Desain Penilaian Risiko Privasi pada Aplikasi Seluler Melalui Model Machine Learning Berbasis Ensemble Learning dan Multiple Application Attributes
DOI:
https://doi.org/10.25126/jtiik.20241047029Abstrak
Aplikasi berbasis Android banyak dikembangkan dan tersedia secara bebas di berbagai sumber aplikasi karena sistem operasi Android yang bersifat open-source. Namun, tidak semua penyedia aplikasi memberikan informasi detail mengenai aspek keamanan aplikasi, sehingga pengguna mengalami kesulitan untuk menilai dan memahami risiko keamanan privasi yang mereka hadapi. Pada penelitian ini kami mengusulkan desain penilaian risiko privasi melalui pendekatan analisis permission dan informasi atribut aplikasi. Kami menggunakan ensemble learning untuk mengatasi kelemahan dari penggunaan model klasifikasi tunggal. Penilaian likelihood dilakukan dengan mengombinasikan prediksi ensemble learning dan informasi multiple application attributes, sementara penilaian severity dilakukan dengan memanfaatkan jumlah dan karakteristik permission. Sebuah matriks risiko dibentuk untuk menghitung nilai risiko privasi aplikasi dan dataset CIC-AndMal2017 digunakan untuk mengevaluasi model ensemble learning dan desain penilaian risiko privasi. Hasil percobaan menunjukkan bahwa penerapan ensemble learning dengan algoritma klasifikasi Decision Tree (DT), K-Nearest Neighbor (KNN), dan Random Forest (RF) memiliki performa model yang lebih baik dibandingkan dengan menggunakan algoritma klasifikasi tunggal, dengan accuracy sebesar 95.2%, nilai precision 93.2%, nilai F1-score 92.4%, dan True Negative Rate (TNR) sebesar 97.6%. Serta, desain penilaian risiko mampu menilai aplikasi secara efektif dan objektif.
Abstract
Since the Android operating system is open-source, many Android-based applications are developed and freely available in app stores. However, not all developers of applications supply detailed information about the app's security aspects, making it difficult for users to assess and understand the risk of privacy breaches they confront. We propose a privacy risk assessment design in this study using an analytical approach to app permissions and attribute information. We use ensemble learning to overcome the drawbacks of using a single classification model. The likelihood assessment is performed by combining ensemble learning predictions and information on multiple application attributes, while the severity assessment is performed by utilizing the number and characteristics of permissions. A risk matrix was created to calculate the value of application privacy risk, and the CIC-AndMal2017 dataset was used to evaluate the ensemble learning model and privacy risk assessment designs. The experimental results show that the application of ensemble learning with the Decision Tree (DT), K-Nearest Neighbor (KNN), and Random Forest (RF) classification algorithms provides better model performance compared to using a single classification algorithm, with an accuracy of 95.2%, a precision value of 93.2%, a F1-score of 92.4%, and a True Negative Rate (TNR) of 97.6%. In addition, the risk assessment design can to assess the application effectively and objectively.
Downloads
Referensi
ABOOSH, O.S.A. AND ALDABBAGH, O.A.I. 2021. Android Adware Detection Model Based on Machine learning Techniques. 2021 International Conference on Computing and Communications Applications and Technologies (I3CAT). pp. 98-104.
https://doi.org/10.1109/I3CAT53310.2021.9629400
ALEPIS, E. AND PATSAKIS, C. 2019. Unravelling Security Issues of Runtime Permissions in Android. Journal of Hardware and Systems Security 3.
https://doi.org/10.1007/s41635-018-0053-2
ALSHEHRI, A. ET AL. 2019. Puredroid: Permission usage and risk estimation for android applications. Proceedings of the 2019 3rd International Conference on Information System and Data Mining. https://doi.org/10.1145/3325917.3325941
ARSLAN, R.S. 2021. Identify Type of Android Malware with Machine learning Based Ensemble Model. 2021 5th International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT).
https://doi.org/10.1109/ISMSIT52890.2021.9604661
CYBERSECURITY, C.I.F. 2017. Android Malware Dataset (CIC-AndMal2017). In C. I. f. Cybersecurity ed. University of New Brunswick.
DEGIRMENCI, K. 2020. Mobile users’ information privacy concerns and the role of app permission requests. International Journal of Information Management 50 261-272.
https://doi.org/10.1016/j.ijinfomgt.2019.05.010
DEL ALAMO, J.M., GUAMAN, D., BALMORI, B. AND DIEZ, A. 2021. Privacy Assessment in Android Apps: A Systematic Mapping Study. Electronics 10(16) 1999.
FIKY, A.H.E., ELSHENAWY, A. AND MADKOUR, M.A. 2021. Detection of Android Malware using Machine learning. 2021 International Mobile, Intelligent, and Ubiquitous Computing Conference (MIUCC).
https://doi.org/10.1109/MIUCC52538.2021.9447661
FITNI, Q.R.S. AND RAMLI, K. 2020. Implementation of Ensemble Learning and Feature Selection for Performance Improvements in Anomaly-Based Intrusion Detection Systems. 2020 IEEE International Conference on Industry 4.0, Artificial Intelligence, and Communications Technology (IAICT).
https://doi.org/10.1109/IAICT50021.2020.9172014
GLOBALSTATS 2022. Mobile Operating System Market Share Worldwide. StatCounter. <https://gs.statcounter.com/os-market-share/mobile/worldwide> [Diakses 2 Januari 2022]
GONG, M. 2021. A novel performance measure for machine learning classification. International Journal of Managing Information Technology (IJMIT) Vol 13.
HATAMIAN, M., MOMEN, N., FRITSCH, L. AND RANNENBERG, K. 2019. A Multilateral Privacy Impact Analysis Method for Android Apps. Privacy Technologies and Policy, Cham, Springer International Publishing.
IRWANSYAH SAPUTRA, D.A.K. 2022. Machine learning Untuk Pemula. Maret 2022 ed. Bandung: INFORMATIKA Bandung.
KASSA, S.G. 2017. IT Asset Valuation, Risk Assessment and Control Implementation Model. ISACA Journal 3.
LASHKARI, A.H., KADIR, A.F.A., TAHERI, L. AND GHORBANI, A.A. 2018. Toward Developing a Systematic Approach to Generate Benchmark Android Malware Datasets and Classification. 2018 International Carnahan Conference on Security Technology (ICCST).
https://doi.org/10.1109/CCST.2018.8585560
MOHAMAD ARIF, J. ET AL. 2021. A static analysis approach for Android permission-based malware detection systems. PloS one 16(9) e0257968-e0257968.
https://doi.org/10.1371/journal.pone.0257968
ONO, J.P., FREIRE, J. AND SILVA, C.T. 2021. Interactive Data Visualization in Jupyter Notebooks. Computing in Science & Engineering 23(2) 99-106.
https://doi.org/10.1109/MCSE.2021.3052619
RASHID IDRIS, M. 2018. Permission Based Risk Assessment for Enhancing Privacy of Android Users. School of Electrical Engineering and Computer Science. Stockholm, KTH Royal Institute of Technoloogy. 86.
RAZAK, M.F.A. ET AL. 2018. Bio-inspired for Features Optimization and Malware Detection. Arabian Journal for Science and Engineering 43(12) 6963-6979.
https://doi.org/10.1007/s13369-017-2951-y
SANGAL, A. AND VERMA, H.K. 2020. A static feature selection-based android malware detection using machine learning techniques. 2020 International conference on smart electronics and communication (ICOSEC), IEEE.
SENGKEY, D.F. ET AL. 2020. Pemanfaatan Plaform Pemrograman Daring dalam Machine learning Probabilitas dan Statistika di Masa Pandemi CoVID-19. Jurnal Teknik Informatika 15(4) 257-264.
XIAO, J. ET AL. 2020. An Android application risk evaluation framework based on minimum permission set identification. Journal of Systems and Software 163 110533.
https://doi.org/10.1016/j.jss.2020.110533
YANG, Y., DU, X. AND YANG, Z. 2021. PRADroid: Privacy Risk Assessment for Android Applications. 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP).
https://doi.org/10.1109/CSP51677.2021.9357608
ZELINKA, I. AND AMER, E. 2019. An ensemble-based malware detection model using minimum feature set. MENDEL 25(2), pp. 1-10.
Unduhan
Diterbitkan
Terbitan
Bagian
Lisensi
Artikel ini berlisensi Creative Common Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)
Penulis yang menerbitkan di jurnal ini menyetujui ketentuan berikut:
- Penulis menyimpan hak cipta dan memberikan jurnal hak penerbitan pertama naskah secara simultan dengan lisensi di bawah Creative Common Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) yang mengizinkan orang lain untuk berbagi pekerjaan dengan sebuah pernyataan kepenulisan pekerjaan dan penerbitan awal di jurnal ini.
- Penulis bisa memasukkan ke dalam penyusunan kontraktual tambahan terpisah untuk distribusi non ekslusif versi kaya terbitan jurnal (contoh: mempostingnya ke repositori institusional atau menerbitkannya dalam sebuah buku), dengan pengakuan penerbitan awalnya di jurnal ini.
- Penulis diizinkan dan didorong untuk mem-posting karya mereka online (contoh: di repositori institusional atau di website mereka) sebelum dan selama proses penyerahan, karena dapat mengarahkan ke pertukaran produktif, seperti halnya sitiran yang lebih awal dan lebih hebat dari karya yang diterbitkan. (Lihat Efek Akses Terbuka).