[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
article

Towards a threat assessment framework for apps collusion

Published: 01 November 2017 Publication History

Abstract

App collusion refers to two or more apps working together to achieve a malicious goal that they otherwise would not be able to achieve individually. The permissions based security model of Android does not address this threat as it is rather limited to mitigating risks of individual apps. This paper presents a technique for quantifying the collusion threat, essentially the first step towards assessing the collusion risk. The proposed method is useful in finding the collusion candidate of interest which is critical given the high volume of Android apps available. We present our empirical analysis using a classified corpus of over 29,000 Android apps provided by Intel SecurityTM.

References

[1]
Asavoae, I. M., Blasco, J., Chen, T. M., Kalutarage, H. K., Muttik, I., Nguyen, H. N., Roggenbach, M., & Shaikh, S. A. (2016). Towards automated android app collusion detection. In Aspinall, D., Cavallaro, L., Seghir, M. N., & M. Volkamer (Eds.), Proceedings of international workshop on innovations in mobile privacy and security 2016, CEUR Workshop Proceedings (pp. 29---37).
[2]
Marforio, C., Francillon, A., Capkun, S., Capkun, S., & Capkun, S. (2011). Application collusion attack on the permission-based security model and its implications for modern smartphone systems. ETH Zurich: Department of Computer Science.
[3]
Elish, K. O., Yao, D. D., & Ryder, B. G. (2015). On the need of precise inter-app icc classification for detecting android malware collusions. In Proceedings of IEEE mobile security technologies (MoST), in conjunction with the IEEE symposium on security and privacy.
[4]
Elish, K. O., Shu, X., Yao, D. D., Ryder, B. G., & Jiang, X. (2015). Profiling user-trigger dependence for android malware detection. Computers & Security, 49, 255---273.
[5]
La Polla, M., Martinelli, F., & Sgandurra, D. (2013). A survey on security for mobile devices. Communications Surveys Tutorials IEEE, 15(1), 446---471.
[6]
Marforio, C., Ritzdorf, H., Francillon, A., & Capkun, S. (2012). Analysis of the communication between colluding applications on modern smartphones. In Proceedings of the 28th annual computer security applications conference, ACM (pp. 51---60).
[7]
Schlegel, R., Zhang, K., Zhou, X. Y., Intwala, M., Kapadia, A., & Wang, X. (2011). Soundcomber: A stealthy and context-aware sound trojan for smartphones. In NDSS (Vol. 11, pp. 17---33).
[8]
Enck, W., Ongtang, M., & McDaniel, P. (2009). On lightweight mobile phone application certification. In Proceedings of the 16th ACM conference on Computer and communications security, ACM (pp. 235---245).
[9]
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., & Rieck, K. (2014). DREBIN: effective and explainable detection of android malware in your pocket. In 21st annual network and distributed system security symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014, The Internet Society.
[10]
Canfora, G., Lorenzo, A. D., Medvet, E., Mercaldo, F., & Visaggio, C. A. (2015) Effectiveness of opcode ngrams for detection of multi family android malware. In 10th International Conference on Availability, Reliability and Security, ARES 2015, (pp. 333---340). Toulouse, France.
[11]
Dai, G., Ge, J., Cai, M., Xu, D., & Li, W. (2015). Svm-based malware detection for android applications. In Proceedings of the 8th ACM conference on security & privacy in wireless and mobile networks (PP. 33:1---33:2), New York, NY.
[12]
Kate, P. M., & Dhavale, S. V. (2015). Two phase static analysis technique for android malware detection. In Proceedings of the Third International Symposium on Women in Computing and Informatics, WCI 2015, co-located with ICACCI 2015 (PP. 650---655), Kochi.
[13]
Li, Q., & Li, X. (2015). Android malware detection based on static analysis of characteristic tree. In 2015 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2015 (PP. 84---91), Xi'an, China.
[14]
Wang, Z., Li, C., Guan, Y., & Xue, Y. (2015). Droidchain: A novel malware detection method for android based on behavior chain. In: 2015 IEEE Conference on Communications and Network Security, CNS 2015 (PP. 727---728). Florence, Italy.
[15]
Han, H., Chen, Z., Yan, Q., Peng, L., & Zhang, L. (2015). A real-time android malware detection system based on network traffic analysis. In Algorithms and architectures for parallel processing-15th international conference, ICA3PP 2015, Zhangjiajie, China, November 18---20, 2015. Proceedings, Part III. (2015) (pp. 504---516).
[16]
Kim, K., & Choi, M. (2015). Android malware detection using multivariate time-series technique. In 17th Asia-Pacific network operations and management symposium, APNOMS 2015 (pp. 198---202). Busan, South Korea.
[17]
Song, F., & Touili, T. (2014). Model-checking for android malware detection. In Garrigue, J., (ed.) Programming Languages and Systems - 12th Asian Symposium, APLAS 2014 Singapore, November 17-19, 2014, Proceedings. Volume 8858 of Lecture notes in computer science (pp. 216---235). Springer.
[18]
Beaucamps, P., Gnaedig, I., & Marion, J. (2012). Abstraction-based malware analysis using rewriting and model checking. In Foresti, S., Yung, M., & Martinelli, F., (Eds.), Computer security - ESORICS 2012 - 17th European symposium on research in computer security, Pisa, Italy, September 10---12, 2012. Proceedings. Volume 7459 of Lecture Notes in Computer Science (pp. 806---823). Springer.
[19]
Burket, J., Flynn, L., Klieber, W., Lim, J., & Snavely, W. (2015). Making didfail succeed: Enhancing the cert static taint analyzer for android app sets. Technical Report MSU-CSE-00-2, Software Engineering Institute, Carnegie Mellon University, Pittsburgh,USA (March 2015).
[20]
Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., & McDaniel, P. (2014). Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In Proceedings of the 35th ACM SIGPLAN conference on programming language design and implementation, ACM (p. 29).
[21]
Fritz, C., Arzt, S., Rasthofer, S., Bodden, E., Bartel, A., Klein, J., & et al. (2013). Highly precise taint analysis for android applications. EC SPRIDE, TU Darmstadt: Tech. Rep.
[22]
Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., & Le Traon, Y. (2013). Effective inter-component communication mapping in android with epicc: An essential step towards holistic security analysis. In: USENIX Security 2013.
[23]
Li, L., Bartel, A., Bissyand, T., Klein, J., Le Traon, Y., Arzt, S., Siegfried, R., Bodden, E., Octeau, D., & Mcdaniel, P. (2015). IccTA: Detecting inter-component privacy leaks in android apps. In: Proceedings of the 37th International Conference on Software Engineering (ICSE 2015).
[24]
Ravitch, T., Creswick, E. R., Tomb, A., Foltzer, A., Elliott, T., Casburn, L. (2014). Multi-app security analysis with fuse: Statically detecting android app collusion. In Proceedings of the 4th program protection and reverse engineering workshop, ACM (p. 4)
[25]
Gordon, M. I., Kim, D., Perkins, J. H., Gilham, L., Nguyen, N., & Rinard, M. C. (2015). Information flow analysis of android applications in droidsafe. In NDSS.
[26]
Chin, E., Felt, A. P., Greenwood, K., & Wagner, D. (2011). Analyzing inter-application communication in android. In Proceedings of the 9th international conference on Mobile systems, applications, and services, ACM (2011) (pp. 239---252).
[27]
Sbirlea, D., Burke, M., Guarnieri, S., Pistoia, M., & Sarkar, V. (2013). Automatic detection of inter-application permission leaks in android applications. IBM Journal of Research and Development, 57(6), 10:1---10:12.
[28]
Maji, A. K., Arshad, F., Bagchi, S., Rellermeyer, J. S., & et al. (2012). An empirical study of the robustness of inter-component communication in android. In Dependable systems and networks (DSN), 2012 42nd annual IEEE/IFIP international conference on (pp. 1---12). IEEE.
[29]
Gasior, W., & Yang, L. (2011). Network covert channels on the android platform. In Proceedings of the seventh annual workshop on cyber security and information intelligence research, ACM (p. 61).
[30]
Gasior, W., & Yang, L. (2012). Exploring covert channel in android platform. In: Cyber Security (CyberSecurity), 2012 International Conference on (pp. 173---177).
[31]
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A. R., & Shastry, B. (2012). Towards taming privilege-escalation attacks on android. In NDSS.
[32]
Ritzdorf, H. (2012). Analyzing covert channels on mobile devices. PhD thesis, ETH Zürich, Department of Computer Science.
[33]
Bagheri, H., Sadeghi, A., Garcia, J., & Malek, S. (2015). Covert: Compositional analysis of android inter-app vulnerabilities. Technical report, Tech. Rep. GMU-CS-TR-2015-1, Department of Computer Science, George Mason University, 4400 University Drive MSN 4A5, Fairfax, VA 22030-4444 USA.
[34]
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B. G., Cox, L. P., et al. (2014). Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), 32(2), 5.
[35]
Rasthofer, S., Arzt, S., Lovat, E., & Bodden, E. (2014). Droidforce: Enforcing complex, data-centric, system-wide policies in android. In Availability, Reliability and Security (ARES), 2014 Ninth International Conference on (pp. 40---49). IEEE.
[36]
Klieber, W., Flynn, L., Bhosale, A., Jia, L., & Bauer, L. (2014). Android taint flow analysis for app sets. In Proceedings of the 3rd ACM SIGPLAN international workshop on the state of the art in java program analysis, ACM (pp. 1---6).
[37]
Tax, D. M. (2001). One-class classification. Delft: Delft University of Technology.
[38]
Neyman, J., & Pearson, E. S. (1992). On the problem of the most efficient tests of statistical hypotheses. New York: Springer.
[39]
Kalutarage, H.K., Lee, C., Shaikh, S.A., Sung, F.L.B.: Towards an early warning system for network attacks using bayesian inference. In Cyber security and cloud computing (CSCloud), 2015 IEEE 2nd international conference on. (pp. 399---404).
[40]
Kalutarage, H. K., Shaikh, S. A., Wickramasinghe, I. P., Zhou, Q., & James, A. E. (2015). Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks. Computers and Electrical Engineering, 47, 327---344.
[41]
Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Potharaju, R., Nita-Rotaru, C., & Molloy, I. (2012) Using probabilistic generative models for ranking risks of android apps. In: Proceedings of the 2012 ACM conference on Computer and communications security, ACM (pp. 241---252)
[42]
Krishnamoorthy, K. (2015). Handbook of statistical distributions with applications. Boca Raton: CRC Press.
[43]
Sarma, B. P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., & Molloy, I. (2012) Android permissions: A perspective combining risks and benefits. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, ACM (pp. 13---22).
[44]
Haris, M., Haddadi, H., & Hui, P. (2014) Privacy leakage in mobile computing: Tools, methods, and characteristics. arXiv preprint arXiv:1410.4978
[45]
Elish, K. O., Yao, D., & Ryder, B. G. (2015) On the need of precise inter-app ICC classification for detecting Android malware collusions. In: MoST.
[46]
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., & Sadeghi, A. R. (2011) Xmandroid: A new android evolution to mitigate privilege escalation attacks. Technische Universität Darmstadt, Technical Report TR-2011-04.

Cited By

View all
  • (2023)Android Source Code Vulnerability Detection: A Systematic Literature ReviewACM Computing Surveys10.1145/355697455:9(1-37)Online publication date: 16-Jan-2023
  • (2022)Blackmarket-Driven Collusion on Online Media: A SurveyACM/IMS Transactions on Data Science10.1145/35179312:4(1-37)Online publication date: 17-May-2022
  • (2021)Naive Bayes: applications, variations and vulnerabilities: a review of literature with code snippets for implementationSoft Computing - A Fusion of Foundations, Methodologies and Applications10.1007/s00500-020-05297-625:3(2277-2293)Online publication date: 1-Feb-2021
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Telecommunications Systems
Telecommunications Systems  Volume 66, Issue 3
November 2017
227 pages

Publisher

Kluwer Academic Publishers

United States

Publication History

Published: 01 November 2017

Author Tags

  1. Android security
  2. Apps collusion
  3. Bayesian
  4. Statistical modelling
  5. Threat assessment

Qualifiers

  • Article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)0
  • Downloads (Last 6 weeks)0
Reflects downloads up to 20 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2023)Android Source Code Vulnerability Detection: A Systematic Literature ReviewACM Computing Surveys10.1145/355697455:9(1-37)Online publication date: 16-Jan-2023
  • (2022)Blackmarket-Driven Collusion on Online Media: A SurveyACM/IMS Transactions on Data Science10.1145/35179312:4(1-37)Online publication date: 17-May-2022
  • (2021)Naive Bayes: applications, variations and vulnerabilities: a review of literature with code snippets for implementationSoft Computing - A Fusion of Foundations, Methodologies and Applications10.1007/s00500-020-05297-625:3(2277-2293)Online publication date: 1-Feb-2021
  • (2020)Pleasure or pain? An evaluation of the costs and utilities of bloatware applications in android smartphonesJournal of Network and Computer Applications10.1016/j.jnca.2020.102578157:COnline publication date: 1-Jul-2020

View Options

View options

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media