Automated Detection of Abnormal Behaviors of Android Apps based on App Descriptions

• 1、Institution of Network Technology, Beijing University of Posts and Telecommunications, Beijing 100876
• 2、School of Computer Science, Beijing University of Posts and Telecommunications, Beijing 100876
• 3、School of Electronics Engineering and Computer Science, Peking University, Beijing 100871
• 4、School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876
• 5、School of Cyber Space Security, Beijing University of Posts and Telecommunications, Beijing 100876

Abstract：Whether the sensitive behaviors of mobile apps should be granted is related to the users\' expectation of the app. However, third-party libraries are widely used in Android apps. Third-party libraries could greatly impact the accuracy of abnormal behavior detection. Therefore, based on Natural Language Processing, machine learning and third-party libraries detection techniques, this paper has implemented an improved abnormal behavior detection tool by analyzing app description. First, this paper analyzes the app description using Natural Language Processing technique, and uses genetic algorithm to cluster apps based on app descriptions and identifies the optimal number of clusters, then this paper could obtain the app set of similar description (function). Then, the static analysis is applied to detect the third-party libraries and analyze the sensitive behaviors. Finally, in a collection of similar description android apps, the apps with abnormal behaviors are detected as outlier apps. This paper use the tool to analyze more than 276K apps in the Google Play app market, and experiment results show that the proposed method is effective to detect outlier apps, and the third-party libraries have a great impact on the abnormal behavior detection of Android apps.

Keywords： Android Third-party Library App description analysis Clustering Outlier detection