Jiawei Zhu

Permission-based abnormal application detection for android

Android has become one of the most popular mobile operating system because of numerous applications it provides. Android Market is the official application store which allows users to search and install applications to their Android devices. However, with the increasingly number of applications, malware is also beginning to turn up in app stores. To mitigate the security problem brought by malware, we put forward a novel permission-based abnormal application detection framework which identifies potentially dangerous apps by the reliability of their permission lists. To judge the reliability of apps permissions, we make use of the relation between apps description text and its permission list. In detail, we use Naive Bayes with Multinomial Event Model algorithm to build the relation between the description and the permission list of an application. We evaluate this framework with 5,685 applications in Android Market and find it effective in identifying abnormal application in Android Market.

Privacy protection in social networks using l -diversity

With the increasing popularity of online social networks, such as twitter and weibo, privacy preserving publishing of social network data has raised serious concerns. In this paper, we focus on the problem of preserving the sensitive attribute of the node in social network data. We call a graph l-diversity anonymous if all the same degree nodes in the graph form a group in which the frequency of the most frequent sensitive value is at most

Location Semantics Protection Based on Bayesian Inference

\frac{1}{l}

A Hybrid Approach for Privacy Preservation in Location Based Queries

. To achieve this objective, we devise an efficient heuristic algorithm via graphic l-diverse partition and also use three anonymous strategies(AdjustGroup, RedirectEdges, AssignResidue)to optimize the heuristic algorithm. Finally, we verify the effectiveness of the algorithm through experiments.

API Sequences Based Malware Detection for Android

In mobile Internet, popular Location-Based Services (LBSs) recommend Point-of-Interest (POI) data according to physical positions of smartphone users. However, untrusted LBS providers can violate location privacy by analyzing user requests semantically. Therefore, this paper aims at protecting user privacy in location-based applications by evaluating disclosure risks on sensitive location semantics. First, we introduce a novel method to model location semantics for user privacy using Bayesian inference and demonstrate details of computing the semantic privacy metric. Next, we design a cloaking region construction algorithm against the leakage of sensitive location semantics. Finally, a series of experiments evaluate this solution’s performance to show its availability.

Edges Protection in Multiple Releases of Social Network Data

With rapidly popular location-aware applications, location privacy becomes an emerging issue. This paper studies how to protect the two-fold privacy for both client-side and server-side in location-based queries. This technique is a significant component in privacy-friendly Location Based Services (LBS). Participants protect their own privacy. The LBS server protects against excessive disclose of location records in its Points of Interest (POIs) database while the mobile user protects his exact location by the cloaking technique. The proposed hybrid approach can achieve the challenging goal. Our solution integrates the cloaking technique with a cryptographic protocol, Private Set Intersection (PSI). In addition, this solution is secure in malicious model and also practical.

Privacy Protection against Query Prediction in Location-Based Services

To mitigate security problem brought by Android malware, various work has been proposed such as behavior based malware detection and data mining based malware detection. In this paper, we put forward a novel Android malware detection model using data mining techniques. We design an algorithm with two steps. The first step is modeling Android application code into graph structure, called API control flow graph by us. Next step is calculating API sequences fulfilling minimum intra-family support in each malware family because malware in malware family usually share similar behavior pattern. Finally, supervised learning method is took advantage in building our malware detecting model with API sequences as input features. We evaluate this model with 1200 applications, half of them are malicious and half are benign, and find it effective in identifying Android malware and even unknown malware.

Sensitive edges protection in social networks

With the increasing popularity of online social networks, such as twitter and weibo, privacy preserving publishing of social network data has raised serious concerns. Previous works only consider a single static release of social network data, which are not inadequate for analyzing the evolution of social networks. In this paper, we focus on the problem of preserving edges when edges are deleted or added in multiple releases of social network data. To achieve this objective, we propose the Dynamic Safety Condition, which effectively constrains nodes partition to ensure sparsity of edges between any two group. Using this condition, we devise the heuristic algorithm DEP, which anonymizes a sequential graphs to satisfy the privacy objective. Finally, we verify the effectiveness of the algorithm through experiments.

Appearance similarity evaluation for Android applications

In mobile Internet, Location-Based Services (LBSs) as a popular kind of context-aware recommendation systems can recommend Point of Interest (POI) data according to current locations of users. However, the inherent feature leads to leak sensitive location information of users into untrusted LBS providers. This paper aims at the location privacy problem on query prediction which forecasts next locations and violates user privacy seriously. To tackle this, we propose a novel location privacy protection solution. The contribution is three-fold. First, we model query prediction on cloaking regions using the Bayesian inference. Next, the proposed location anonymization method can generalize locations into safer cloaking regions against such query prediction attacks. Finally, a series of experiments evaluate the performance of this solution and demonstrate its availability.

Method for implementing public key cryptography for resisting cold boot attack

With the increasing popularity of online social networks, such as twitter and weibo, privacy preserving publishing of social network data has raised serious concerns. In this paper, we focus on the problem of preserving the sensitive edges in social network data. We call a graph is k-sensitive anonymous if the probability of an attacker can re-identify a sensitive node or a sensitive edge is at most