Risk Measurement Method for Privilege Escalation Attacks on Android Apps Based on Process Algebra

Abstract: On the Android platform, information leakage can use an application-layer privilege escalation attack composed of multi-app collusion. However, the detection effect of a single app that can construct privilege escalation attacks is not good. Furthermore, the existing software and app measurement methods are not applicable to the measurement of collusion privilege escalation attacks. We propose a method for measuring the risk of a single app by using process algebra to model and determine the attack behavior, a… Show more

“…From the comparison between Figures 5(b) and 6, it can be seen that the measurement value of weak equivalent APKs to attack behavior is in range from 0.0468 to 1 by using the proposed method. And, the measurement value is distributed between 0.8647 and 1 by using the method in reference [45]. erefore, the measurement value distribution of the proposed method is more reasonable.…”

“…(1) e distribution of measurement values in our method is more reasonable, which can better reflect the actual risk degree of apps. e measurement results of reference [45] are concentrated between 0.9975 and 0.9999, and the distribution is relatively concentrated, which cannot better distinguish the dangerous degree of these high-risk apps.…”

“…Table 11 shows the AF sets of each test object obtained by this method, the equivalence relationship, i,j V i * W j , and the measurement results, where T represents the existence of the feature and F represents no-existence. At the same time, the method proposed in reference [45] is used to measure the test objects, and the measurement results are shown in Table 11.…”

“…In this method, sensitive data transition is added to the attack behavior feature set as attack behavior feature, which ensures the consistency of risk measurement value of the app with the same attack behavior features. However, in reference [45], the sensitive data transition was not considered in attack behavior feature set, but sensitive data transition was taken as a parameter in the measurement function so that it has the same attack behavior features but different measurement results, for example, the measurement results of objectsensitivity 1 and objectsensitivity 2 in Table 11. (3) Both methods ensure the effective measurement of the high-risk app.…”

“…e risk measurement is carried out for the APK with weak equivalence relationship in Table 16 using this proposed method. Figure 5 e method proposed in reference [45] is used to measure those 39 APKs, and the measurement results are shown in Figure 6. e measurement values are mainly concentrated in the range of 0.8647-1.…”

Risk Measurement Method of Collusion Privilege Escalation Attacks for Android Apps Based on Feature Weight and Behavior Determination

“…From the comparison between Figures 5(b) and 6, it can be seen that the measurement value of weak equivalent APKs to attack behavior is in range from 0.0468 to 1 by using the proposed method. And, the measurement value is distributed between 0.8647 and 1 by using the method in reference [45]. erefore, the measurement value distribution of the proposed method is more reasonable.…”

“…(1) e distribution of measurement values in our method is more reasonable, which can better reflect the actual risk degree of apps. e measurement results of reference [45] are concentrated between 0.9975 and 0.9999, and the distribution is relatively concentrated, which cannot better distinguish the dangerous degree of these high-risk apps.…”

“…Table 11 shows the AF sets of each test object obtained by this method, the equivalence relationship, i,j V i * W j , and the measurement results, where T represents the existence of the feature and F represents no-existence. At the same time, the method proposed in reference [45] is used to measure the test objects, and the measurement results are shown in Table 11.…”

“…In this method, sensitive data transition is added to the attack behavior feature set as attack behavior feature, which ensures the consistency of risk measurement value of the app with the same attack behavior features. However, in reference [45], the sensitive data transition was not considered in attack behavior feature set, but sensitive data transition was taken as a parameter in the measurement function so that it has the same attack behavior features but different measurement results, for example, the measurement results of objectsensitivity 1 and objectsensitivity 2 in Table 11. (3) Both methods ensure the effective measurement of the high-risk app.…”

“…e risk measurement is carried out for the APK with weak equivalence relationship in Table 16 using this proposed method. Figure 5 e method proposed in reference [45] is used to measure those 39 APKs, and the measurement results are shown in Figure 6. e measurement values are mainly concentrated in the range of 0.8647-1.…”

Risk Measurement Method of Collusion Privilege Escalation Attacks for Android Apps Based on Feature Weight and Behavior Determination

A Multi-Scenario Model Fusion and Verification Method for Digital Twin Machine Tool

Estimate Risks Eate for Android Applications Using Android Permissions