Designing a Reputation System to Detect Malicious Behavior in the Google Android Market

Designing a Reputation System to Detect Malicious Behavior in the Google Android Market
paly

This paper proposes a reputation system to detect malicious behavior in the Google Android Market. The system design principles consider common reputation system errors, specific design specifications, and detection of malicious behavior through simulations. Results suggest further implementation may improve user privacy and security.

About Designing a Reputation System to Detect Malicious Behavior in the Google Android Market

PowerPoint presentation about 'Designing a Reputation System to Detect Malicious Behavior in the Google Android Market'. This presentation describes the topic on This paper proposes a reputation system to detect malicious behavior in the Google Android Market. The system design principles consider common reputation system errors, specific design specifications, and detection of malicious behavior through simulations. Results suggest further implementation may improve user privacy and security.. The key topics included in this slideshow are Google Android Market, reputation system, malicious behavior, user privacy, security,. Download this presentation absolutely free.

Presentation Transcript


1. By James Kasten

2. Motivation and Proposed Solution Common Reputation System Errors Design Principles and Considerations Specific Design Specifications Detection of Malicious Behavior Simulations Setup and Assumptions Results Further Implementation Future Work

3. Google Android Market is very open Android Security and Privacy permissions are controlled by the user User has little information regarding use of permissions

4. TaintDroid Tracks the flow of private information through the phone Notifies the user when private information is sent across the network Requires advanced and knowledgeable users to operate Kirin Based purely on installation privileges Only as effective as the user makes it

5. Provide a mechanism that allows privacy and security information of third-party applications to flow from advanced users to novices Web of Trust enhanced with Automated Analysis Web of Trust Examples: Epinions.com, MyWOT.com (internet sites), Google PageRank

6. Lack of ability to differentiate dishonest feedback from honest ones Most systems provide no support against users gaming the system No incentives for feedback Sybil Attack

7. Large disparity of knowledge in user base Special two-tiered reputation system Global Trust Index Centralized Server Algorithms need to be computationally inexpensive Additional information provided to the user with some automated analysis

8. User Rating System Review Types Application Ratings Rating Reviews Additional Influences User Reputation Application Author Rating Automated Analysis Assess static privileges Analyze TaintDroid logs for each application Create/Analyze power consumption profiles

9. Tetroid by SoftwareWorks Trust Index 7.8 Tetroid by SoftwareWorks Trust Index 7.7 Application Ratings Influence determined by users reputation Effects both Application Trust Index and Authors Trust Index Review Ratings Either positive or negative Affects user reputation Influence determined by reviewers user reputation Jamess Rating 7 According to TaintDroid, this app occasionally sends out your location to WebAdds.com. Other than that, it appears safe.

10. Provide Global Trust Index for each application Calculating the Trust Index 2/3 Global Application Rating + 1/3 Author Rating Calculating Global Application Rating (AppRating.user.reputation * AppRating.PrivacyRating) / Accuracy Accuracy = (AppRating.user.reputation) Calculating Authors Rating (Application.Accuracy * Application.TrustIndex) / ( Application.Accuracy)

11. New users assigned reputation of .5 Cap user reputation between [0, 10] Reputation Calculation for User Stops user from gaining max reputation from a single rating Formulated to separate novice users from experienced users For each (ApplicationRating) { appRatingRep = ((ReviewRating.user.reputation / 10) * Rating) if ( appRatingRep > 1) discount additional reputation by factor of 5 add appRatingRep to reputation }

12. 1. Review Rating is submitted - O (1) 2. Local user reputation is updated - O (1) 3. Reputation change is propagated to those users immediately affected O (n) 4. for each (AppRating in users List), add it to set of dirtyApplications - O (n) 5. After period of time, recalculate all dirtyApplication AppRatings and Author Ratings O (nm) 6. Calculate new Trust Index - O (1)

13. Maximum of 5 review ratings (thumbs up/ thumbs down) per application Stops user from trashing or boosting an applications trust index indirectly Recent Activity Window - Small weighted trust rating maintained and used to punish users with recent low performance Guards against users using high rep to game the rankings

14. Look at the last past 3 application ratings of users with high reputation If weighted average of Review Ratings is less than threshold, punish user Weighted average of review ratings Recent Performance AppRating.ReviewRating * AppRating.ReviewRating.user.reputation AppRating.ReviewRating.user.reputation

15. Recent performance domain [-1, 1] Current performance threshold is -.1 Reputation Punishment rep = rep / (1 + ((-performance) * (accuracy / WEIGHT_FACTOR))) Current weight factor is 5

16. Experienced Users Rate accurately with standard deviation of 1 Average Users Rate only half of the applications Rate apps fairly accurately with st dev of 3 Ignorant Users Rate randomly on a uniform distribution Malicious Users Act like experienced users, but when their reputation is high they game the system

17. Ignorant and Average users are expected to recognize experienced user and malicious user application reviews at a rate of .8 Users recognize the experienced vocabulary and rate it up Experienced users are not as easily fooled by malicious users and only rate up an App Rating if the trust value is relatively close to their own opinion ( 1)

18. Normal user application ratings are rated up if the corresponding reviewer has a similar opinion Rated up if rating is within 1 of their opinion Rated down if the reviewers opinion is differs from App Ratings author by more than 1

19. Apps = 20 Exp Users = 5 Avg Users = 30 Mal Users = 0

20. Apps = 20 Exp Users = 5 Avg Users = 30 Ign Users = 30

21. Exp Users = 5 Avg Users = 30 Ign Users = 30 Mal Users = 5

22. Access Application Manifest file to assess static privileges Classify Application Privacy and Security as Safe, Some Risk, Potentially Dangerous Safe No access to private information, accounts and money Some Privacy Risk Access to both private information and internet access Potentially Dangerous Access to accounts and money

23. Google App Engine Works well with Android Applications Android Application Users based on Google Accounts and phone numbers Android Market requires user to have valid account Should effectively avoid Sybil attack Quick Example

24. Self-sustaining Computationally light Makes the market more efficient as users have increased knowledge of the applications Accuracy increases as users are able to gather more information

25. Requires critical mass to provide reliable ratings Ensuring authenticity of automated information and developing an appropriate metric is difficult Need to implement a light clustering algorithm to provide protection against a distributed attack

26. Potential bias for negative ratings Establish baseline for expected negative ratings per download Adjust Trust Index based on downloads and ratings Implement lightweight clustering technique to identify groups of malicious users Potential Root Mean Square algorithm to determine level of similarity between users Implement Yahoo Answers like point system

27. Look into providing static analysis of static privileges through Kirin system Implement / incorporate rest of the automated analysis

28. [1] TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, William Enck, Peter Gilbert, Byung-gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth, OSDI, October 2010. [2] R. Guha. Open rating systems. Technical report, Stanford University, 2003. [3]Leveraging Robust Service Evaluation by Introducing the Web of Trust, Cai, Sibo, Yanzhen Zou, Bing Xie, and Weizhong Shao, CLOUD '09 190-97. [4]Kui Meng; Yue Wang; Xu Zhang; Xiao-chun Xiao; Geng-du Zhang; , "Control Theory Based Rating Recommendation for Reputation Systems," Networking, Sensing and Control, 2006. ICNSC '06. Proceedings of the 2006 IEEE International Conference on , vol., no., pp.162- 167, [5]Rein, G.L.; , "Reputation Information Systems: A Reference Model," System Sciences, 2005. HICSS '05. Proceedings of the 38th Annual Hawaii International Conference on , vol., no., pp. 26a- 26a, 03-06 Jan. 2005 [6]L. Xiong and L. Liu. PeerTrust: Supporting Reputation-Based Trust for Peer-to-Peer Electronic Communities, in IEEE Transactions on Knowledge and Data Engineering, 16(7), 2004, pp. 843-857. [7]W. Enck, M. Ongtang, and P. McDaniel, On Lightweight Mobile Phone Application Certification, in Proceedings of ACM CCS , November 2009. [8]A. Cheng and E. Friedman, Sybilproof reputation mechanisms, in Proc. ACM SIGCOMM P2PECON workshop , pp. 128132, 2005.