPWKHQUHDGVWKHSHUPLVVLRQ¶VFRPELQDWLRQVRIWKHDSSOLFDWLRQVXSRQLWVLQVWDOODWLRQDQGWKHQ LW VHDUFKHV WKRVH SHUPLVVLRQ¶V FRPELQDWLRQV LQ WKH SUHGHILQHG UXOH VHW WR GLVWLQJXLVK WKH PDOZDUHV IURP EHQLJQ DSSOLFDWLRQV ,Q RUGHU WR FDOFXODWH ULVN WKH V\VWHP UHWULHYHV WKH QXPEHU RI GRZQORDGV DQG XVHU UDWLQJ IURP WKH $QGURLG PDUNHW 7KH V\VWHP DVVLJQV D EDVH YDOXH IURP  WR SHUPLVVLRQ¶V FRPELQDWLRQV DQG ZHLJKWV WR WKH XVHU UDWLQJV DQG GRZQORDGV 7KH ZHLJKWV DUH DVVLJQHG GHSHQGLQJ XSRQ WKH QXPEHU RI XVHU UDWLQJV DQG GRZQORDGV WR FDOFXODWHWKHULVNOHYHO7KHV\VWHPWKHQSUHVHQWVWKHULVNLQIRUPDWLRQRIWKHDSSOLFDWLRQVWRWKHXVHUXVLQJYDULRXV FRORUV DV ULVN LQGLFDWRUV DQG ILQDOO\ WKH XVHU GHFLGHV ZKHWKHU WR GHOHWH LW RU QRW EDVHG RQ WKH SUHVHQWHG ULVN¶V LQIRUPDWLRQ 6XOHLPDQ@7KHPRGHOVDUHEXLOWIURPDFROOHFWLRQRI FRGH DQG DSS FKDUDFWHULVWLFV WKDW SURYLGH LQGLFDWRUV RI SRWHQWLDO PDOLFLRXV DFWLYLWLHV ,Q WKLV ZRUN WKH GHWHFWLRQ VWUDWHJ\OHYHUDJHVWKHDSSOLFDWLRQV¶UHOLDQFHRQWKHSODWIRUP$3,VDQGWKHLUVWUXFWXUHGSDFNDJLQJWRH[WUDFWFHUWDLQ SURSHUWLHVWKDWFRXOGVHUYHDVLQGLFDWRUVRIVXVSLFLRXVDFWLYLW\VXFKDVLQWHQWWRILOWUDWHVHQVLWLYHLQIRUPDWLRQODXQFK D PDOLFLRXV SD\ORDG DW UXQWLPH RU SUHVHQFH RI HPEHGGHG VHFRQGDU\ SD\ORDG LQ WKH H[WHUQDO IROGHUV HWF 7KHVH SURSHUWLHV WKHQ IRUP WKH EDVLV IRU %D\HVLDQ FODVVLILHUZKLFK LVXVHG WR GHWHUPLQH ZKHWKHU D JLYHQ$QGURLG DSS LV KDUPOHVV RU VXVSLFLRXV ,Q RUGHU WR REWDLQ WKH IHDWXUH VHWV IRU EXLOGLQJ WKH %D\HVLDQ PRGHO D -DYDEDVHG $QGURLG SDFNDJHSURILOLQJWRROIRUDXWRPDWHGUHYHUVHHQJLQHHULQJRIWKH$3.ILOHVLVLPSOHPHQWHG$IWHUUHYHUVHHQJLQHHULQJ

Shaikh Bushra Almin and Madhumita Chatterjee / Procedia Computer Science 45 (2015) 407 – 417

409

DQ$3.DVHWRIGHWHFWRUVDUHDSSOLHGZLWKLQWKH-DYDEDVHG$3.DQDO\]HUWRFKHFNIRUSURSHUWLHVZKLFKDUHWKHQ PDSSHGLQWRIHDWXUHYHFWRUVIRUWKH%D\HVLDQFODVVLILHU $JHPDWVX + HW DO KDYH LQWURGXFHG D V\VWHP WKDW UHTXLUHV FRRUGLQDWLRQ LQ EHWZHHQ $QGURLG 26 DSSOLFDWLRQ GHYHORSHUV DQG WKH PDUNHW PDQDJHU >@ 7KH SURSRVHG V\VWHP FRQVLVWV RI WKUHH PDLQ HQWLWLHV RU PRGXOHV VXFK DV VHFXULW\PDQDJHUHYHQWQRWLILFDWLRQDQGPDUNHWPDQDJHU$VHFXULW\PDQDJHULVEXLOGLQVLGH$QGURLG26DQGLWXVHV D GHGLFDWHG $3, WR FUHDWH D NQRZOHGJH GDWDEDVH ZKLFK LW FRXOG XVH WR MXGJH PDOLFLRXV EHKDYLRXU 7KLV UHTXLUHV DSSOLFDWLRQGHYHORSHUVWRLQVHUWDQHYHQWQRWLILFDWLRQFRGHLQWRWKHLUDSSOLFDWLRQVZKLFKZRXOGLQIRUPHYHU\HYHQWWR WKHVHFXULW\PDQDJHUZKHQHYHUDQDSSOLFDWLRQODXQFKHVDVHFXULW\UHODWHGHYHQWV,IWKHVHFXULW\PDQDJHUILQGVDQ\ DSSOLFDWLRQZLWKRXWDQHYHQWQRWLILFDWLRQFRGHLWVHQGVWKHQRWLILFDWLRQWRWKHPDUNHWPDQDJHUWKDWUHVLGHVDW$QGURLG PDUNHWSODFH7KHPDUNHWPDQDJHUWKHQUHPRYHDOOVXFKDSSOLFDWLRQVWKDWGRQ¶WLQFOXGHWKHHYHQWQRWLILFDWLRQFRGH *KRUEDQLDQ0HWDOKDYHSURSRVHGDKRVWEDVHGLQWUXVLRQGHWHFWLRQPRGHO>@LQZKLFKWKH/RJ)LOHVDUHILUVW LQVHUWHGE\ORJFDWFRPPDQGWKURXJK$QGURLGORJJLQJV\VWHPDQGDUHJLYHQWRWKH$QDO\]LQJPRGXOH7KH$QDO\]LQJ PRGXOHWKHQLQYRNHVWKHPDWFKLQJHQJLQHWRGHWHFWLQWUXVLRQV7KHPDWFKLQJHQJLQHSHUIRUPVWKHSDWWHUQPDWFKLQJ ZLWKWKHPDOLFLRXVUXOHVHWWKDWLVGHVLJQHGWRGLVWLQJXLVKPDOZDUHVIURPEHQLJQDSSV$WWKHODVWVWHSWKHPDWFKLQJ UHVXOWVDUHVHQWWR2XWSXW&RQWURO0RGXOHZKLFKJLYHVDQDOHUWDVZHOODVUHFRUGWKHORJVLQWRWKH6WRUDJHRUGDWDEDVH 'RQJ-LH :X HW DO KDYH LPSOHPHQWHG D V\VWHP FDOOHG 'URLG0DW WR SURYLGH D VWDWLF DQDO\VLV SDUDGLJP IRU GHWHFWLQJWKH$QGURLGPDOZDUH>@$VDSDUWRIVWDWLFDQDO\VLVWKHV\VWHPH[WUDFWWKHYDULRXVLQIRUPDWLRQVXFKDV SHUPLVVLRQV GHSOR\PHQW RI FRPSRQHQWV ,QWHQW PHVVDJHV SDVVLQJ DQG $3, FDOOV IRU FKDUDFWHUL]LQJ WKH $QGURLG DSSOLFDWLRQV EHKDYLRU ,W WKHQ DSSOLHV.PHDQV DOJRULWKP WKDW HQKDQFHVWKH PDOZDUHPRGHOLQJ FDSDELOLW\ DQG XVHV N11DOJRULWKPWRFODVVLI\WKHDSSOLFDWLRQDVEHQLJQRUPDOLFLRXVDVDSDUWRIIXQFWLRQDOEHKDYLRUUHFRJQLWLRQ :HL7DQJHWDOSURSRVHGDQLGHDRI6HFXULW\'LVWDQFH6' PRGHOWRPLWLJDWHPDOZDUH>@$6'LVWKHGLIIHUHQFH LQEHWZHHQSHUPLVVLRQDQGSHUPLVVLRQFRPELQDWLRQVZLWKVHFXULW\SUREOHPV6'LVDILJXUHWKDWUHSUHVHQWVWKHULVN OHYHO RI SHUPLVVLRQ SDLUV DQG 6' UXOHV GHILQHV KRZ WR GHWHUPLQH 6' RI FHUWDLQ SHUPLVVLRQ SDLUV $ SHUPLVVLRQ FRPELQDWLRQV ZLWK 6' WKDW KDV KLJK WKUHDW SRLQW LQGLFDWHV WKDW DQ DSSOLFDWLRQV PD\ SRVH D ELJJHVW VHFXULW\ WKUHDW ZKHUHDVSHUPLVVLRQSDLUVWKDWKDYH6'ZLWKORZWKUHDWSRLQWLQGLFDWHVLW¶VDVDIHDSSOLFDWLRQ +DPDQGL.HWDOKDYHGHPRQVWUDWHGWKHZRUNLQJRI606PDOZDUHDQGSURSRVHGWKHLUPLWLJDWLRQ>@7KH\KDYH VWXGLHGDQGLGHQWLILHGYDULRXVVROXWLRQVWRSUHYHQWWKLVNLQGRIPDOZDUH7KH\VXJJHVWHGWKHSUDFWLFDOVROXWLRQVVXFK DVWKHXVHUPXVWDOZD\VEHQRWLILHGRIWKHUHFHLSWRIWKHPHVVDJHDVFHUWDLQ606PDOZDUHVKLGHVQRWLILFDWLRQV$SDUW IURPWKLVDSSOLFDWLRQPXVWDOVREHSUHYHQWHGIURPUHFHLYLQJFHUWDLQ606HVE\VHWWLQJLWVRZQSULRULWLHVDQGWKHXVHU PXVWJUDQWH[SOLFLWSHUPLVVLRQVIRUHYHU\606LHSHUPLVVLRQVPXVWEHPRGLILHGGXULQJUXQWLPH + 7KDQK KDV GLVFXVVHG YDULRXV $QGURLG PDOZDUH¶V IDPLOLHV DQG PHWKRG WR DQDO\VHV WKHP >@ 7KH DXWKRU KDV FROOHFWHG VRPH VDPSOHV RI PDOZDUHV WKDW EHORQJV WR GLIIHUHQW IDPLOLHV DQG XVHG YDULRXV WRRO VXFK DV VPDOL EDVNVPDOLHWFLQRUGHUWRSHUIRUPUHYHUVHHQJLQHHULQJRIDQDSNILOHWRDQDO\VHVWKHPDOZDUHVDPSOHV7KHDXWKRU KDVDOVRSUHVHQWHGWKHGHWHFWLRQUHVXOWVRIYDULRXVDQWLYLUXVVRIWZDUHDQGVXJJHVWHGVRPHSUHYHQWLYHPHDVXUHVZKLFK ZRXOGKHOSWKHRUGLQDU\XVHUVWRLGHQWLI\WKHPDOZDUHV +HORLVH HW DO KDYH LGHQWLILHG YDULRXV WUHQGV DQG FKDUDFWHULVWLFV RI $QGURLG ERWQHWV ZKLFK ZRXOG KHOS LQ XQGHUVWDQGLQJWKHERWQHW¶VDFWLYLWLHVDVZHOODVGLVFRYHU\RI$QGURLGERW>@7KHIROORZLQJDUHWKHLGHQWLILHGQRWDEOH FKDUDFWHULVWLFV RI WKH ERWQHWV VXFK DV 5HSDFNDJHG $SSOLFDWLRQV 5HFHLYLQJ &RPPDQGV 0HVVDJLQJ 6WHDO ,QIRUPDWLRQ 7KLUG 3DUW\ $SSOLFDWLRQ 0DUNHWV $GGLWLRQDO &RQWHQW 'RZQORDG DQG $QGURLG0DQLIHVW[PO )LOH )HDWXUHVDQG3HUPLVVLRQV7KHYDULRXVWUHQGVRIWKH$QGURLGERWQHWWKDWZDVLGHQWLILHGDUH6067URMDQURRWH[SORLWV DQGUHFHLYLQJERWFRPPDQGVIURPUHPRWHVHUYHU+HQFHWKLVOLWHUDWXUHZDVVWXGLHGIURPDVHFXULW\SRLQWRIYLHZDVLW LVLPSRUWDQWWRXQGHUVWDQGWKHXQGHUO\LQJVWUXFWXUHDQGZRUNLQJRI$QGURLGERWQHWV .LULQ>@DSSOLHVOLJKWZHLJKWFHUWLILFDWLRQDWLQVWDOOWLPHWKURXJKLWVRZQVHFXULW\UXOHV7KHVHFXULW\UXOHVWKDWLW XVHVDUHGHVLJQHGWRPDWFKZLWKPDOLFLRXVSURSHUWLHVRIPDOZDUHVDQGWKHUXOHVDUHIRUPHGWKURXJKWKHFRPELQDWLRQV RI SHUPLVVLRQV RU WKH DFWLRQV XVHG E\ WKH PDOZDUHV .LULQ EORFNV DOO VXFK DSSV WKDW GHFODUH ULVN\ SHUPLVVLRQ FRPELQDWLRQVRUFRQWDLQDQ\VXVSLFLRXVDFWLRQXVHGE\DFWLYLWLHVVHUYLFHVRUEURDGFDVWUHFHLYHUV&URZGURLG>@LVD PDFKLQH OHDUQLQJEDVHG IUDPHZRUN WKDW UHFRJQL]HV 7URMDQOLNH PDOZDUH RQ $QGURLG VPDUW SKRQHV ,W KDV EHHQ GHVLJQHGE\NHHSLQJWKHIDFWLQPLQGWKDWDJHQXLQHDSSOLFDWLRQGLIIHUVIURPLWVWURMDQL]HGYHUVLRQLQWHUPVRIWKH W\SHVDQGQXPEHURIV\VWHPFDOOVWKDWWKH\LVVXHG&URZGURLGLVDOLJKWZHLJKWFOLHQWDSSOLFDWLRQWKDWPRQLWRUVV\VWHP FDOOV LQYRNHGE\ WKH WDUJHWPRELOH DSSOLFDWLRQSUHSURFHVVHV WKH FDOOV DQG VHQGV WKHP WR FORXGZKHUH D FOXVWHULQJ WHFKQLTXHKHOSVGHWHUPLQHZKHWKHUWKHDSSOLFDWLRQLVPDOLFLRXV

410

Shaikh Bushra Almin and Madhumita Chatterjee / Procedia Computer Science 45 (2015) 407 – 417

0$'$0>@D0XOWL/HYHO$QRPDO\'HWHFWRUIRU$QGURLG0DOZDUHXVHVIHDWXUHVWRGHWHFWDQGURLGPDOZDUH IRUERWKNHUQHOOHYHODQGXVHUOHYHO0$'$0KDVEHHQWHVWHGRQUHDOPDOZDUHIRXQGLQWKHZLOGDQGXVHVDJOREDO PRQLWRULQJDSSURDFKWKDWLVDEOHWRGHWHFWPDOZDUHFRQWDLQHGLQXQNQRZQDSSOLFDWLRQVLHQRWSUHYLRXVO\FODVVLILHG 0RQLWRUV6PDUWSKRQH¶VWRH[WUDFWIHDWXUHVWKDWFDQEHXVHGLQDPDFKLQHOHDUQLQJDOJRULWKPWRGHWHFWDQRPDOLHV 3URSRVHG6\VWHP 7KH SURSRVHG V\VWHP LV FDOOHG DV µ$QGURLG $SSOLFDWLRQ $QDO\]HU¶ EHFDXVH LW DQDO\]HV WKH LQVWDOOHG DSSV DQG GHWHUPLQHVZKHWKHULWLVKDUPIXORUQRW$Q$QGURLG$SSOLFDWLRQ$QDO\]HU$$$ LVDVHFXUHV\VWHPZKLFKKHOSV WKH XVHU LQ GHWHUPLQLQJ ZKLFK DSSV DUH KDUPIXO DQG QHHGV WR EH UHPRYHG 7KH DQDO\VLV RI WKH DSSOLFDWLRQV EHLQJ KDUPIXOLVGRQHEDVHGRQWKHSHUPLVVLRQVRILQVWDOOHGDSSOLFDWLRQVDQGKHQFHLWUHGXFHVWKHEXUGHQRIDQDO\]LQJDQG XQGHUVWDQGLQJWKHULVNVLQYROYHGGXHWRWKRVHKDUPIXOSHUPLVVLRQVRQWKHXVHU7KHSURSRVHGV\VWHPDOVRSURYLGHVD XVHUZLWKDQRSWLRQWRUHPRYHWKRVHDSSVFRPSOHWHO\IURPWKHSKRQH,QWKLVZD\LWSURWHFWVWKHXVHUDQGSURYLGHVD VHFXULW\WR$QGURLGSKRQH 7KH )LJ GHVFULEHV WKH V\VWHP¶V DUFKLWHFWXUH IRU $QGURLG $SSOLFDWLRQ $QDO\]HU ZKLFK FRQVLVWV RI RQH DFWRU LQYROYHG WKH XVHU DQG LW WDNHV LQSXW DV WKH OLVW RI LQVWDOOHG DSSOLFDWLRQV 7KH HQWLUH V\VWHP FRQVLVW RI PDMRU ILYH PRGXOHVVXFKDVLGHQWLILFDWLRQRILQVWDOOHGDSSOLFDWLRQVSHUPLVVLRQH[WUDFWLRQFOXVWHULQJRINQRZQSHUPLVVLRQVLQWR FDWHJRULHVFODVVLILFDWLRQRIEHQLJQDQGPDOLFLRXVDSSVDQGUHPRYDORIPDOLFLRXVDSSV

 )LJ3URSRVHG6\VWHPIRU$QGURLG$SSOLFDWLRQ$QDO\]HU

3.1. Identification of Installed apps 7KHILUVWVWHSLVWRLGHQWLI\WKHOLVWRILQVWDOOHGDSSVDQGWKHLQVWDOOHGDSSVDUHLGHQWLILHGXVLQJ3DFNDJH0DQDJHU FODVVRI$QGURLG3DFNDJH0DQDJHUSURYLGHVPHWKRGVIRUTXHU\LQJDQGPDQLSXODWLQJLQVWDOOHGSDFNDJHV7KLVFODVV FDQEHFDOOHGWKURXJKJHW3DFNDJH0DQDJHU  3.2. Permission Extraction 7KLVPRGXOHH[WUDFWVWKHSHUPLVVLRQVRILQVWDOOHGDSSOLFDWLRQVDORQJZLWKWKHRWKHUUHOHYDQWLQIRUPDWLRQVXFKDV DSS¶V QDPH SDFNDJH QDPH YHUVLRQ UHTXLUHG IHDWXUHV HWF WKDW FRXOG EH RI VLJQLILFDQW LPSRUWDQFH WR WKH XVHUV 3DFNDJH,QIRFODVV LV XVHG WR H[WUDFW WKHVH LQIRUPDWLRQ DERXW WKH FRQWHQWV RI D SDFNDJH 7KH LQIRUPDWLRQ FROOHFWHG WKURXJK3DFNDJH,QIRFODVVFRUUHVSRQGVWRDOOWKHLQIRUPDWLRQSUHVHQWLQ$QGURLG0DQLIHVW[PO

Shaikh Bushra Almin and Madhumita Chatterjee / Procedia Computer Science 45 (2015) 407 – 417

411

3.3. Clustering of Permissions 7KLVPRGXOHWDNHVLQSXWDVSHUPLVVLRQVRIHDFKDSSZKLFKZDVREWDLQHGIURPSHUPLVVLRQH[WUDFWLRQPRGXOHDQG WKHQ DVVLJQV DQ DSS LQWR RQH RI WKH PDOLFLRXV SHUPLVVLRQ¶V FOXVWHUV RU VDIH SHUPLVVLRQ¶V FOXVWHU 7KH QXPEHU RI PDOLFLRXVFOXVWHUVFUHDWHGLVEDVHGRQVRPHNQRZQIDPLOLHVRIPDOLFLRXVDSSV(YHU\FOXVWHUWKDWDUHFUHDWHGFRQVLVWV RI WKH OLVW RI SHUPLVVLRQV UHSUHVHQWV RQH IDPLO\ RI PDOZDUH +HQFH HDFK FOXVWHU ZLOO EH KDYLQJ D VHW RI NQRZQ KDUPIXOSHUPLVVLRQV  7KHNPHDQVDOJRULWKP>@LVXVHGIRUFOXVWHULQJDQGLWFRQVLVWVRIWKHIROORZLQJVWHSV  3ODFH . SRLQWV LQWR WKH VSDFH UHSUHVHQWHG E\ WKH REMHFWV WKDW DUH EHLQJ FOXVWHUHG 7KHVH SRLQWV UHSUHVHQW LQLWLDOJURXSFHQWURLGV  $VVLJQHDFKREMHFWWRWKHJURXSWKDWKDVWKHFORVHVWFHQWURLG  :KHQDOOREMHFWVKDYHEHHQDVVLJQHGUHFDOFXODWHWKHSRVLWLRQVRIWKH.FHQWURLGV  5HSHDW6WHSVDQGXQWLOWKHFHQWURLGVQRORQJHUPRYH 7KHDOJRULWKPDLPVDWPLQLPL]LQJDQREMHFWLYHIXQFWLRQDVTXDUHGHUURUIXQFWLRQ7KHREMHFWLYHIXQFWLRQLVJLYHQ EHORZ ZKHUH WKH WHUP x ij  c j

z

LVDFKRVHQGLVWDQFHPHDVXUHEHWZHHQDGDWDSRLQW DQGWKHFOXVWHUFHQWHU 

LVDQLQGLFDWRURIWKHGLVWDQFHRIWKHnGDWDSRLQWVIURPWKHLUUHVSHFWLYHFOXVWHUFHQWHUV>@  J

k

n

¦¦ x j  i 

i

j

z  cj 

7KHNPHDQVDOJRULWKPDSSOLHGKHUHXVHVWKHSHUPLVVLRQVRIDSSOLFDWLRQDVLQSXWYHFWRUVZKHUHHDFKDSSOLFDWLRQ LV UHSUHVHQWHG E\ LWV SHUPLVVLRQ SDWWHUQ $ FOXVWHUV &L LV QRWKLQJ EXW WKH VHW RI SHUPLVVLRQV ZKLFK DUH XVHG E\ D SDUWLFXODUIDPLO\RIPDOZDUH+RZHYHUNPHDQVUHTXLUHVFHQWURLGWREHDQXPHULFYDOXH+HQFHHDFKSHUPLVVLRQVLV DVVLJQHGZLWKDµG¶GLVWLQFWYDOXHVDQGWKHQWKHVHYDOXHVDUHVXPPHGWRIRUPWKHFHQWURLGµN¶RIDFOXVWHU&RQVLGHUD IROORZLQJH[DPSOHZKHUHWKHJLYHQSHUPLVVLRQVDUHDVVXPHGWREHXVHGE\PDOZDUHDQGDUHXVHGIRUGHVLJQLQJD VDPSOHFOXVWHU &OXVWHU7H[W0HVVDJLQJ3HUPLVVLRQV 3HUPLVVLRQV6(1'B606 5(&(,9(B606 ,17(51(7 5($'B&217$&76  &HQWURLGVXPRIDOOSHUPLVVLRQ¶VYDOXHVLHN    ,QWKLVZD\RWKHUGLIIHUHQWIDPLOLHVRIFOXVWHUVZLOOEHFUHDWHG7KHYDOXHRIHYHU\DSSVDQGLWVGLVWDQFHWRHYHU\ FOXVWHUV DUH FDOFXODWHG 7KH PHWKRG XVHG IRU FDOFXODWLQJ WKH YDOXH RI DQ\ DSS LV VLPLODU WR WKDW RI FDOFXODWLQJ WKH FHQWURLGRIDQ\FOXVWHU,IWKHGLVWDQFHLVRIDQDSSLVIRXQGWREHFORVHUWRDQ\RQHRIWKHFOXVWHU¶VFHQWURLGWKHQLWLV DVVLJQHGWRWKDWSDUWLFXODUFOXVWHURUHOVHZLOOEHSXWLQDVDIHSHUPLVVLRQ¶VFOXVWHU 7KHREMHFWLYHRIFOXVWHULQJLVWRJURXSVLPLODUDSSOLFDWLRQVLQWRDSDUWLFXODUPDOLFLRXVFOXVWHUEDVHGRQWKHFORVHVW GLVWDQFHRIDQDSSWRLWVFOXVWHU7KHUHVXOWRIFOXVWHULQJLVWKHOLVWRIDSSOLFDWLRQVZKLFKDUHPDOLFLRXVLQQDWXUH7KH FOXVWHUVDQGLWVSHUPLVVLRQVDUHWKHQXVHGWRJHWKHUWRIRUPWKHDWWULEXWHVIRUFODVVLILFDWLRQ 3.4. Classification of Permission 6LQFH FOXVWHULQJ FRXOG UHVXOW LQ EHQLJQ DSS EHLQJ GHFODUHG DV PDOLFLRXV WKHUH LV D QHHG WR DFFXUDWHO\ FODVVLI\ ZKHWKHUDQDSSLVUHDOO\DEHQLJQRUPDOLFLRXVRQH,WLVDFKLHYHGXVLQJ1DwYH%D\HVLDQFODVVLILFDWLRQDOJRULWKP>@ ZKLFKFRQVLVWVRIWKHIROORZLQJVWHSV %HJLQ )RUDOOFODVVHVFL¼F F«FP &RPSXWH3FL  )RUDOOIHDWXUHV[M¼[ &RPSXWH3[M_FL  (QGIRU 0XOWLSO\DOO3[M_FL ¶V

412

Shaikh Bushra Almin and Madhumita Chatterjee / Procedia Computer Science 45 (2015) 407 – 417

&DOFXODWHILG  3FL 3[M_FL  (QGIRU $VVLJQGWRWKHFODVVHV RIPD[ILG «IPG  (QG ,Q RUGHU WR FDOFXODWH WKH SUREDELOLW\ RI DQ\ DSS EHLQJ PDOLFLRXV RU EHQLJQ D GDWDVHW KDV EHHQ FRQVWUXFWHG FRQVLGHULQJWZRPDMRUDWWULEXWHVRIDSSOLFDWLRQVVXFKDVWKHFOXVWHUQXPEHUDQGWKHVHWRISHUPLVVLRQ¶VFRPELQDWLRQV RFFXUULQJLQDSDUWLFXODUFOXVWHU(DFKSRVVLEOHSHUPLVVLRQ¶VFRPELQDWLRQKDVEHHQDVVLJQHGWRRQHRIWKHWZRFODVVHV VXFK DV µPDOLFLRXV¶ DQG µEHQLJQ¶ FRQVLGHULQJ LWV EHKDYLRXU ,I DQ LQFRPLQJ DSS LV UHTXHVWLQJ D SHUPLVVLRQ WKDW PDWFKHVZLWKWKHSHUPLVVLRQVGHFODUHGLQDGDWDVHWWKHQLWVFRUUHVSRQGLQJSUREDELOLW\RIEHLQJEHQLJQDQGPDOLFLRXV DUHFDOFXODWHG,IWKHSUREDELOLW\RIDJLYHQDSSOLFDWLRQEHLQJPDOLFLRXVLVIRXQGJUHDWHUWKDQWKHSUREDELOLW\RIEHLQJ EHQLJQWKHQWKDWDSSOLFDWLRQLVGHFODUHGDVPDOLFLRXVHOVHEHQLJQ 3.5. Removal of malicious apps 7KLVPRGXOHVLPSO\SUHVHQWVDXVHUZLWKDOLVWRIPDOLFLRXVDSSVLGHQWLILHGGXULQJFODVVLILFDWLRQVWDJH,WDOORZV WKHXVHUWRSURYLGHLQSXWDERXWWKHGHFLVLRQWRGHOHWHWKHDSSIURPWKHSKRQHRUWRUHWDLQLW ,PSOHPHQWDWLRQ 7KHSURSRVHGV\VWHPLVFXUUHQWO\LPSOHPHQWHGIRUWKH$QGURLGYHUVLRQ-HOO\%HDQ DQGLVGHYHORSHGXVLQJ -DYD SURJUDPPLQJ ODQJXDJH 7KH HQWLUH GHYHORSPHQW HQYLURQPHQW LV VHW XS XVLQJ $QGURLG 6'.  -HOO\ %HDQ $QGURLG 'HYHORSPHQW 7RROV $'7  YHUVLRQ  DQG WKH (FOLSVH ,'( IRU -DYD (( 'HYHORSHUV DQG WHVWHG RQ %OXH6WDFNV$SSV3OD\HU$QGURLG64/LWHKDVEHHQXVHGWRFDUU\RXWGDWDEDVHKDQGOLQJWDVN7KHIROORZLQJVDPSOHV RI PDOLFLRXV DSSOLFDWLRQV DUH XVHG IRU WHVWLQJ 'RJ:DU 7URMDQ  ,&DOHQGDU 3UHPLXP 606  DQG 6XSHU6ROR 'URLG'UHDP >@ 'RJ:DULVD63$07URMDQWKDWVHQGV606PHVVDJHVWRDOOFRQWDFWVIRXQGRQDGHYLFH>@,&DOHQGDUVHQGVD 606 PHVVDJH WR VXEVFULEH WKH XVHU WR D SUHPLXPUDWH 606 VHUYLFH LQ &KLQD ZLWKRXW WKHLU DXWKRUL]DWLRQ RU NQRZOHGJHDQGEORFNVDQ\LQFRPLQJGHOLYHU\UHSRUWVIURPWKHQXPEHUVRWKDWWKHYLFWLPGRHVQRWJHWDQ\UHVSRQVH UHJDUGLQJ WKH 606 WKDW WKH DSSOLFDWLRQ VHQGV LQ WKH EDFNJURXQG >@ 6XSHU6ROR LV D 7URMDQ WKDW OHYHUDJHV URRW H[SORLWV WR JDLQ WKH FRQWURO RI WKH GHYLFH >@ 7ZR PRUH VDPSOH DQGURLG DSSV VXFK DV 6DPSOH$QGURLG$SS DQG 6DPSOH0DOZDUH$SSDUHDOVRFUHDWHGDQGWUHDWHGDVPDOLFLRXV 5HVXOWV :HKDYHREWDLQHGWKHIROORZLQJUHVXOWVIURPRXULPSOHPHQWHGV\VWHP  x 7KH0DLQ,QWHUIDFHRIRXULPSOHPHQWHGV\VWHPLVVKRZQLQ)LJDQGDOLVWRIDOOWKHDSSOLFDWLRQVWKDWDUH LQVWDOOHG RQ WKH GHYLFH LV VKRZQ LQ )LJ  7KH SHUPLVVLRQV UHTXHVWHG E\ HYHU\ DSSOLFDWLRQV DUH DOVR H[WUDFWHGDQGWKHQWKHDSSOLFDWLRQVDUHDVVLJQHGWRDSDUWLFXODUFOXVWHUXVLQJNPHDQV            

Shaikh Bushra Almin and Madhumita Chatterjee / Procedia Computer Science 45 (2015) 407 – 417

   



                                        

)LJ0DLQ,QWHUIDFHRI$QGURLG$SSOLFDWLRQ$QDO\]HU

)LJ/LVWRI,QVWDOOHG$SSOLFDWLRQV

413

414

Shaikh Bushra Almin and Madhumita Chatterjee / Procedia Computer Science 45 (2015) 407 – 417

x                                               

$IWHU FOLFNLQJ RQ D SDUWLFXODU DSSOLFDWLRQ RQ WKH OLVW WKH LQIRUPDWLRQ VXFK DV WKH QDPH RI DQ DSSOLFDWLRQ SDFNDJH QDPH YHUVLRQ IHDWXUHV SHUPLVVLRQV LQVWDOOHG SDWK UHTXLUHG YHUVLRQ HWF DUH GLVSOD\HG DV VKRZQ LQ )LJ

)LJ$SSOLFDWLRQ¶V,QIRUPDWLRQRI&OXVWHU

)LJ$SSOLFDWLRQ¶V,QIRUPDWLRQRI6DIH&OXVWHU

Shaikh Bushra Almin and Madhumita Chatterjee / Procedia Computer Science 45 (2015) 407 – 417

7KHFOXVWHUWRZKLFKDQDSSOLFDWLRQEHORQJVLVDOVRIODJJHGWKURXJKDPHVVDJH7KHDSSOLFDWLRQ¶VLQIRUPDWLRQRI &OXVWHU  DQG 6DIH &OXVWHU DUH VKRZQ LQ )LJ DQG )LJ  $ OLVW RI DOO WKH DSSOLFDWLRQV WKDW DUH IRXQG WR EH PDOLFLRXVDQGDPHVVDJHLQGLFDWLQJWKHQXPEHURIPDOLFLRXVDSSVIRXQGDUHVKRZQLQ)LJ

x

                      

)LJ/LVWRI0DOLFLRXV$SSOLFDWLRQV

                    )LJ5HPRYDORI0DOLFLRXV$SSOLFDWLRQ

415

416

Shaikh Bushra Almin and Madhumita Chatterjee / Procedia Computer Science 45 (2015) 407 – 417

x

$IWHU FOLFNLQJ RQ D SDUWLFXODU DSSOLFDWLRQ IURP WKH OLVW D ZDUQLQJ PHVVDJH LV SRSSHG XS DVNLQJ IRU XVHU¶V GHFLVLRQWRUHPRYHLWDVVKRZQLQ)LJ,IXVHUFOLFNVRQ\HVWKHQWKHVHOHFWHGDSSOLFDWLRQZLOOEHXQLQVWDOOHG

&RPSDUDWLYH6WXG\ ,QWKLVVHFWLRQDFRPSDULVRQRIRXUV\VWHPZLWKH[LVWLQJDQWLYLUXVV\VWHPVLVVKRZQLQ7DEOH:HLGHQWLILHG IHZSRSXODUO\XVHGDQWLYLUXVDSSOLFDWLRQVIURP>@VXFKDV0RELOH6HFXULW\1RUWRQ6HFXULW\DQG$QWLYLUXV $YDVW $QWLYLUXV 0F$IHH .DVSHUVN\ DQG /RRNRXW 6HFXULW\ DQG $QWLYLUXV >@ WR ILQG RXW KRZ DFFXUDWHO\ RXU V\VWHPGLVWLQJXLVKHVWKHPDOZDUHVDPSOHVWKDWDUHFRQVLGHUHGIRUWHVWLQJIURPWKHEHQLJQDSSOLFDWLRQV 7DEOH&RPSDUDWLYH6WXG\ 6U1R

0DOZDUHV

$YDVW0F$IHH

/RRNRXW

.DUVSHUVN\

$QGURLG$SSOLFDWLRQ$QDO\]HU



6XSHU6ROR

9

9

9

9



'RJZDU

9

8

9

9



,&DOHQGDU

9

9

8

9

2XUV\VWHPKDVFODVVLILHGPRVWRIWKHPDOZDUHVDSSOLFDWLRQVFRUUHFWO\ZKLFKDUHDOVRGHWHFWHGDVPDOZDUHVE\WKH RWKHU DQWLPDOZDUH DSSV +RZHYHU DOO WKH DQWLPDOZDUHV DSSV UHTXLUHV DQ XSGDWHG GDWDEDVH RI NQRZQ PDOZDUH¶V VLJQDWXUHV ZLWKRXW ZKLFK WKH\ FDQQRW GHWHFW DQ\ NQRZQ RU XQNQRZQ PDOZDUHV ZKHUHDV RXU V\VWHP FDQ GHWHFW XQNQRZQPDOZDUHVRIDSDUWLFXODUIDPLO\RQFHLWVSUHGHFHVVRUKDVEHHQFOXVWHUHGDQGFODVVLILHG:HKDYHDOVRIRXQG RXWWKDWWKHUHDUHVRPHDQWLYLUXVHVZKLFKFRXOGQRWGHWHFWIHZVDPSOHRIPDOZDUHVXVHGIRUWHVWLQJ &RQFOXVLRQDQG)XWXUH6FRSH 7KH SURSRVHG V\VWHP $QGURLG $SSOLFDWLRQ $QDO\]HU DOORZV XVHU WR LGHQWLI\ PDOLFLRXV DSSOLFDWLRQV LQVWDOOHG LQ WKHSKRQHDQGDOVRSURYLGHVDSURYLVLRQWRUHPRYHWKHP2XUV\VWHPLVXVLQJFOXVWHULQJDQGFODVVLILFDWLRQWHFKQLTXHV ZKHUHDVDQWLPDOZDUHVDSSV¶XVHVVLJQDWXUHEDVHGWHFKQLTXHV7KHPDMRUGUDZEDFNRIVLJQDWXUHEDVHGWHFKQLTXHVLV WKDWLIDVLJQDWXUHRIDSDUWLFXODUPDOZDUHEHLQJLQVWDOOHGRQDSKRQHLVIRXQGLQWKHGDWDEDVHRIDQWLPDOZDUHVDSSV¶ WKHQLWLVGHFODUHGDVPDOZDUHHOVHEHQLJQ 7KH VHFRQG GUDZEDFN LV WKDW WKH VHDUFKLQJ RI VLJQDWXUHV IURP WKH GDWDEDVH LV WLPH FRQVXPLQJ DQG XVHUV DUH DOZD\VUHTXLUHGWRXSGDWHWKHLUDQWLPDOZDUHDSSV+HQFHRXUV\VWHPLVPRUHDFFXUDWHLQFODVVLI\LQJZKHWKHUDQDSS LVDPDOZDUHRUDEHQLJQDQGLWGRHVQ¶WUHTXLUHXSGDWLQJWKHVLJQDWXUHVRIPDOZDUHVRQOLQHDQGFDQEHXVHGRIIOLQH E\ $QGURLG¶V XVHUV $V RXU V\VWHP GRHVQ¶W QHHG WR SHUIRUP GDWDEDVH VFDQ IRU ILQGLQJ VLJQDWXUH PDWFK LW WDNHV PLQLPXPWLPHWRJLYHLWVILQDOUHVXOW7KXVRXUV\VWHPFDQEHXVHGHIIHFWLYHO\LQSURWHFWLQJWKHXVHUVIURPPDOLFLRXV DSSOLFDWLRQV 7KHRQO\GUDZEDFNRIRXUV\VWHPLVWKDWLIDQHZXQNQRZQIDPLO\RIDPDOZDUHLVVXSSRVHGWREHGHWHFWHGWKHQD QHZFOXVWHUKDVWREHFUHDWHGFRQVLGHULQJWKHVDPHIDPLO\¶VSHUPLVVLRQ$VIXWXUHZRUNZHSURSRVHWRFUHDWHDODUJHU QXPEHURIFOXVWHUVLQRUGHUWRVXSSRUWZLGHUDQJHRIXQNQRZQPDOZDUHV:LWKLQFUHDVHLQWKHSRSXODULW\RI$QGURLG LWEHFRPHVDWDUJHWIRUDQLQFUHDVLQJFDWHJRU\RIPDOZDUHV$VIXWXUHVFRSHLWZRXOGEHRIYLWDOLPSRUWDQFHWREH DEOHWRGRWKLVDQDO\VLVDWLQVWDOODWLRQWLPH 5HIHUHQFHV >@ 7DND\XNL0DWVXGR(LLFKLUR.RGDPD-LDKRQJ:DQJDQG7R\RR7DNDWD$3URSRVDORI6HFXULW\$GYLVRU\6\VWHPDWWKH7LPHRIWKH ,QVWDOODWLRQ RI $SSOLFDWLRQV RQ $QGURLG 26WK ,((( ,QWHUQDWLRQDO &RQIHUHQFH RQ 1HWZRUN%DVHG ,QIRUPDWLRQ 6\VWHPV 1%L6   >@ @ 'RQJ-LH:X&KLQJ+DR0DR7H(Q:HL+DKQ0LQJ/HH.XR3LQJ:X'URLG0DW$QGURLG0DOZDUH'HWHFWLRQWKURXJK0DQLIHVW DQG$3,&DOOV 7UDFLQJ,QIRUPDWLRQ6HFXULW\ $VLD-&,6 6HYHQWK$VLD-RLQW&RQIHUHQFHRQYROQRSS$XJ  >@ :HL 7DQJ *XDQJ -LQ -LDPLQJ +H ;LDQOLDQJ -LDQJ ([WHQGLQJ $QGURLG 6HFXULW\ (QIRUFHPHQW ZLWK D 6HFXULW\ 'LVWDQFH 0RGHO ,QWHUQHW7HFKQRORJ\DQG$SSOLFDWLRQVL7$3 ,QWHUQDWLRQDO&RQIHUHQFHRQYROQRSS$XJ >@ +DPDQGL . &KHKDE $ (OKDMM ,+ .D\VVL $ $QGURLG 606 0DOZDUH 9XOQHUDELOLW\ DQG 0LWLJDWLRQ $GYDQFHG ,QIRUPDWLRQ 1HWZRUNLQJDQG$SSOLFDWLRQV:RUNVKRSV:$,1$ WK,QWHUQDWLRQDO&RQIHUHQFHYROQRSS0DUFK >@ +7KDQK$QDO\VLVRI0DOZDUH)DPLOLHVRQ$QGURLG0RELOHV'HWHFWLRQ&KDUDFWHULVWLFV5HFRJQL]DEOHE\2UGLQDU\3KRQH8VHUVDQG +RZWR)L[,W-RXUQDORI,QIRUPDWLRQ6HFXULW\9RO1RSS >@ 3LHWHUVH+2OLYLHU06$QGURLGERWQHWVRQWKHULVH7UHQGVDQGFKDUDFWHULVWLFV,QIRUPDWLRQ6HFXULW\IRU6RXWK$IULFD,66$  YROQRSS$XJ >@ (QFN:2QJWDQJ00F'DQLHO32QOLJKWZHLJKWPRELOHSKRQHDSSOLFDWLRQFHUWLILFDWLRQ,Q&&6¶3URFHHGLQJVRIWKHWK $&0FRQIHUHQFHRQ&RPSXWHUDQG&RPPXQLFDWLRQ6HFXULW\1HZ@ /RRNRXW KWWSVEORJORRNRXWFRPEORJVHFXULW\DOHUW]VRQHWURMDQIRXQGLQDQGURLGPDUNHW 0DOZDUH´ 2QOLQH $YDLODEOH >@ 9LUXV %XOOHWLQ´&RYHULQJ WKH *OREDO 7KUHDW /DQGVFDSH 'URLGGUHDP KWWSVZZZYLUXVEWQFRPYLUXVEXOOHWLQDUFKLYHYE'URLG'UHDP >@ /RRN LQWR 0RELOH´ %HVW $QGURLG $QWLYLUXV DQG 6HFXULW\ $SSV´ 2QOLQH $YDLODEOH KWWS ORRNLQWRPRELOHFRPDQGURLGDQWLYLUXV VHFXULW\DSSV >@ 7RP¶V JXLGH ³%HVW $QGURLG $QWLYLUXV 6RIWZDUH ´ 2QOLQH $YDLODEOH KWWSZZZ WRPVJXLGHFRPXVEHVWDQGURLG DQWLYLUXVUHYLHZKWPO

417