Anti-Hijack: Runtime Detection of Malware Initiated Hijacking in Android

Abstract

According to studies, Android is having the highest market share in smartphone operating systems. The number of Android apps (i.e. applications) are increasing day by day. Consequent threats and attacks on Android are also rising. There are a large number of apps which bypass users by hiding their functionalities and send users sensitive information and data across the network. Due to flexibility and openness of Android operating system, attack surfaces are being introduced every other day.In this paper, we are addressing detection of two fatal malware attacks; intent based hijacking and authenticated session hijacking. We have used the concept of honey-pot in detection of these two authentication hijacking problems. In order to achieve this, we have tested various apps and their interaction with the honey-pot maintained by real device or an emulator. We have designed benign app as a honey framed app. We argue that hijacking malware can be detected with higher accuracy using our method at run-time as compared to the traditional machine learning methods. Our approach, Anti-Hijack, which has provided the detection accuracy as high as 96%. This has been highly accurate to detect the unwanted interaction between hijacking malware and designed benign app. We have tested our approach on a strong data-set of Android apps for experiment and identifying vulnerable points. Our detection method Anti-Hijack is a novel contribution in this area which provides light weight, device operated run-time detection at hijacking malware.