Association Analysis Based Detection System for Android Permission Abuse Attacks
CSTR:
Author:
  • Article
  • | |
  • Metrics
  • |
  • Reference [18]
  • |
  • Related [20]
  • | | |
  • Comments
    Abstract:

    In order to restrict the behaviors of applications, a permission system is designed in Android system. However, for the permissions granted by the users, applications will no longer be restricted and can use these permissions at will, which may cause the potential permission abuse attacks. To detect the permission abuse behaviors of applications, an association analysis based detection method was proposed. This method dynamically detects sensitive behaviors of applications and operations of users, then calculates the degree of association between them. Detection result will be obtained through comparing the differences between detected applications and benign applications. A prototype system named DroidDect was designed and implemented based on the above method. The experimental results show that permission abuse behaviors in Android applications can be effectively detected by DroidDect with advantages including low system overhead.

    Reference
    1 Smartphone OS Market Share, Q1 2015.http://www.idc.com/prodserv/smartphone-os-market-share.jsp[2015-05-27].
    2 Cybercriminals target Android platforms.http://www.av-comparatives.org/wp-content/uploads/2013/08/apkstores_investigation_2013.pdf[2013-08-26].
    3 Mobile Threat Report Q1 2014.https://www.f-secure.com/documents/996508/1030743/Mobile_Threat_Report_Q1_2014.pdf[2014-05-06].
    4 G Data Mobile Malware Report.https://public.gdatasoftware.com/Presse/Publikationen/Malware_Reports/G_DATA_MobileMWR_Q1_2015_US.pdf[2015-07-07].
    5 Grace M, Zhou Y, Zhang Q, et al.Riskranker:Scalable and accurate zero-day android malware detection.Proc.of the 10th International Conference on Mobile Systems, Applications, and Services.ACM.2012.281-294.
    6 Zhou Y, Jiang X.Dissecting android malware:Characterization and evolution.2012 IEEE Symposium on Security and Privacy(SP).IEEE.2012.95-109.
    7 Ristenpart T, Tromer E, Shacham H, et al.Hey, you, get off of my cloud:exploring information leakage in third-party compute clouds.Proc.of the 16th ACM Conf.on Computer and Communications Security.ACM.2009.199-212.
    8 Grace MC, Zhou Y, Wang Z, et al.Systematic Detection of Capability Leaks in Stock Android Smartphones.NDSS.2012.
    9 Yang W, Prasad MR, Xie T.A grey-box approach for automated GUI-model generation of mobile applications.Fundamental Approaches to Software Engineering.Springer Berlin Heidelberg, 2013:250-265.
    10 Michalevsky Y, Boneh D, Nakibly G.Gyrophone:Recognizing speech from gyroscope signals.Proc.of the 23rd USENIX Security Symposium(SEC'14).USENIX Association.2014.
    11 Virus Profile:Android/NickiSpy.A.http://home.mcafee.com/virusinfo/virusprofile.aspx?key=554488[2011-10-26].
    12 Dendroid malware can take over your camera, record audio, and sneak into Google Play.https://blog.lookout.com/blog/2014/03/06/dendroid/[2014-03-06].
    13 Zhou Y, Jiang X.Dissecting android malware:Characterization and evolution.2012 IEEE Symposium on Security and Privacy(SP).IEEE.2012.95-109.
    14 Enck W, Gilbert P, Han S, et al.TaintDroid:An information-flow tracking system for realtime privacy monitoring on smartphones.ACM Trans.on Computer Systems(TOCS), 2014, 32(2):5.
    15 Zhang Y, Yang M, Xu B, et al.Vetting undesirable behaviors in android apps with permission use analysis.Proc.of the 2013 ACM SIGSAC Conference on Computer & Communications Security.ACM.2013.611-622.
    16 Yang Z, Yang M, Zhang Y, et al.Appintent:Analyzing sensitive data transmission in android for privacy leakage detection.Proc.of the 2013 ACM SIGSAC Conference on Computer & Communications Security.ACM.2013.1043-1054.
    17 Camera.http://developer.android.com/guide/topics/media/camera.html[2013-06-04].
    18 Contrary to what you've heard, Android is almost impenetrable to malware.http://qz.com/131436/contrary-to-what-youve-heard-android-is-almost-impenetrable-to-malware/[2013-10-03].
    Cited by
    Comments
    Comments
    分享到微博
    Submit
Get Citation

陈宏伟,熊焰,黄文超,黄建盟.基于关联分析的Android权限滥用攻击检测系统.计算机系统应用,2016,25(4):36-42

Copy
Share
Article Metrics
  • Abstract:2162
  • PDF: 2533
  • HTML: 0
  • Cited by: 0
History
  • Received:August 16,2015
  • Revised:October 14,2015
  • Online: April 19,2016
Article QR Code
You are the first990453Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-3
Address:4# South Fourth Street, Zhongguancun,Haidian, Beijing,Postal Code:100190
Phone:010-62661041 Fax: Email:csa (a) iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063