PADetective: A systematic approach to automate detection of promotional attackers in mobile app store

Bo Sun, Xiapu Luo, Mitsuaki Akiyama, Takuya Watanabe, Tatsuya Mori

    Research output: Contribution to journalArticle

    Abstract

    Mobile app stores, such as Google Play, play a vital role in the ecosystem of mobile device software distribution platforms. When users find an app of interest, they can acquire useful data from the app store to inform their decision regarding whether to install the app. This data includes ratings, reviews, number of installs, and the category of the app. The ratings and reviews are the user-generated content (UGC) that affect the reputation of an app. Therefore, miscreants can leverage such channels to conduct promotional attacks; for example, a miscreant may promote a malicious app by endowing it with a good reputation via fake ratings and reviews to encourage would-be victims to install the app. In this study, we have developed a system called PADetective that detects miscreants who are likely to be conducting promotional attacks. Using a 1723-entry labeled dataset, we demonstrate that the true positive rate of detection model is 90%, with a false positive rate of 5.8%. We then applied our system to an unlabeled dataset of 57M reviews written by 20M users for 1M apps to characterize the prevalence of threats in the wild. The PADetective system detected 289K reviewers as potential PA attackers. The detected potential PA attackers posted reviews to 136K apps, which included 21K malicious apps. We also report that our system can be used to identify potentially malicious apps that have not been detected by anti-virus checkers.

    Original languageEnglish
    Pages (from-to)212-223
    Number of pages12
    JournalJournal of Information Processing
    Volume26
    DOIs
    Publication statusPublished - 2018 Jan 1

    Fingerprint

    Application programs
    Viruses
    Mobile devices
    Ecosystems
    Computer systems

    Keywords

    • Machine learning
    • Mobile app store
    • Promotional attack

    ASJC Scopus subject areas

    • Computer Science(all)

    Cite this

    PADetective : A systematic approach to automate detection of promotional attackers in mobile app store. / Sun, Bo; Luo, Xiapu; Akiyama, Mitsuaki; Watanabe, Takuya; Mori, Tatsuya.

    In: Journal of Information Processing, Vol. 26, 01.01.2018, p. 212-223.

    Research output: Contribution to journalArticle

    @article{c0d636e2a6d9459ba5e0af6aa1ec9e51,
    title = "PADetective: A systematic approach to automate detection of promotional attackers in mobile app store",
    abstract = "Mobile app stores, such as Google Play, play a vital role in the ecosystem of mobile device software distribution platforms. When users find an app of interest, they can acquire useful data from the app store to inform their decision regarding whether to install the app. This data includes ratings, reviews, number of installs, and the category of the app. The ratings and reviews are the user-generated content (UGC) that affect the reputation of an app. Therefore, miscreants can leverage such channels to conduct promotional attacks; for example, a miscreant may promote a malicious app by endowing it with a good reputation via fake ratings and reviews to encourage would-be victims to install the app. In this study, we have developed a system called PADetective that detects miscreants who are likely to be conducting promotional attacks. Using a 1723-entry labeled dataset, we demonstrate that the true positive rate of detection model is 90{\%}, with a false positive rate of 5.8{\%}. We then applied our system to an unlabeled dataset of 57M reviews written by 20M users for 1M apps to characterize the prevalence of threats in the wild. The PADetective system detected 289K reviewers as potential PA attackers. The detected potential PA attackers posted reviews to 136K apps, which included 21K malicious apps. We also report that our system can be used to identify potentially malicious apps that have not been detected by anti-virus checkers.",
    keywords = "Machine learning, Mobile app store, Promotional attack",
    author = "Bo Sun and Xiapu Luo and Mitsuaki Akiyama and Takuya Watanabe and Tatsuya Mori",
    year = "2018",
    month = "1",
    day = "1",
    doi = "10.2197/ipsjjip.26.212",
    language = "English",
    volume = "26",
    pages = "212--223",
    journal = "Journal of Information Processing",
    issn = "0387-5806",
    publisher = "Information Processing Society of Japan",

    }

    TY - JOUR

    T1 - PADetective

    T2 - A systematic approach to automate detection of promotional attackers in mobile app store

    AU - Sun, Bo

    AU - Luo, Xiapu

    AU - Akiyama, Mitsuaki

    AU - Watanabe, Takuya

    AU - Mori, Tatsuya

    PY - 2018/1/1

    Y1 - 2018/1/1

    N2 - Mobile app stores, such as Google Play, play a vital role in the ecosystem of mobile device software distribution platforms. When users find an app of interest, they can acquire useful data from the app store to inform their decision regarding whether to install the app. This data includes ratings, reviews, number of installs, and the category of the app. The ratings and reviews are the user-generated content (UGC) that affect the reputation of an app. Therefore, miscreants can leverage such channels to conduct promotional attacks; for example, a miscreant may promote a malicious app by endowing it with a good reputation via fake ratings and reviews to encourage would-be victims to install the app. In this study, we have developed a system called PADetective that detects miscreants who are likely to be conducting promotional attacks. Using a 1723-entry labeled dataset, we demonstrate that the true positive rate of detection model is 90%, with a false positive rate of 5.8%. We then applied our system to an unlabeled dataset of 57M reviews written by 20M users for 1M apps to characterize the prevalence of threats in the wild. The PADetective system detected 289K reviewers as potential PA attackers. The detected potential PA attackers posted reviews to 136K apps, which included 21K malicious apps. We also report that our system can be used to identify potentially malicious apps that have not been detected by anti-virus checkers.

    AB - Mobile app stores, such as Google Play, play a vital role in the ecosystem of mobile device software distribution platforms. When users find an app of interest, they can acquire useful data from the app store to inform their decision regarding whether to install the app. This data includes ratings, reviews, number of installs, and the category of the app. The ratings and reviews are the user-generated content (UGC) that affect the reputation of an app. Therefore, miscreants can leverage such channels to conduct promotional attacks; for example, a miscreant may promote a malicious app by endowing it with a good reputation via fake ratings and reviews to encourage would-be victims to install the app. In this study, we have developed a system called PADetective that detects miscreants who are likely to be conducting promotional attacks. Using a 1723-entry labeled dataset, we demonstrate that the true positive rate of detection model is 90%, with a false positive rate of 5.8%. We then applied our system to an unlabeled dataset of 57M reviews written by 20M users for 1M apps to characterize the prevalence of threats in the wild. The PADetective system detected 289K reviewers as potential PA attackers. The detected potential PA attackers posted reviews to 136K apps, which included 21K malicious apps. We also report that our system can be used to identify potentially malicious apps that have not been detected by anti-virus checkers.

    KW - Machine learning

    KW - Mobile app store

    KW - Promotional attack

    UR - http://www.scopus.com/inward/record.url?scp=85042108428&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85042108428&partnerID=8YFLogxK

    U2 - 10.2197/ipsjjip.26.212

    DO - 10.2197/ipsjjip.26.212

    M3 - Article

    AN - SCOPUS:85042108428

    VL - 26

    SP - 212

    EP - 223

    JO - Journal of Information Processing

    JF - Journal of Information Processing

    SN - 0387-5806

    ER -