Multifeature-Based Behavior of Privilege Escalation Attack Detection Method for Android Applications

Shen, Limin; Li, Hui; Wang, Hongyi; Wang, Yihuan

doi:10.1155/2020/3407437

Cited by 8 publications

(5 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…e results of the equivalence relationship are consistent with the conclusions of [20,47]. e risk measurement is carried out for the APK with weak equivalence relationship in Table 16 using this proposed method.…”

Section: Validity Analysissupporting

confidence: 83%

Risk Measurement Method of Collusion Privilege Escalation Attacks for Android Apps Based on Feature Weight and Behavior Determination

Shen

Wang

et al. 2021

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

To solve the issue of measuring the risk of the application-layer collusion privilege escalation attacks in Android apps, this paper proposed a risk measurement method based on the feature weight and behavior determination. Analytic hierarchy process (AHP) is used to calculate the weight of feature in the feature set extracted from the app. App behavior and attack behavior are modeled by process algebra. The weak equivalent and nonequivalent are introduced to determine the behavior of apps, whereas the measurement function is constructed to calculate the app risk measurement value. In an experiment with three known apps, the measurement values are 0.629, 1, and 0.976. These results are consistent with reality, and the effectiveness and feasibility of the proposed method are verified. Through the benchmark and test set experiments, it can be seen that the measurement value of apps that has weak equivalent to attack behavior is distributed between 0.0468 and 1, and the measurement value distribution is reasonable, which verifies the accuracy and rationality of the method.

show abstract

Section: Validity Analysissupporting

confidence: 83%

Risk Measurement Method of Collusion Privilege Escalation Attacks for Android Apps Based on Feature Weight and Behavior Determination

Shen

Wang

et al. 2021

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

show abstract

“…Due to these open ports, the device becomes vulnerable to cyberattacks such as security misconfiguration, SQL injection, and cross-site scripting [186]. The attacker can exploit any vulnerability present to deceive the user into controlling the application level [187].…”

Section: Android Application Layer Attackmentioning

confidence: 99%

Smartphone Security and Privacy: A Survey on APTs, Sensor-Based Attacks, Side-Channel Attacks, Google Play Attacks, and Defenses

et al. 2023

View full text Add to dashboard Cite

There is an exponential rise in the use of smartphones in government and private institutions due to business dependencies such as communication, virtual meetings, and access to global information. These smartphones are an attractive target for cybercriminals and are one of the leading causes of cyber espionage and sabotage. A large number of sophisticated malware attacks as well as advanced persistent threats (APTs) have been launched on smartphone users. These attacks are becoming significantly more complex, sophisticated, persistent, and undetected for extended periods. Traditionally, devices are targeted by exploiting a vulnerability in the operating system (OS) or device sensors. Nevertheless, there is a rise in APTs, side-channel attacks, sensor-based attacks, and attacks launched through the Google Play Store. Previous research contributions have lacked contemporary threats, and some have proven ineffective against the latest variants of the mobile operating system. In this paper, we conducted an extensive survey of papers over the last 15 years (2009–2023), covering vulnerabilities, contemporary threats, and corresponding defenses. The research highlights APTs, classifies malware variants, defines how sensors are exploited, visualizes multiple ways that side-channel attacks are launched, and provides a comprehensive list of malware families that spread through the Google Play Store. In addition, the research provides details on threat defense solutions, such as malware detection tools and techniques presented in the last decade. Finally, it highlights open issues and identifies the research gap that needs to be addressed to meet the challenges of next-generation smartphones.

show abstract

“…Jia et al [39] proposed a formal model for Android components based on process algebra, aiding developers in implementing least permission. Shen et al [40] proposed a behavior detection method based on function and process algebra for the detection of privilege escalation attacks in Android Apps. To describe the interactions between Apps, [41] proposed a formal interoperability semantic to help understand and infer Android interoperations.…”

Section: Related Workmentioning

confidence: 99%

“…MWB (Mobility Workbench) is a tool for manipulating and analyzing mobile concurrent systems described in π-calculus or CCS. In [40], MWB was used to analyze formal expressions of application behavior to help detect collusion attacks.…”

Section: Related Workmentioning

confidence: 99%

A Formal Method for Description and Decision of Android Apps Behavior Based on Process Algebra

et al. 2022

Self Cite

View full text Add to dashboard Cite

Android is the most popular mobile platform, and it has become a primary malware target. Existing behavior-based Android malware detection methods suffer from false positive and false negative problems, which lead to low detection accuracy. Formal theory is crucial in studying the behaviors of Android applications characterized by high concurrency, interaction, and mobility. However, existing formal methods mainly focus on specific issues and lack the essential abstraction and high-level description of application behavior. In this study, we propose a formal method for the description and decision of application behavior based on process algebra. First, we propose a formal method for describing application behavior at a component level using process algebra. By extending π-calculus theory, we establish the mapping relationship from the Android application to process algebra, and present the semantics and evolution rules of behavior based on process algebra. Second, we describe the behavior of four types of components in applications and characterize concurrent interactions of components using process algebra expressions. Third, we define the behavior equivalence and simulation mechanism for application behavior analysis and propose the decision rules based on weak simulation. Finally, we discuss a demonstration case, which includes malicious behavior, to demonstrate the feasibility and effectiveness of the proposed method. The results show that our method can accurately describe and analyze application behavior, which provides theoretical support for technologies and methods of behavior-based detection.

show abstract

Multifeature-Based Behavior of Privilege Escalation Attack Detection Method for Android Applications

Cited by 8 publications

References 30 publications

Risk Measurement Method of Collusion Privilege Escalation Attacks for Android Apps Based on Feature Weight and Behavior Determination

Risk Measurement Method of Collusion Privilege Escalation Attacks for Android Apps Based on Feature Weight and Behavior Determination

Smartphone Security and Privacy: A Survey on APTs, Sensor-Based Attacks, Side-Channel Attacks, Google Play Attacks, and Defenses

A Formal Method for Description and Decision of Android Apps Behavior Based on Process Algebra

Contact Info

Product

Resources

About