Communication-Based Attacks Detection in Android Applications

Chuan Ma; Tao Wang; Limin Shen; Dongkui Liang; Shuping Chen; Dianlong You

doi:10.26599/TST.2018.9010133

AI Chat Paper

Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.

Chat more with AI

| Sign up

Browse by Subject

Search for peer-reviewed journals with full access.

Journals A - Z

About Us

Discover the SciOpen Platform and Achieve Your Research Goals with Ease.

About Us

Publish with Us

Support

Journals A - Z

About Us

Publish with Us

Support

PDF (1.6 MB)

Cite

EndNote(RIS) BibTeX

Collect

Submit Manuscript

AI Chat Paper

Show Outline

Outline

Show full outline

Hide outline

Outline

Show full outline

Hide outline

Open Access

Communication-Based Attacks Detection in Android Applications

Chuan Ma, Tao Wang(

), Limin Shen(

), Dongkui Liang, Shuping Chen, Dianlong You

School of Information Science and Engineering, Yanshan University, the Key Laboratory for Computer Virtual Technology and System Integration of Hebei Province, Qinhuangdao 066004, China.

School of Business Administration, Hebei Normal University of Science and Technology, Qinhuangdao 066004, China.

Library of Yanshan University, Yanshan University, Qinhuangdao 066004, China.

Show Author Information

Abstract

The Android operating system provides a rich Inter-Component Communication (ICC) method that brings enormous convenience. However, the Android ICC also increases security risks. To address this problem, a formal method is proposed to model and detect inter-component communication behavior in Android applications. Firstly, we generate data flow graphs and data facts for each component through component-level data flow analysis. Secondly, our approach treats ICC just like method calls. After analyzing the fields and data dependencies of the intent, we identify the ICC caller and callee, track the data flow between them, and construct the ICC model. Thirdly, the behavior model of Android applications is constructed by a formal mapping method for component data flow graph based on Pi calculus. The runtime sensitive path trigger detection algorithm is then given. Communication-based attacks are detected by analyzing intent abnormity. Finally, we analyze the modeling and detection efficiency, and compare it with relevant methods. Analysis of 57 real-world applications partly verifies the effectiveness of the proposed method.

Keywords

Android inter-component communication intents component hijacking attack detection

References

[1]

IDC, Smartphone market share,https://www.idc.com/promo/smartphone-market-share/os, 2018.

[2]

L. Davi, A. Dmitrienko, A. R. Sadeghi, and M. Winandy, Privilege escalation attacks on android, in Proc. 13th Int. Conf. Information Security, Boca Raton, FL, USA, 2010, pp. 346-360.

Crossref

[3]

E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, Analyzing inter-application communication in android, in Proc. 9th Int. Conf. Mobile Systems, Applications, and Services, Bethesda, MD, USA, 2011, pp. 239-252.

Crossref

[4]

A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin, Permission re-delegation: Attacks and defenses, in Proc. 20th USENIX Conf. Security, San Francisco, CA, USA, 2011, pp. 19-31.

[5]

Y. J. Zhou and X. X. Jiang, Detecting passive content leaks and pollution in android applications, in Proc. 20th Network and Distributed System Security Symp., San Diego, CA, USA, 2013, pp. 434-443.

[6]

L. Lu, Z. C. Li, Z. Y. Wu, W. Lee, and G. F. Jiang, CHEX: Statically vetting android apps for component hijacking vulnerabilities, in Proc. 2012 ACM Conf. Computer and Communications Security, Raleigh, NC, USA, 2012, pp. 229-240.

Crossref

[7]

Z. R. Fang, W. L. Han, D. Li, Z. Q. Guo, D. H. Guo, X. S. Wang, Z. Y. Qian, and H. Chen, revDroid: Code analysis of the side effects after dynamic permission revocation of android apps, in Proc. 11th ACM on Asia Conf. Computer and Communications Security, Xi’an, China, 2016, pp.747-758.

Crossref

[8]

Y. J. Hu and I. Neamtiu, Static detection of event-based races in android apps, in Proc. 23rd Int. Conf. Architectural Support for Programming Languages and Operating Systems, Williamsburg, VA, USA, 2018, pp. 257-270.

Crossref

[9]

W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, A study of android application security, in Proc. 20th USENIX Conf. Security, San Francisco, CA, USA, 2011, pp. 64-80.

[10]

K. Fan, H. Li, W. Jiang, C. S. Xiao, and Y. T. Yang, Secure authentication protocol for mobile payment. Tsinghua Sci. Technol., vol. 23, no. 5, pp. 610-620, 2018.

Crossref Google Scholar

[11]

S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bodden, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel, FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps, in Proc. 35th ACM SIGPLAN Conf. Programming Language Design and Implementation, vol. 49, no. 6, pp. 259-269, 2014.

Crossref

[12]

C. Fritz, S. Arzt, S. Rasthofer, E. Bodden, A. Bartel, J. Klein, Y. le Traon, D. Octeau, and P. McDaniel, Highly precise taint analysis for Android applications, Tech. Rep. Nr. TUD-CS-2013-0113, Technische Universitat Darmstadt, Darmstadt, Germany, 2013.

[13]

R. Vallée-Rai, E. Gagnon, L. Hendren, P. Lam, P. Pominville, and V. Sundaresan, Optimizing Java bytecode using the Soot framework: Is it feasible? in Proc. 9th Int. Conf. Compiler Construction, Berlin, Germany, 2000, pp. 18-34.

Crossref

[14]

M. Sagiv, T. Reps, and S. Horwitz, Precise interprocedural dataflow analysis with applications to constant propagation, Theor. Comput. Sci., vol. 167, nos. 1&2, pp. 131-170, 1996.

Crossref Google Scholar

[15]

T. Reps, S. Horwitz, and M. Sagiv, Precise interprocedural dataflow analysis via graph reachability, in Proc. 22nd ACM SIGPLAN-SIGACT Symp. Principles of Programming Languages, San Francisco, CA, USA, 1995, pp. 49-61.

Crossref

[16]

D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. Le Traon, Effective inter-component communication mapping in Android with Epicc: An essential step towards holistic security analysis, in Proc. 22nd USENIX Conf. Security, Washington, DC, USA, 2013, pp. 543-558.

[17]

M. C. Grace, W. Zhou, X. X. Jiang, and A. R. Sadeghi, Unsafe exposure analysis of mobile in-app advertisements, in Proc. 5th ACM Conf. Security and Privacy in Wireless and Mobile Networks, Tucson, AZ, USA, 2012, pp. 101-112.

Crossref

[18]

F. G. Wei, S. Roy, X. M. Ou, and Robby, Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps, in Proc. 2014 ACM SIGSAC Conf. Computer and Communications Security, Scottsdale, AZ, USA, 2014, pp. 1329-1341.

Crossref

[19]

W. Enck, P. Gilbert, S. Han, V. Tendulkar, B. G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones, ACM Trans. Comput. Syst., vol. 32, no. 2, p. 5, 2014.

Crossref Google Scholar

[20]

P. Gilbert, B. G. Chun, L. P. Cox, and J. Jung, Vision: Automated security validation of mobile apps at app markets, in Proc. 2nd Int. Workshop on Mobile Cloud Computing and Services, Bethesda, MD, USA, 2011, pp. 21-26.

Crossref

[21]

C. Zheng, S. X. Zhu, S. F. Dai, G. F. Gu, X. R. Gong, X. H. Han, and W. Zou, SmartDroid: An automatic system for revealing UI-based trigger conditions in android applications, in Proc. 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, Raleigh, NC, USA, 2012, pp.93-104.

Crossref

[22]

W. Klieber, L. Flynn, A. Bhosale, L. M. Jia, and L. Bauer, Android taint flow analysis for app sets, in Proc. 3rd ACM SIGPLAN Int. Workshop on the State of the Art in Java Program Analysis, Edinburgh, UK, 2014, pp. 1-6.

Crossref

[23]

L. Wu, M. Grace, Y. J. Zhou, C. Wu, and X. X. Jiang, The impact of vendor customizations on android security, in Proc. 2013 ACM SIGSAC Conference on Computer & Communications Security, Berlin, Germany, 2013, pp. 623-634.

Crossref

[24]

M. Zhang and H. Yin, AppSealer: Automatic generation of vulnerability-specific patches for preventing component hijacking attacks in android applications, in Proc. 21st Annu. Network and Distributed System Security Symp., San Diego, CA, USA, 2014, pp. 1-15.

Crossref

[25]

H. Bagheri, A. Sadeghi, R. Jabbarvand, and S. Malek, Automated dynamic enforcement of synthesized security policies in Android, Tech. Rep. GMU-CS-TR-2015-5, George Mason University, Fairfax, VA, USA, 2015.

[26]

K. O. Elish, D. D. Yao, and B. G. Ryder, On the need of precise inter-app ICC classification for detecting android malware collusions, in Proc. IEEE Mobile Security Technologies, San Jose, CA, USA, 2015.

[27]

H. Bagheri, A. Sadeghi, J. Garcia, and S. Malek, COVERT: Compositional analysis of Android inter-app vulnerabilities, Tech. Rep. GMU-CS-TR-2015-1, George Mason University, Fairfax, VA, USA, 2015.

Crossref

[28]

F. Nielson, H. R. Nielson, and C. Hankin, Principles of Program Analysis. Springer, 2015.

Google Scholar

Tsinghua Science and Technology

Volume 24 Issue 5,
October 2019

Pages 596-614

DOI: 10.26599/TST.2018.9010133

Cite this article:

Ma C, Wang T, Shen L, et al. Communication-Based Attacks Detection in Android Applications. Tsinghua Science and Technology, 2019, 24(5): 596-614. https://doi.org/10.26599/TST.2018.9010133

770

Views

Downloads

Crossref

N/A

Web of Science

Scopus

CSCD

Google Scholar
Citation

Altmetrics

Received: 17 October 2018

Accepted: 10 November 2018

Published: 29 April 2019