Android共谋攻击检测模型

doi:10.11959/j.issn.1000-436x.2018095

Abstract

Abstract:

In order to solve the problem of poor efficiency and low accuracy of Android collusion detection,an Android collusion attack model based on component communication was proposed.Firstly,the feature vector set was extracted from the known applications and the feature vector set was generated.Secondly,the security policy rule set was generated through training and classifying the privilege feature set.Then,the component communication finite state machine according to the component and communication mode feature vector set was generated,and security policy rule set was optimized.Finally,a new state machine was generated by extracting the unknown application’s feature vector set,and the optimized security policy rule set was matched to detect privilege collusion attacks.The experimental results show that the proposed model has better detective efficiency and higher accuracy.

Key words: Android security, collusion attack, component communication, security policy rule set, finite state machine

CLC Number:

TP309.7

Hongyu YANG,Zaiming WANG. Android collusion attack detection model[J]. Journal on Communications, 2018, 39(6): 27-36.

Figures/Tables 13

References 24

[1]	McaAfee Research Institute. . McAfee labs threats report[R]. 2016: 1-53.
[2]	FELT A P , WANG H J , MOSHCHUK A ,et al. Permission re-delegation:attacks and defenses[C]// USENIX Security Symposium. 2011: 30-31.
[3]	WU L , DU X , ZHANG H . An effective access control scheme for preventing permission leak in Android[C]// 2015 International Computing,Networking and Communications Conference. 2015: 57-61.
[4]	BLASCO J , CHEN T M . Automated generation of colluding apps for experimental research[J]. Journal of Computer Virology and Hacking Techniques, 2017,36(17): 1-12.
[5]	ARZT S , RASTHOFER S , FRITZ C ,et al. Flowdroid:Precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for android apps[J]. ACM Sigplan Notices, 2014,49(6): 259-269.
[6]	ASAVOAE I M , NGUYEN H N , ROGGENBACH M ,et al. Utilising semantics for collusion detection in Android applications[C]// International Workshop on Formal Methods for Industrial Critical Systems. 2016: 142-149.
[7]	BOSU A , LIU F , YAO D ,et al. Collusive data leak and more:Large-scale threat analysis of inter-app communications[C]// 2017 ACM Conference on Computer and Communications Security. 2017: 71-85.
[8]	WEI F , ROY S , OU X . Amandroid:a precise and general inter-component data flow analysis framework for security vetting of android apps[C]// 2014 ACM SIGSAC Conference on Computer and Communications Security. 2014: 1329-1341.
[9]	LI L , BARTEL A , BISSYANDE T F ,et al. ApkCombiner:combining multiple android appsto support inter-app analysis[C]// IFIP International Information Security Conference. 2015: 513-527.
[10]	SCHLEGEL R , ZHANG K , ZHOU X ,et al. Soundcomber:a stealthy and context-aware sound trojan for smartphones[C]// The 2015 Network and Distributed System Security Conference. 2011: 17-33.
[11]	BARTEL A , KLEIN J , LE TRAON Y ,et al. Automatically securing permission-based software by reducing the attack surface:An application to android[C]// The 27th ACM International Conference on Automated Software Engineering. 2012: 274-277.
[12]	SADEGHI A , BAGHERI H , MALEK S . Analysis of android inter-app security vulnerabilities using COVERT[C]// The 37th IEEE International Conference on Software Engineering. 2015: 725-728.
[13]	MERCALDO F , VISAGGIO C A , CANFORA G ,et al. Mobile malware detection in the real world[C]// ACM International Conference on Software Engineering. 2016: 744-746.
[14]	KALUTARAGE H K , LEE C , SHAIKH S A ,et al. Towards an early warning system for net work attacks using bayesian inference[C]// 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing. 2015: 399-404.
[15]	SCHAPIRE R E . Explaining adaboost[M]. Berlin,Germany: Springer-VerlagPress, 2013: 37-52.
[16]	GILL A . Introduction to the theory of finite-state machines[J]. Mathematics of Computation, 1964,92(29): 63-74.
[17]	MCLLROY S , ALI N , HASSAN A E . Fresh apps:an empirical study of frequently-updated mobile apps in the Google play store[J]. Empirical Software Engineering, 2016,21(3): 1346-1370.
[18]	CHO T , KIM H , LEE J ,et al. A scheme for identifying malicious applications based on API characteristics[J]. Journal of the Korea Institute of Information Security and Cryptology, 2016,26(1): 187-196.
[19]	KIM H , CHO T , AHN G J ,et al. Risk assessment of mobile applications based on machine learned malware dataset[J]. Multimedia Tools and Applications, 2017,35(23): 1-16.
[20]	AGRAWAL A , SIMON G , KARSAI G . Semantic translation of Simulink/Stateflow models to hybrid automata using graph transformations[J]. Electronic Notes in Theoretical Computer Science, 2004,109(11): 43-56.
[21]	DHAVALE S , LOKHANDE B . Comnoid:information leakage detection using data flow analysis on Android devices[J]. International Journal of Computer Applications, 2016,134(7): 1-18.
[22]	OCTEAU D , LUCHAUP D , DERING M ,et al. Composite constant propagation:application to android inter-component communication analysis[C]// The 37th International Conference on Software. 2015: 77-88.
[23]	BOSU A , LIU F , YAO D D ,et al. Collusive data leak and more:large-scale threat analysis of inter-app communications[C]// The 2017 ACM on Asia Conference on Computer and Communications Security. 2017: 71-85.
[24]	GORDON M I , KIM D , PERKINS J H ,et al. Information flow analysis of Android applications in DroidSafe[C]// 2015 Network and Distributed System Security Conference. 2015: 1-16.

Metrics

Recommended 0

No Suggested Reading articles found!

符号	说明	符号	说明	符号	说明
Λ	应用数据集	L_τ	分类阈值	W_i	应用的权限
?	共谋应用对集合	L_com	通信判定值	C	共谋应用
P(C\|W_i)	出现权限W_i的应用是共谋应用的条件概率	P(C)	应用中存在共谋应用的概率	H	非共谋应用
P(W_i\|C)	共谋应用中权限W_i出现的概率	P(H)	应用中非共谋应用的概率	P(W_i\|H)	非共谋应用中权限 W_i出现的概率
G	有限状态机	Q	应用所有组件状态的非空有限集合	Σ	输入字符表（符号的非空有限集合）
q₀	组件某一初始状态	δ	状态转移函数	F	接受（最终）状态集合
A	应用	α	Activities组件的集合	β	A中Services组件的集合
γ	A中Broadcast Receivers组件集合	ξ	A中与Intent相关的API调用	ζ(ξ)	ξ中所有操作字符串的集合
V	图的点集合	S(ξ)	ξ中发送Intent传递信息的组件集	T(ξ)	接收Intent处理信息的组件集
E	图的边集合	G(V,E)	应用的图表示	G^u=(V,E)	应用图的融合表示
ξ_i	Intent的API调用	S(ξ_k)	ξ_k中发送和接收Intent的组件集		G^d=(V^d,E^d) 应用融合图优化后表示
E^d	融合图的边	V^d	融合图的点	M	状态机
TP	真正	FP	误报	TN	真负
FN	漏报	TPR	真正率	FPR	误报率
ACC	准确率	ERR	差错率

权限名称	共谋应用概率(排名)	非共谋应用概率(排名)
INTERNET	95(1)	84(1)
ACCESS_NETWORK_STATE	92(2)	78(2)
READ_PHONE_STATE	89(3)	82(5)
WRITE_EXTERNAL_STORAGE	84(4)	65(3)
ACCESS_WIFI_STATE	80(5)	42(6)
WAKE_LOCK	75(6)	58(4)
ACCESS_COARSE_LOCATION	73(7)	30(10)
ACCESS_FINE_LOCATION	70(8)	36(9)
RECEIVE_BOOT_COMPLETED	63 (9)	46(7)
VIBRATE	60(10)	39(8)

检测工具	DroidBench			共谋样本APP
检测工具	失败/个	Intent传递/个	耗时/s	失败/个	Intent传递/个	耗时/s
IC3工具	0	850	1 600	20	3 145	6 300
本文模型	0	1 030	1 450	5	4 029	6 090

检测环境	样本	Amandroid	COVERT	DroidSafe	本文模型
	1	N/A	Y	Y	N/A
	2	Y	N/A	Y	Y
	3	N	N/A	N	Y
	4	Y	N/A	N	Y
DroidBench	5	Y	N/A	Y	Y
	6	Y	N/A	N	N/A
	7	N	N/A	N	Y
	8	N/A	N/A	N	Y
	9	N/A	N/A	Y	Y
	10	Y	Y	Y	Y
	11	Y	N/A	N	Y
	12	N/A	N/A	Y	Y
	13	Y	N/A	Y	Y
	14	N	N/A	Y	Y
ICC-Bench	15	Y	N/A	Y	Y
	16	Y	N/A	Y	Y
	17	N/A	Y	N/A	Y
	18	Y	Y	Y	Y
	19	Y	N/A	Y	Y
	20	Y	N	Y	Y

Android collusion attack detection model

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 13

References 24

Related Articles 15

Metrics

Recommended 0

[1]	Youliang TIAN, Maoqing TIAN, Hongfeng GAO, Miao HE, Jinbo XIONG. Cooperation-based location authentication scheme for crowdsensing applications [J]. Journal on Communications, 2022, 43(9): 121-133.
[2]	Xiaodong FU, Xinxin QI, Li LIU, Wei PENG, Jiaman DING, Fei DAI. Detecting and preventing collusion attack in DPoS based on power index [J]. Journal on Communications, 2022, 43(12): 123-133.
[3]	Yubo SONG, Qi CHEN, Rui SONG, Aiqun HU. Android application privacy protection mechanism based on virtual machine bytecode injection [J]. Journal on Communications, 2021, 42(6): 171-181.
[4]	Shichang XUAN, Hao TANG, Wu YANG. Method for detecting collusion attack node in road condition information sharing based on reputation point [J]. Journal on Communications, 2021, 42(4): 158-168.
[5]	Lei SUN,Zhiyuan ZHAO,Jianhua WANG,Zhiqiang ZHU. Attribute-based encryption scheme supporting attribute revocation in cloud storage environment [J]. Journal on Communications, 2019, 40(5): 47-56.
[6]	Xiao-dong YANG,Miao-miao YANG,Guo-juan GAO,Ya-nan LI,Xiao-yong LU,Cai-fen WANG. ID-based server-aided verification signature scheme with strong unforgeability [J]. Journal on Communications, 2016, 37(6): 49-55.
[7]	. Dynamic situation gateway based systemcooperation access gatel model [J]. Journal on Communications, 2013, 34(Z1): 18-147.
[8]	Shu-hang GUO,Yu ZHANG. Dynamic situation gateway based system cooperation access gatel model [J]. Journal on Communications, 2013, 34(Z1): 142-147.
[9]	Jiu-xin CAO,Jiang-lin WU,Guo-jin WANG,Bo LIU,Peng-wei YANG,Dan DONG. Alloy-based verification of Web service composition [J]. Journal on Communications, 2012, 33(Z2): 1-8.
[10]	Bo XU,Ming CHEN,Xiang-lin WEI. Hidden Markov model based P2P flow identification technique [J]. Journal on Communications, 2012, 33(6): 55-63.
[11]	Lei XIE,Jiao-long WEI,Guang-xi ZHU. Improved FSM-based method for protocol conformance testing [J]. Journal on Communications, 2011, 32(6): 172-176.
[12]	Shao-hui LIU,Lu HAN,Hong-xun YAO. Video watermarking algorithm for resisting collusion attacks [J]. Journal on Communications, 2010, 31(1): 14-19.
[13]	Wei WANG,Wen-hong ZHAO,Feng-hua LI,Jian-feng MA. EBS-based efficient and secure group key management in wireless sensor networks [J]. Journal on Communications, 2009, 30(9): 76-82.
[14]	Xiao-nian TONG,Xing-ya AN,Xiao-pang LAN,Jiang-qing WANG. Research and implement of embedded wireless mobile communication system [J]. Journal on Communications, 2008, 29(1): 121-124.
[15]	Xue-gang LIN,Rong-sheng XU. Research on analysis model of information systems survivability [J]. Journal on Communications, 2006, 27(2): 153-159.