Abstract
This study proposed an application behavior-detection method based on multifeature and process algebra for detecting privilege escalation attacks in Android applications. The five features of application that constituted the attack were determined through an analysis of the privilege escalation attack model. On the basis of the extraction of multiple features, process algebra was used to build the application-behavior model and the attack model. Strong equivalence relation was used to verify the application behavior. Finally, dataflow path detection is conducted among the applications that can constitute privilege escalation attacks to determine those apps constituted a privilege escalation attack. The accuracy and effectiveness of the proposed method were verified using the DroidBench benchmark test and the test set that includes 55 APKs of 22 types.
Highlights
With the development of Mobile Internet and the popularization of smartphones, the number of downloads of applications has increased significantly [1]. e Android system with open-source applications has become popular among smart device manufacturers and developers
In view of the serious threat and strong concealment of collusion attacks and not good detection effect of single application, we proposed a detection method based on multifeature and process algebra modeling. e method is described as follows: (1) Extraction feature of attack behavior: based on the analysis of the attack model, five kinds of features are extracted, including apply dangerous permission, Intent-filter, sensitive API calls, sensitive dataflow pairs, and component Intent communication
Behavior Equivalence and Interapplication Path Detection e strong equivalence of process algebra is used to determine the equivalence relationship between the behavior and attack models of the app. erefore, according to the concept of labelled transition system, strong simulation, and strong equivalence in process algebra, the following are defined: behavior-labelled transition system, behavior-strong simulation, and behavior-strong equivalence based on application feature tree (AFT)
Summary
With the development of Mobile Internet and the popularization of smartphones, the number of downloads of applications has increased significantly [1]. e Android system with open-source applications has become popular among smart device manufacturers and developers. E static feature extraction method is used to extract dangerous permission application, sensitive dataflow pairs, sensitive API calls, component Intent communication, and Intent-filter, which make up for the limitation that a single feature can be detected but attack behavior cannot be highly restored. In [15,16,17,18,19,20], the researchers detected the behavior of Android malware by analyzing, extracting, and comparing the behavior features of the app such as permission, control flow, dataflow, and sensitive API calls. Wang et al [40] proposed a method for detecting privileged escalation attacks based on the component, application layer, and the defects of package management.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
