| Popis: |
Smartphones carry a plethora of sensitive and personally identifiable information (PII) such as email addresses, GPS coordinates, names, and phone numbers. A common occurrence in the design of many popular smartphone applications is to harvest this user data for consumer market analysis and targeted advertising. Transmitting sensitive PII data without the user’s explicit knowledge has been given the name “information leakage Unfortunately, the permission systems employed by modern smartphone OSes are too coarse grained, presenting an “all or nothing” choice to users making it largely insufficient to defend against information leakage attacks. In this paper we propose a network-filtering based solution, which uses an entirely on-device VPN to capture and scan network packets for PII data. Our novelty is a specially designed string searching algorithm used to scan network packets, and a Naive Bayes classifier to learn and predict the user’s desired action when information leakage occurs. We evaluate and compare our work to other recent literature. We achieve 2MB/s throughput with our string searching algorithm and ~66% accuracy with our Naive Bayes classifier after building a training set of only 50 observations. |
