Additional Kernel Observer to Prevent Privilege Escalation Attacks by Focusing on System Call Privilege Changes

Yamauchi, Toshihiro; Akao, Yohei; Yoshitani, Ryota; Nakamura, Yūichi; Hashimoto, Masaki

doi:10.1109/desec.2018.8625137

Cited by 9 publications

(6 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some researchers have therefore conducted more in-depth research on privilege escalation attacks. In [32,33], tracking tainted information and monitoring permission information were used to protect and detect the kernel-level privilege escalation attack. Two types of attacks on the application layer are confused deputy attacks and collusion attacks.…”

Section: Privilege Escalation Detection Methodmentioning

confidence: 99%

Multifeature-Based Behavior of Privilege Escalation Attack Detection Method for Android Applications

Shen

Wang³

et al. 2020

Mobile Information Systems

View full text Add to dashboard Cite

This study proposed an application behavior-detection method based on multifeature and process algebra for detecting privilege escalation attacks in Android applications. The five features of application that constituted the attack were determined through an analysis of the privilege escalation attack model. On the basis of the extraction of multiple features, process algebra was used to build the application-behavior model and the attack model. Strong equivalence relation was used to verify the application behavior. Finally, dataflow path detection is conducted among the applications that can constitute privilege escalation attacks to determine those apps constituted a privilege escalation attack. The accuracy and effectiveness of the proposed method were verified using the DroidBench benchmark test and the test set that includes 55 APKs of 22 types.

show abstract

Section: Privilege Escalation Detection Methodmentioning

confidence: 99%

Multifeature-Based Behavior of Privilege Escalation Attack Detection Method for Android Applications

Shen

Wang³

et al. 2020

Mobile Information Systems

View full text Add to dashboard Cite

show abstract

“…By providing comprehensive data that truly depicts user typing behavior, ML models can be trained to recognize authorized users. This is especially important given the increasing prevalence of cyberattacks, which often rely on password cracking and unauthorized access [8] . This dataset serves as a valuable resource for researchers and developers across different fields including biometric authentication, security, and behavioral research.…”

Section: Objectivementioning

confidence: 99%

KeyRecs: A keystroke dynamics and typing pattern recognition dataset

Dias,

Vitorino,

Maia

et al. 2023

Data in Brief

View full text Add to dashboard Cite

“…erefore, scholars have also proposed many theories and methods for better detection and protection. For the kernel-level privilege escalation attacks, scholars have enhanced the access control framework and monitored the permission information and other methods to prevent attacks [18,19]. For the application-layer collusion attack discussed in this paper, the authors of [7,[20][21][22][23] proposed extended forced access strategy, monitoring system calls, and restricting dangerous interapplication communication to prevent the attacks.…”

Section: Related Workmentioning

confidence: 99%

“…According to the definition of weak simulation, the state set P of the component is composed of the state sets similar to the left and right sides of formula (19). Let P and P′ are the behavior state set, Q and Q′ are the attack behavior state set, and the attack behavior state set of components must be included in the behavior state set.…”

Section: Equivalence Relationship Verificationmentioning

confidence: 99%

Risk Measurement Method of Collusion Privilege Escalation Attacks for Android Apps Based on Feature Weight and Behavior Determination

Shen

Wang

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

To solve the issue of measuring the risk of the application-layer collusion privilege escalation attacks in Android apps, this paper proposed a risk measurement method based on the feature weight and behavior determination. Analytic hierarchy process (AHP) is used to calculate the weight of feature in the feature set extracted from the app. App behavior and attack behavior are modeled by process algebra. The weak equivalent and nonequivalent are introduced to determine the behavior of apps, whereas the measurement function is constructed to calculate the app risk measurement value. In an experiment with three known apps, the measurement values are 0.629, 1, and 0.976. These results are consistent with reality, and the effectiveness and feasibility of the proposed method are verified. Through the benchmark and test set experiments, it can be seen that the measurement value of apps that has weak equivalent to attack behavior is distributed between 0.0468 and 1, and the measurement value distribution is reasonable, which verifies the accuracy and rationality of the method.

show abstract

Additional Kernel Observer to Prevent Privilege Escalation Attacks by Focusing on System Call Privilege Changes

Cited by 9 publications

References 12 publications

Multifeature-Based Behavior of Privilege Escalation Attack Detection Method for Android Applications

Multifeature-Based Behavior of Privilege Escalation Attack Detection Method for Android Applications

KeyRecs: A keystroke dynamics and typing pattern recognition dataset

Risk Measurement Method of Collusion Privilege Escalation Attacks for Android Apps Based on Feature Weight and Behavior Determination

Contact Info

Product

Resources

About