Abstract
Banking has stepped into the world with high-tech makeover by making the services as digitalized by means of mobile applications. Due to this digitalization, customer satisfaction and ease of use improved, especially in the case of retail banking. At the same time, there is a chance of getting our data compromised due to vulnerabilities in the mobile banking applications. These vulnerabilities exposed to threats may lead to security risk and finally cause damage to our assets. The quest to identify vulnerabilities in the mobile applications is now an emerging research area. Because, in previous days, hackers did damage to our assets for their fame but now, they are trying for espionage action and for getting the financial gain. We analyzed mobile applications of reputed banks in India. The main focus of this work is twofold. First, static code analysis (SCA) tools are used in this work to identify the vulnerabilities. But SCA tools are infeasible because of raising unexploitable vulnerabilities. Second, to partially solve this issue, we used machine learning classification algorithm for calculating the occurrence rate of the vulnerability in the mobile applications. We are alerting the banks by assigning rank to each vulnerability in the application based on the impact caused by that vulnerability by coupling the occurrence rate with severity score calculated by using common vulnerability scoring system (CVSS) score.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
He, Wu, et al. 2015. Understanding Mobile Banking Applications’ Security risks through Blog Mining and the Workflow Technology.
Maiya, Rajashekara. 2017. How to be a Truly Digital Bank. Journal of Digital Banking 1 (4): 338–348.
Mobile Banking 2015. Global Trends and their Impact on Banks Produced in Collaboration with and Using Primary Survey Data Supplied by UBS Evidence Lab.
Ramakrishna Murty, M., J.V.R. Murthy, and P.V.G.D. Prasad Reddy. 2011. Text document Classification Based on a Least Square Support Vector Machines with Singular Value Decomposition. International Journal of Computer Application (IJCA) 27 (7): 21–26.
https://thefinancialbrand.com/74044/mobile-banking-features-digital-security.
https://www.infopoint-security.de/media/Trustwave_2018-GSR_20180329_Interactive.pdf.
Nath, Hiran V., and Babu M. Mehtre. 2014. Static Malware Analysis Using Machine Learning Methods. In International Conference on Security in Computer Networks and Distributed Systems. Berlin: Springer.
Sadeghi, Alireza. 2017. Efficient Permission-Aware Analysis of Android Apps Dissertation. Diss. University of California, IRVINE.
Koc, Ugur, et al. 2017. Learning a Classifier for False Positive Error Reports Emitted by Static Code Analysis Tools. In Proceedings of the 1st ACM SIGPLAN International Workshop on Machine Learning and Programming Languages. ACM.
Bhatnagar, V., R. Majhi, and P.R. Jena. 2017. Comparative Performance Evaluation of Clustering Algorithms for Grouping Manufacturing Firms. Arabian Journal for Science and Engineering, August 2017.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Majeti, S.S., Habib, F., Janet, B., Dhavale, N.P. (2020). Study and Ranking of Vulnerabilities in the Indian Mobile Banking Applications Using Static Analysis and Bayes Classification. In: Raju, K., Govardhan, A., Rani, B., Sridevi, R., Murty, M. (eds) Proceedings of the Third International Conference on Computational Intelligence and Informatics . Advances in Intelligent Systems and Computing, vol 1090. Springer, Singapore. https://doi.org/10.1007/978-981-15-1480-7_5
Download citation
DOI: https://doi.org/10.1007/978-981-15-1480-7_5
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-1479-1
Online ISBN: 978-981-15-1480-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)