article

Towards a threat assessment framework for apps collusion

Authors:

Harsha Kumara Kalutarage,

Hoang Nga Nguyen,

Siraj Ahmed ShaikhAuthors Info & Claims

Telecommunications Systems, Volume 66, Issue 3

Pages 417 - 430

https://doi.org/10.1007/s11235-017-0296-1

Published: 01 November 2017 Publication History

Abstract

App collusion refers to two or more apps working together to achieve a malicious goal that they otherwise would not be able to achieve individually. The permissions based security model of Android does not address this threat as it is rather limited to mitigating risks of individual apps. This paper presents a technique for quantifying the collusion threat, essentially the first step towards assessing the collusion risk. The proposed method is useful in finding the collusion candidate of interest which is critical given the high volume of Android apps available. We present our empirical analysis using a classified corpus of over 29,000 Android apps provided by Intel SecurityTM.

References

[1]

Asavoae, I. M., Blasco, J., Chen, T. M., Kalutarage, H. K., Muttik, I., Nguyen, H. N., Roggenbach, M., & Shaikh, S. A. (2016). Towards automated android app collusion detection. In Aspinall, D., Cavallaro, L., Seghir, M. N., & M. Volkamer (Eds.), Proceedings of international workshop on innovations in mobile privacy and security 2016, CEUR Workshop Proceedings (pp. 29---37).

[2]

Marforio, C., Francillon, A., Capkun, S., Capkun, S., & Capkun, S. (2011). Application collusion attack on the permission-based security model and its implications for modern smartphone systems. ETH Zurich: Department of Computer Science.

[3]

Elish, K. O., Yao, D. D., & Ryder, B. G. (2015). On the need of precise inter-app icc classification for detecting android malware collusions. In Proceedings of IEEE mobile security technologies (MoST), in conjunction with the IEEE symposium on security and privacy.

[4]

Elish, K. O., Shu, X., Yao, D. D., Ryder, B. G., & Jiang, X. (2015). Profiling user-trigger dependence for android malware detection. Computers & Security, 49, 255---273.

Digital Library

[5]

La Polla, M., Martinelli, F., & Sgandurra, D. (2013). A survey on security for mobile devices. Communications Surveys Tutorials IEEE, 15(1), 446---471.

[6]

Marforio, C., Ritzdorf, H., Francillon, A., & Capkun, S. (2012). Analysis of the communication between colluding applications on modern smartphones. In Proceedings of the 28th annual computer security applications conference, ACM (pp. 51---60).

[7]

Schlegel, R., Zhang, K., Zhou, X. Y., Intwala, M., Kapadia, A., & Wang, X. (2011). Soundcomber: A stealthy and context-aware sound trojan for smartphones. In NDSS (Vol. 11, pp. 17---33).

[8]

Enck, W., Ongtang, M., & McDaniel, P. (2009). On lightweight mobile phone application certification. In Proceedings of the 16th ACM conference on Computer and communications security, ACM (pp. 235---245).

[9]

Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., & Rieck, K. (2014). DREBIN: effective and explainable detection of android malware in your pocket. In 21st annual network and distributed system security symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014, The Internet Society.

[10]

Canfora, G., Lorenzo, A. D., Medvet, E., Mercaldo, F., & Visaggio, C. A. (2015) Effectiveness of opcode ngrams for detection of multi family android malware. In 10th International Conference on Availability, Reliability and Security, ARES 2015, (pp. 333---340). Toulouse, France.

Digital Library

[11]

Dai, G., Ge, J., Cai, M., Xu, D., & Li, W. (2015). Svm-based malware detection for android applications. In Proceedings of the 8th ACM conference on security & privacy in wireless and mobile networks (PP. 33:1---33:2), New York, NY.

[12]

Kate, P. M., & Dhavale, S. V. (2015). Two phase static analysis technique for android malware detection. In Proceedings of the Third International Symposium on Women in Computing and Informatics, WCI 2015, co-located with ICACCI 2015 (PP. 650---655), Kochi.

[13]

Li, Q., & Li, X. (2015). Android malware detection based on static analysis of characteristic tree. In 2015 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2015 (PP. 84---91), Xi'an, China.

[14]

Wang, Z., Li, C., Guan, Y., & Xue, Y. (2015). Droidchain: A novel malware detection method for android based on behavior chain. In: 2015 IEEE Conference on Communications and Network Security, CNS 2015 (PP. 727---728). Florence, Italy.

[15]

Han, H., Chen, Z., Yan, Q., Peng, L., & Zhang, L. (2015). A real-time android malware detection system based on network traffic analysis. In Algorithms and architectures for parallel processing-15th international conference, ICA3PP 2015, Zhangjiajie, China, November 18---20, 2015. Proceedings, Part III. (2015) (pp. 504---516).

[16]

Kim, K., & Choi, M. (2015). Android malware detection using multivariate time-series technique. In 17th Asia-Pacific network operations and management symposium, APNOMS 2015 (pp. 198---202). Busan, South Korea.

[17]

Song, F., & Touili, T. (2014). Model-checking for android malware detection. In Garrigue, J., (ed.) Programming Languages and Systems - 12th Asian Symposium, APLAS 2014 Singapore, November 17-19, 2014, Proceedings. Volume 8858 of Lecture notes in computer science (pp. 216---235). Springer.

[18]

Beaucamps, P., Gnaedig, I., & Marion, J. (2012). Abstraction-based malware analysis using rewriting and model checking. In Foresti, S., Yung, M., & Martinelli, F., (Eds.), Computer security - ESORICS 2012 - 17th European symposium on research in computer security, Pisa, Italy, September 10---12, 2012. Proceedings. Volume 7459 of Lecture Notes in Computer Science (pp. 806---823). Springer.

[19]

Burket, J., Flynn, L., Klieber, W., Lim, J., & Snavely, W. (2015). Making didfail succeed: Enhancing the cert static taint analyzer for android app sets. Technical Report MSU-CSE-00-2, Software Engineering Institute, Carnegie Mellon University, Pittsburgh,USA (March 2015).

[20]

Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., & McDaniel, P. (2014). Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In Proceedings of the 35th ACM SIGPLAN conference on programming language design and implementation, ACM (p. 29).

[21]

Fritz, C., Arzt, S., Rasthofer, S., Bodden, E., Bartel, A., Klein, J., & et al. (2013). Highly precise taint analysis for android applications. EC SPRIDE, TU Darmstadt: Tech. Rep.

[22]

Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., & Le Traon, Y. (2013). Effective inter-component communication mapping in android with epicc: An essential step towards holistic security analysis. In: USENIX Security 2013.

[23]

Li, L., Bartel, A., Bissyand, T., Klein, J., Le Traon, Y., Arzt, S., Siegfried, R., Bodden, E., Octeau, D., & Mcdaniel, P. (2015). IccTA: Detecting inter-component privacy leaks in android apps. In: Proceedings of the 37th International Conference on Software Engineering (ICSE 2015).

[24]

Ravitch, T., Creswick, E. R., Tomb, A., Foltzer, A., Elliott, T., Casburn, L. (2014). Multi-app security analysis with fuse: Statically detecting android app collusion. In Proceedings of the 4th program protection and reverse engineering workshop, ACM (p. 4)

[25]

Gordon, M. I., Kim, D., Perkins, J. H., Gilham, L., Nguyen, N., & Rinard, M. C. (2015). Information flow analysis of android applications in droidsafe. In NDSS.

[26]

Chin, E., Felt, A. P., Greenwood, K., & Wagner, D. (2011). Analyzing inter-application communication in android. In Proceedings of the 9th international conference on Mobile systems, applications, and services, ACM (2011) (pp. 239---252).

[27]

Sbirlea, D., Burke, M., Guarnieri, S., Pistoia, M., & Sarkar, V. (2013). Automatic detection of inter-application permission leaks in android applications. IBM Journal of Research and Development, 57(6), 10:1---10:12.

[28]

Maji, A. K., Arshad, F., Bagchi, S., Rellermeyer, J. S., & et al. (2012). An empirical study of the robustness of inter-component communication in android. In Dependable systems and networks (DSN), 2012 42nd annual IEEE/IFIP international conference on (pp. 1---12). IEEE.

[29]

Gasior, W., & Yang, L. (2011). Network covert channels on the android platform. In Proceedings of the seventh annual workshop on cyber security and information intelligence research, ACM (p. 61).

[30]

Gasior, W., & Yang, L. (2012). Exploring covert channel in android platform. In: Cyber Security (CyberSecurity), 2012 International Conference on (pp. 173---177).

[31]

Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A. R., & Shastry, B. (2012). Towards taming privilege-escalation attacks on android. In NDSS.

[32]

Ritzdorf, H. (2012). Analyzing covert channels on mobile devices. PhD thesis, ETH Zürich, Department of Computer Science.

[33]

Bagheri, H., Sadeghi, A., Garcia, J., & Malek, S. (2015). Covert: Compositional analysis of android inter-app vulnerabilities. Technical report, Tech. Rep. GMU-CS-TR-2015-1, Department of Computer Science, George Mason University, 4400 University Drive MSN 4A5, Fairfax, VA 22030-4444 USA.

[34]

Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B. G., Cox, L. P., et al. (2014). Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), 32(2), 5.

Digital Library

[35]

Rasthofer, S., Arzt, S., Lovat, E., & Bodden, E. (2014). Droidforce: Enforcing complex, data-centric, system-wide policies in android. In Availability, Reliability and Security (ARES), 2014 Ninth International Conference on (pp. 40---49). IEEE.

[36]

Klieber, W., Flynn, L., Bhosale, A., Jia, L., & Bauer, L. (2014). Android taint flow analysis for app sets. In Proceedings of the 3rd ACM SIGPLAN international workshop on the state of the art in java program analysis, ACM (pp. 1---6).

[37]

Tax, D. M. (2001). One-class classification. Delft: Delft University of Technology.

[38]

Neyman, J., & Pearson, E. S. (1992). On the problem of the most efficient tests of statistical hypotheses. New York: Springer.

[39]

Kalutarage, H.K., Lee, C., Shaikh, S.A., Sung, F.L.B.: Towards an early warning system for network attacks using bayesian inference. In Cyber security and cloud computing (CSCloud), 2015 IEEE 2nd international conference on. (pp. 399---404).

[40]

Kalutarage, H. K., Shaikh, S. A., Wickramasinghe, I. P., Zhou, Q., & James, A. E. (2015). Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks. Computers and Electrical Engineering, 47, 327---344.

Digital Library

[41]

Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Potharaju, R., Nita-Rotaru, C., & Molloy, I. (2012) Using probabilistic generative models for ranking risks of android apps. In: Proceedings of the 2012 ACM conference on Computer and communications security, ACM (pp. 241---252)

[42]

Krishnamoorthy, K. (2015). Handbook of statistical distributions with applications. Boca Raton: CRC Press.

[43]

Sarma, B. P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., & Molloy, I. (2012) Android permissions: A perspective combining risks and benefits. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, ACM (pp. 13---22).

[44]

Haris, M., Haddadi, H., & Hui, P. (2014) Privacy leakage in mobile computing: Tools, methods, and characteristics. arXiv preprint arXiv:1410.4978

[45]

Elish, K. O., Yao, D., & Ryder, B. G. (2015) On the need of precise inter-app ICC classification for detecting Android malware collusions. In: MoST.

[46]

Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., & Sadeghi, A. R. (2011) Xmandroid: A new android evolution to mitigate privilege escalation attacks. Technische Universität Darmstadt, Technical Report TR-2011-04.

Cited By

Bian SOuyang XFan ZKoutris PSalakhutdinov RKolter ZHeller KWeller AOliver NScarlett JBerkenkamp F(2024)Naive Bayes classifiers over missing dataProceedings of the 41st International Conference on Machine Learning10.5555/3692070.3692227(3913-3934)Online publication date: 21-Jul-2024
https://dl.acm.org/doi/10.5555/3692070.3692227
Senanayake JKalutarage HAl-Kadri MPetrovski APiras L(2023)Android Source Code Vulnerability Detection: A Systematic Literature ReviewACM Computing Surveys10.1145/355697455:9(1-37)Online publication date: 16-Jan-2023
https://dl.acm.org/doi/10.1145/3556974
Dutta HChakraborty T(2022)Blackmarket-Driven Collusion on Online Media: A SurveyACM/IMS Transactions on Data Science10.1145/35179312:4(1-37)Online publication date: 17-May-2022
https://dl.acm.org/doi/10.1145/3517931
Show More Cited By

Recommendations

Vetting undesirable behaviors in android apps with permission use analysis
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Android platform adopts permissions to protect sensitive resources from untrusted apps. However, after permissions are granted by users at install time, apps could use these permissions (sensitive resources) with no further restrictions. Thus, recent ...
Threat Assessment: Assessing cyber-threats in the information environment

This paper presents TAME, a methodology for assessing threats, and gives a high level overview of its phases and processes. After the evaluation of an initial methodology that was developed in 2001, certain changes had to be made. These changes are ...
Automatically Detecting SSL Error-Handling Vulnerabilities in Hybrid Mobile Web Apps
ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

Today, there are many hybrid apps in which both native Android app UI and WebView UI are used. To protect the security and privacy of the communications, these hybrid apps all use HTTPS by WebView, a key component in modern web browser. In this paper, we ...

Comments

Information & Contributors

Information

Published In

cover image Telecommunications Systems

Telecommunications Systems Volume 66, Issue 3

November 2017

227 pages

ISSN:1018-4864

Issue’s Table of Contents

Copyright © Copyright © 2017 Springer Science+Business Media, LLC.

Publisher

Kluwer Academic Publishers

United States

Publication History

Published: 01 November 2017

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 24 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Bian SOuyang XFan ZKoutris PSalakhutdinov RKolter ZHeller KWeller AOliver NScarlett JBerkenkamp F(2024)Naive Bayes classifiers over missing dataProceedings of the 41st International Conference on Machine Learning10.5555/3692070.3692227(3913-3934)Online publication date: 21-Jul-2024
https://dl.acm.org/doi/10.5555/3692070.3692227
Senanayake JKalutarage HAl-Kadri MPetrovski APiras L(2023)Android Source Code Vulnerability Detection: A Systematic Literature ReviewACM Computing Surveys10.1145/355697455:9(1-37)Online publication date: 16-Jan-2023
https://dl.acm.org/doi/10.1145/3556974
Dutta HChakraborty T(2022)Blackmarket-Driven Collusion on Online Media: A SurveyACM/IMS Transactions on Data Science10.1145/35179312:4(1-37)Online publication date: 17-May-2022
https://dl.acm.org/doi/10.1145/3517931
Wickramasinghe IKalutarage H(2021)Naive Bayes: applications, variations and vulnerabilities: a review of literature with code snippets for implementationSoft Computing - A Fusion of Foundations, Methodologies and Applications10.1007/s00500-020-05297-625:3(2277-2293)Online publication date: 1-Feb-2021
https://dl.acm.org/doi/10.1007/s00500-020-05297-6
Elahi HWang GChen J(2020)Pleasure or pain? An evaluation of the costs and utilities of bloatware applications in android smartphonesJournal of Network and Computer Applications10.1016/j.jnca.2020.102578157:COnline publication date: 1-Jul-2020
https://dl.acm.org/doi/10.1016/j.jnca.2020.102578

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents