Assessing the security of inter-app communications in android through reinforcement learning

Abstract

A central aspect of the Android platform is Inter-Component Communication (ICC), which allows the reuse of functionality across apps and components through message passing. While ICC is a powerful feature, it also presents a serious attack surface. This paper addresses the issue of generating exploits for a subset of Android ICC vulnerabilities (i.e., IDOS, XAS, and FI) using static analysis, Deep Reinforcement Learning-based dynamic analysis, and software instrumentation. Our approach, called RONIN, outperforms state-of-the-art and baseline tools in terms of the number of exploited vulnerabilities.