Journal on Communications ›› 2018, Vol. 39 ›› Issue (6): 27-36.doi: 10.11959/j.issn.1000-436x.2018095
• Papers • Previous Articles Next Articles
Hongyu YANG,Zaiming WANG
Revised:
2018-01-03
Online:
2018-06-01
Published:
2018-07-09
Supported by:
CLC Number:
Hongyu YANG,Zaiming WANG. Android collusion attack detection model[J]. Journal on Communications, 2018, 39(6): 27-36.
"
符号 | 说明 | 符号 | 说明 | 符号 | 说明 |
Λ | 应用数据集 | Lτ | 分类阈值 | Wi | 应用的权限 |
? | 共谋应用对集合 | Lcom | 通信判定值 | C | 共谋应用 |
P(C|Wi) | 出现权限Wi的应用是共谋应用的条件概率 | P(C) | 应用中存在共谋应用的概率 | H | 非共谋应用 |
P(Wi|C) | 共谋应用中权限Wi出现的概率 | P(H) | 应用中非共谋应用的概率 | P(Wi|H) | 非共谋应用中权限 Wi出现的概率 |
G | 有限状态机 | Q | 应用所有组件状态的非空有限集合 | Σ | 输入字符表(符号的非空有限集合) |
q0 | 组件某一初始状态 | δ | 状态转移函数 | F | 接受(最终)状态集合 |
A | 应用 | α | Activities组件的集合 | β | A中Services组件的集合 |
γ | A中Broadcast Receivers组件集合 | ξ | A中与Intent相关的API调用 | ζ(ξ) | ξ中所有操作字符串的集合 |
V | 图的点集合 | S(ξ) | ξ中发送Intent传递信息的组件集 | T(ξ) | 接收Intent处理信息的组件集 |
E | 图的边集合 | G(V,E) | 应用的图表示 | Gu=(V,E) | 应用图的融合表示 |
ξi | Intent的API调用 | S(ξk) | ξk中发送和接收Intent的组件集 | Gd=(Vd,Ed) 应用融合图优化后表示 | |
Ed | 融合图的边 | Vd | 融合图的点 | M | 状态机 |
TP | 真正 | FP | 误报 | TN | 真负 |
FN | 漏报 | TPR | 真正率 | FPR | 误报率 |
ACC | 准确率 | ERR | 差错率 |
"
权限名称 | 共谋应用概率(排名) | 非共谋应用概率(排名) |
INTERNET | 95(1) | 84(1) |
ACCESS_NETWORK_STATE | 92(2) | 78(2) |
READ_PHONE_STATE | 89(3) | 82(5) |
WRITE_EXTERNAL_STORAGE | 84(4) | 65(3) |
ACCESS_WIFI_STATE | 80(5) | 42(6) |
WAKE_LOCK | 75(6) | 58(4) |
ACCESS_COARSE_LOCATION | 73(7) | 30(10) |
ACCESS_FINE_LOCATION | 70(8) | 36(9) |
RECEIVE_BOOT_COMPLETED | 63 (9) | 46(7) |
VIBRATE | 60(10) | 39(8) |
"
检测环境 | 样本 | Amandroid | COVERT | DroidSafe | 本文模型 |
1 | N/A | Y | Y | N/A | |
2 | Y | N/A | Y | Y | |
3 | N | N/A | N | Y | |
4 | Y | N/A | N | Y | |
DroidBench | 5 | Y | N/A | Y | Y |
6 | Y | N/A | N | N/A | |
7 | N | N/A | N | Y | |
8 | N/A | N/A | N | Y | |
9 | N/A | N/A | Y | Y | |
10 | Y | Y | Y | Y | |
11 | Y | N/A | N | Y | |
12 | N/A | N/A | Y | Y | |
13 | Y | N/A | Y | Y | |
14 | N | N/A | Y | Y | |
ICC-Bench | 15 | Y | N/A | Y | Y |
16 | Y | N/A | Y | Y | |
17 | N/A | Y | N/A | Y | |
18 | Y | Y | Y | Y | |
19 | Y | N/A | Y | Y | |
20 | Y | N | Y | Y |
[1] | McaAfee Research Institute. . McAfee labs threats report[R]. 2016: 1-53. |
[2] | FELT A P , WANG H J , MOSHCHUK A ,et al. Permission re-delegation:attacks and defenses[C]// USENIX Security Symposium. 2011: 30-31. |
[3] | WU L , DU X , ZHANG H . An effective access control scheme for preventing permission leak in Android[C]// 2015 International Computing,Networking and Communications Conference. 2015: 57-61. |
[4] | BLASCO J , CHEN T M . Automated generation of colluding apps for experimental research[J]. Journal of Computer Virology and Hacking Techniques, 2017,36(17): 1-12. |
[5] | ARZT S , RASTHOFER S , FRITZ C ,et al. Flowdroid:Precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for android apps[J]. ACM Sigplan Notices, 2014,49(6): 259-269. |
[6] | ASAVOAE I M , NGUYEN H N , ROGGENBACH M ,et al. Utilising semantics for collusion detection in Android applications[C]// International Workshop on Formal Methods for Industrial Critical Systems. 2016: 142-149. |
[7] | BOSU A , LIU F , YAO D ,et al. Collusive data leak and more:Large-scale threat analysis of inter-app communications[C]// 2017 ACM Conference on Computer and Communications Security. 2017: 71-85. |
[8] | WEI F , ROY S , OU X . Amandroid:a precise and general inter-component data flow analysis framework for security vetting of android apps[C]// 2014 ACM SIGSAC Conference on Computer and Communications Security. 2014: 1329-1341. |
[9] | LI L , BARTEL A , BISSYANDE T F ,et al. ApkCombiner:combining multiple android appsto support inter-app analysis[C]// IFIP International Information Security Conference. 2015: 513-527. |
[10] | SCHLEGEL R , ZHANG K , ZHOU X ,et al. Soundcomber:a stealthy and context-aware sound trojan for smartphones[C]// The 2015 Network and Distributed System Security Conference. 2011: 17-33. |
[11] | BARTEL A , KLEIN J , LE TRAON Y ,et al. Automatically securing permission-based software by reducing the attack surface:An application to android[C]// The 27th ACM International Conference on Automated Software Engineering. 2012: 274-277. |
[12] | SADEGHI A , BAGHERI H , MALEK S . Analysis of android inter-app security vulnerabilities using COVERT[C]// The 37th IEEE International Conference on Software Engineering. 2015: 725-728. |
[13] | MERCALDO F , VISAGGIO C A , CANFORA G ,et al. Mobile malware detection in the real world[C]// ACM International Conference on Software Engineering. 2016: 744-746. |
[14] | KALUTARAGE H K , LEE C , SHAIKH S A ,et al. Towards an early warning system for net work attacks using bayesian inference[C]// 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing. 2015: 399-404. |
[15] | SCHAPIRE R E . Explaining adaboost[M]. Berlin,Germany: Springer-VerlagPress, 2013: 37-52. |
[16] | GILL A . Introduction to the theory of finite-state machines[J]. Mathematics of Computation, 1964,92(29): 63-74. |
[17] | MCLLROY S , ALI N , HASSAN A E . Fresh apps:an empirical study of frequently-updated mobile apps in the Google play store[J]. Empirical Software Engineering, 2016,21(3): 1346-1370. |
[18] | CHO T , KIM H , LEE J ,et al. A scheme for identifying malicious applications based on API characteristics[J]. Journal of the Korea Institute of Information Security and Cryptology, 2016,26(1): 187-196. |
[19] | KIM H , CHO T , AHN G J ,et al. Risk assessment of mobile applications based on machine learned malware dataset[J]. Multimedia Tools and Applications, 2017,35(23): 1-16. |
[20] | AGRAWAL A , SIMON G , KARSAI G . Semantic translation of Simulink/Stateflow models to hybrid automata using graph transformations[J]. Electronic Notes in Theoretical Computer Science, 2004,109(11): 43-56. |
[21] | DHAVALE S , LOKHANDE B . Comnoid:information leakage detection using data flow analysis on Android devices[J]. International Journal of Computer Applications, 2016,134(7): 1-18. |
[22] | OCTEAU D , LUCHAUP D , DERING M ,et al. Composite constant propagation:application to android inter-component communication analysis[C]// The 37th International Conference on Software. 2015: 77-88. |
[23] | BOSU A , LIU F , YAO D D ,et al. Collusive data leak and more:large-scale threat analysis of inter-app communications[C]// The 2017 ACM on Asia Conference on Computer and Communications Security. 2017: 71-85. |
[24] | GORDON M I , KIM D , PERKINS J H ,et al. Information flow analysis of Android applications in DroidSafe[C]// 2015 Network and Distributed System Security Conference. 2015: 1-16. |
[1] | Youliang TIAN, Maoqing TIAN, Hongfeng GAO, Miao HE, Jinbo XIONG. Cooperation-based location authentication scheme for crowdsensing applications [J]. Journal on Communications, 2022, 43(9): 121-133. |
[2] | Xiaodong FU, Xinxin QI, Li LIU, Wei PENG, Jiaman DING, Fei DAI. Detecting and preventing collusion attack in DPoS based on power index [J]. Journal on Communications, 2022, 43(12): 123-133. |
[3] | Yubo SONG, Qi CHEN, Rui SONG, Aiqun HU. Android application privacy protection mechanism based on virtual machine bytecode injection [J]. Journal on Communications, 2021, 42(6): 171-181. |
[4] | Shichang XUAN, Hao TANG, Wu YANG. Method for detecting collusion attack node in road condition information sharing based on reputation point [J]. Journal on Communications, 2021, 42(4): 158-168. |
[5] | Lei SUN,Zhiyuan ZHAO,Jianhua WANG,Zhiqiang ZHU. Attribute-based encryption scheme supporting attribute revocation in cloud storage environment [J]. Journal on Communications, 2019, 40(5): 47-56. |
[6] | Xiao-dong YANG,Miao-miao YANG,Guo-juan GAO,Ya-nan LI,Xiao-yong LU,Cai-fen WANG. ID-based server-aided verification signature scheme with strong unforgeability [J]. Journal on Communications, 2016, 37(6): 49-55. |
[7] | . Dynamic situation gateway based systemcooperation access gatel model [J]. Journal on Communications, 2013, 34(Z1): 18-147. |
[8] | Shu-hang GUO,Yu ZHANG. Dynamic situation gateway based system cooperation access gatel model [J]. Journal on Communications, 2013, 34(Z1): 142-147. |
[9] | Jiu-xin CAO,Jiang-lin WU,Guo-jin WANG,Bo LIU,Peng-wei YANG,Dan DONG. Alloy-based verification of Web service composition [J]. Journal on Communications, 2012, 33(Z2): 1-8. |
[10] | Bo XU,Ming CHEN,Xiang-lin WEI. Hidden Markov model based P2P flow identification technique [J]. Journal on Communications, 2012, 33(6): 55-63. |
[11] | Lei XIE,Jiao-long WEI,Guang-xi ZHU. Improved FSM-based method for protocol conformance testing [J]. Journal on Communications, 2011, 32(6): 172-176. |
[12] | Shao-hui LIU,Lu HAN,Hong-xun YAO. Video watermarking algorithm for resisting collusion attacks [J]. Journal on Communications, 2010, 31(1): 14-19. |
[13] | Wei WANG,Wen-hong ZHAO,Feng-hua LI,Jian-feng MA. EBS-based efficient and secure group key management in wireless sensor networks [J]. Journal on Communications, 2009, 30(9): 76-82. |
[14] | Xiao-nian TONG,Xing-ya AN,Xiao-pang LAN,Jiang-qing WANG. Research and implement of embedded wireless mobile communication system [J]. Journal on Communications, 2008, 29(1): 121-124. |
[15] | Xue-gang LIN,Rong-sheng XU. Research on analysis model of information systems survivability [J]. Journal on Communications, 2006, 27(2): 153-159. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|