Detection of app collusion potential using logic programming. (1st March 2018)
- Record Type:
- Journal Article
- Title:
- Detection of app collusion potential using logic programming. (1st March 2018)
- Main Title:
- Detection of app collusion potential using logic programming
- Authors:
- Blasco, Jorge
Chen, Thomas M.
Muttik, Igor
Roggenbach, Markus - Abstract:
- Abstract: Mobile devices pose a particular security risk because they hold personal details (accounts, locations, contacts, photos) and have capabilities potentially exploitable for eavesdropping (cameras/microphone, wireless connections). The Android operating system is designed with a number of built-in security features such as application sandboxing and permission-based access control. Unfortunately, these restrictions can be bypassed, without the user noticing, by colluding apps whose combined permissions allow them to carry out attacks that neither app is able to execute by itself. While the possibility of app collusion was first warned in 2011, it has been unclear if collusion is used by malware in the wild due to a lack of suitable detection methods and tools. This paper describes how we found the first collusion in the wild. We also present a strategy for detecting collusions and its implementation in Prolog that allowed us to make this discovery. Our detection strategy is grounded in concise definitions of collusion and the concept of ASR (Access-Send-Receive) signatures. The methodology is supported by statistical evidence. Our approach scales and is applicable to inclusion into professional malware detection systems: we applied it to a set of more than 50, 000 apps collected in the wild. Code samples of our tool as well as of the detected malware are available.
- Is Part Of:
- Journal of network and computer applications. Volume 105(2018)
- Journal:
- Journal of network and computer applications
- Issue:
- Volume 105(2018)
- Issue Display:
- Volume 105, Issue 2018 (2018)
- Year:
- 2018
- Volume:
- 105
- Issue:
- 2018
- Issue Sort Value:
- 2018-0105-2018-0000
- Page Start:
- 88
- Page End:
- 104
- Publication Date:
- 2018-03-01
- Subjects:
- Android -- Collusion -- Malware -- MoPlus
Microcomputers -- Periodicals
Computer networks -- Periodicals
Application software -- Periodicals
Micro-ordinateurs -- Périodiques
Réseaux d'ordinateurs -- Périodiques
Logiciels d'application -- Périodiques
Application software
Computer networks
Microcomputers
Periodicals
004.05
004 - Journal URLs:
- http://www.sciencedirect.com/science/journal/10848045 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.jnca.2017.12.008 ↗
- Languages:
- English
- ISSNs:
- 1084-8045
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 5021.410600
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 5816.xml