Android共谋攻击检测模型

杨宏宇; 王在明

doi:10.11959/j.issn.1000-436x.2018095

您当前的位置：

首页 >

文章列表页 >

Android共谋攻击检测模型

学术论文 | 更新时间：2024-06-05

- Android共谋攻击检测模型
- Android collusion attack detection model
- 通信学报 2018年39卷第6期页码：27-36
- 作者机构：
  
  中国民航大学计算机科学与技术学院，天津 300300
- 作者简介：
  
  [ "杨宏宇（1969-），男，吉林长春人，博士，中国民航大学教授，主要研究方向为网络信息安全、移动系统安全等。" ]
  [ "王在明（1990-），男，山东临沂人，中国民航大学硕士生，主要研究方向为移动系统安全。" ]
- 基金信息：
  
  国家科技重大专项基金资助项目(2012ZX0300200);中国民航科技基金资助项目(MHRD201009);中国民航科技基金资助项目(MHRD201205)
- DOI：10.11959/j.issn.1000-436x.2018095
  中图分类号： TP309.7
- 网络出版日期：2018-06，
  
  纸质出版日期：2018-06-25
- 稿件说明：
移动端阅览
杨宏宇, 王在明. Android共谋攻击检测模型[J]. 通信学报, 2018,39(6):27-36.

Hongyu YANG, Zaiming WANG. Android collusion attack detection model[J]. Journal on communications, 2018, 39(6): 27-36.
杨宏宇, 王在明. Android共谋攻击检测模型[J]. 通信学报, 2018,39(6):27-36. DOI： 10.11959/j.issn.1000-436x.2018095.

Hongyu YANG, Zaiming WANG. Android collusion attack detection model[J]. Journal on communications, 2018, 39(6): 27-36. DOI： 10.11959/j.issn.1000-436x.2018095.

摘要

为了解决对Android共谋攻击检测效率差和准确率低的问题，提出基于组件通信的Android共谋攻击检测模型。首先，提取已知应用的特征生成特征向量集。其次，对权限特征向量集进行训练和分类，生成安全策略规则集。然后，根据组件和通信方式特征向量集生成组件通信有限状态机并优化安全策略规则集。最后，通过提取待测应用的特征向量集生成新状态机，与已优化安全策略规则集进行匹配检测共谋攻击。实验结果表明，所提检测模型具有较好的检测效率和较高的准确率。

Abstract

In order to solve the problem of poor efficiency and low accuracy of Android collusion detection

an Android collusion attack model based on component communication was proposed.Firstly

the feature vector set was extracted from the known applications and the feature vector set was generated.Secondly

the security policy rule set was generated through training and classifying the privilege feature set.Then

the component communication finite state machine according to the component and communication mode feature vector set was generated

and security policy rule set was optimized.Finally

a new state machine was generated by extracting the unknown application’s feature vector set

and the optimized security policy rule set was matched to detect privilege collusion attacks.The experimental results show that the proposed model has better detective efficiency and higher accuracy.

关键词

Keywords

references

McaAfee Research Institute . . McAfee labs threats report [R ] . 2016 : 1 - 53 .

FELT A P , WANG H J , MOSHCHUK A , et al . Permission re-delegation:attacks and defenses [C ] // USENIX Security Symposium . 2011 : 30 - 31 .

WU L , DU X , ZHANG H . An effective access control scheme for preventing permission leak in Android [C ] // 2015 International Computing,Networking and Communications Conference . 2015 : 57 - 61 .

BLASCO J , CHEN T M . Automated generation of colluding apps for experimental research [J ] . Journal of Computer Virology and Hacking Techniques , 2017 , 36 ( 17 ): 1 - 12 .

ARZT S , RASTHOFER S , FRITZ C , et al . Flowdroid:Precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for android apps [J ] . ACM Sigplan Notices , 2014 , 49 ( 6 ): 259 - 269 .

ASAVOAE I M , NGUYEN H N , ROGGENBACH M , et al . Utilising semantics for collusion detection in Android applications [C ] // International Workshop on Formal Methods for Industrial Critical Systems . 2016 : 142 - 149 .

BOSU A , LIU F , YAO D , et al . Collusive data leak and more:Large-scale threat analysis of inter-app communications [C ] // 2017 ACM Conference on Computer and Communications Security . 2017 : 71 - 85 .

WEI F , ROY S , OU X . Amandroid:a precise and general inter-component data flow analysis framework for security vetting of android apps [C ] // 2014 ACM SIGSAC Conference on Computer and Communications Security . 2014 : 1329 - 1341 .

LI L , BARTEL A , BISSYANDE T F , et al . ApkCombiner:combining multiple android appsto support inter-app analysis [C ] // IFIP International Information Security Conference . 2015 : 513 - 527 .

SCHLEGEL R , ZHANG K , ZHOU X , et al . Soundcomber:a stealthy and context-aware sound trojan for smartphones [C ] // The 2015 Network and Distributed System Security Conference . 2011 : 17 - 33 .

BARTEL A , KLEIN J , LE TRAON Y , et al . Automatically securing permission-based software by reducing the attack surface:An application to android [C ] // The 27th ACM International Conference on Automated Software Engineering . 2012 : 274 - 277 .

SADEGHI A , BAGHERI H , MALEK S . Analysis of android inter-app security vulnerabilities using COVERT [C ] // The 37th IEEE International Conference on Software Engineering . 2015 : 725 - 728 .

MERCALDO F , VISAGGIO C A , CANFORA G , et al . Mobile malware detection in the real world [C ] // ACM International Conference on Software Engineering . 2016 : 744 - 746 .

KALUTARAGE H K , LEE C , SHAIKH S A , et al . Towards an early warning system for net work attacks using bayesian inference [C ] // 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing . 2015 : 399 - 404 .

SCHAPIRE R E . Explaining adaboost [M ] . Berlin,Germany : Springer-VerlagPress , 2013 : 37 - 52 .

GILL A . Introduction to the theory of finite-state machines [J ] . Mathematics of Computation , 1964 , 92 ( 29 ): 63 - 74 .

MCLLROY S , ALI N , HASSAN A E . Fresh apps:an empirical study of frequently-updated mobile apps in the Google play store [J ] . Empirical Software Engineering , 2016 , 21 ( 3 ): 1346 - 1370 .

CHO T , KIM H , LEE J , et al . A scheme for identifying malicious applications based on API characteristics [J ] . Journal of the Korea Institute of Information Security and Cryptology , 2016 , 26 ( 1 ): 187 - 196 .

KIM H , CHO T , AHN G J , et al . Risk assessment of mobile applications based on machine learned malware dataset [J ] . Multimedia Tools and Applications , 2017 , 35 ( 23 ): 1 - 16 .

AGRAWAL A , SIMON G , KARSAI G . Semantic translation of Simulink/Stateflow models to hybrid automata using graph transformations [J ] . Electronic Notes in Theoretical Computer Science , 2004 , 109 ( 11 ): 43 - 56 .

DHAVALE S , LOKHANDE B . Comnoid:information leakage detection using data flow analysis on Android devices [J ] . International Journal of Computer Applications , 2016 , 134 ( 7 ): 1 - 18 .

OCTEAU D , LUCHAUP D , DERING M , et al . Composite constant propagation:application to android inter-component communication analysis [C ] // The 37th International Conference on Software . 2015 : 77 - 88 .

BOSU A , LIU F , YAO D D , et al . Collusive data leak and more:large-scale threat analysis of inter-app communications [C ] // The 2017 ACM on Asia Conference on Computer and Communications Security . 2017 : 71 - 85 .

GORDON M I , KIM D , PERKINS J H , et al . Information flow analysis of Android applications in DroidSafe [C ] // 2015 Network and Distributed System Security Conference . 2015 : 1 - 16 .

浏览量

957

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

车联网中基于模糊评价密度聚类的共谋节点检测方法

基于权力指数的DPoS共谋攻击检测与预防

面向群智感知应用的基于协作的位置认证方案

基于信誉积分的路况信息共享中共谋攻击节点检测方法

基于Alloy的服务组合验证