An Android privacy leakage malicious application detection approach based on directed information flow

doi:10.7523/j.issn.2095-6134.2015.06.013

Abstract

Abstract:

Android devices occupy 81.9% of the total smart phone market. However, the malicious applications of Android system are increasing, and the detection technology has become the hot topic in security research. We propose a new Android detection approach of privacy leakage malicious application based on directed information flow. This approach first decompiles the application and analyzes the permissions. Then, it builds directed information flow model according to the privacy points. By tracking the flows of the points, the information flows are monitored and the privacy leakages are detected. We tested 7 985 applications and detected 357 privacy leakage ones. We analyzed one of the results and confirmed that it was indeed a privacy leakge appliction. The results show that this new approach has good detection capacity.

Key words: Android applicaiton, pricacy leakage, directed infromation flow, malicious application detectoin, decompile

CLC Number:

TP393

WU Jingzheng, WU Yanjun, WU Zhifei, YANG Mutian, LUO Tianyue, WANG Yongji. An Android privacy leakage malicious application detection approach based on directed information flow[J]. , 2015, 32(6): 807-815.

References

[1] La Polla M, Martinelli F, Sgandurra D. A survey on security for mobile devices[J]. IEEE Communications Surveys & Tutorials, 2012, 15(1):446-471.

[2] Grace M, Zhou Y J, Zhang Q, et al. RiskRanker:scalable and accurate zero-day Android malware detection[C]//Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services (MobiSys'12). Low Wood Bay, Lake District, UK. 2012:281-294.

[3] Rastogi V, Chen Y, Jiang X X. DroidChameleon:evaluating Android anti-malware against transformation attacks[C]//Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. Hangzhou, China; ACM. 2013:329-334.

[4] Zhou W, Zhang X W, Jiang X X. AppInk:watermarking android apps for repackaging deterrence[C]//Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. Hangzhou, China; ACM. 2013:1-12.

[5] Zhou Y J, Jiang X X. Detecting passive content leaks and pollution in android applications[C]//Proc of the 20th Annual Network and Distributed System Security Symposium (NDSS'13). San Diego, California, USA. 2013:1-16.

[6] Suarez-Tangil G, Tapiador J E, Peris-Lopez P, et al. Dendroid:a text mining approach to analyzing and classifying code structures in Android malware families[J]. Expert Systems with Applications, 2014, 41(4):1 104-1 117.

[7] 蒋绍林, 王金双, 张涛,等. Android安全研究综述[J]. 计算机应用与软件, 2012, 29(10):205-210.

[8] 杨欢, 张玉清, 胡予濮,等. 基于权限频繁模式挖掘算法的Android恶意应用检测方法[J]. 通信学报, 2013, 34(Z1):106-115.

[9] 刘潇逸, 崔翔, 郑东华,等. 一种基于Android系统的手机僵尸网络[J]. 计算机工程, 2011, 37(19):1-5.

[10] 杨珉, 王晓阳, 张涛,等. 国内Android应用商城中程序隐私泄露分析[J]. 清华大学学报:自然科学版, 2012, 52(10):1 420-1 426.

[11] 王浩宇, 王仲禹, 郭耀,等. 基于代码克隆检测技术的Android应用重打包检测[J]. 中国科学:信息科学, 2014, 44(1):142-157.

[12] 龚炳江, 唐宇敬. Android平台下软件安全漏洞挖掘方法研究[J]. 计算机应用与软件, 2014, 31(1):311-314,333.

[13] Denning D E. A lattice model of secure information flow[J]. Commun ACM, 1976, 19(5):236-243.

[14] Tsai C R, Gligor V D, Chandersekaran C S. On the identification of covert storage channels in secure systems[J]. Software Engineering, IEEE Transactions on, 1990, 16(6):569-580.

[1]	DAI Zhiming, ZHOU Mingtuo, YANG Yang, LI Jian, LIU Jun. Fog computing resource scheduling in intelligent factories [J]. Journal of University of Chinese Academy of Sciences, 2021, 38(5): 702-711.
[2]	LIU Ting, LUO Xiliang. Online task offloading in mobile edge computing [J]. Journal of University of Chinese Academy of Sciences, 0, (): 21542-21542.
[3]	ZHU Zhaowei, LIU Ting, QIAN Hua, LUO Xiliang. Online task offloading in non-stationary fog-enabled networks [J]. , 2020, 37(5): 699-707.
[4]	LAI Xunfei, LIANG Xuwen, XIE Zhuochen, LI Zongwang. Intrusion detection method based on entity embedding and long short-term memory networks [J]. , 2020, 37(4): 553-561.
[5]	ZHAO Ze, XU Youyu, TANG Liang, BU Zhiyong. Internet traffic classification based on the improved one-versus-one method [J]. , 2020, 37(4): 570-576.
[6]	XUE Kaiping, LIU Bin, LI Wei, HONG Peilin. A format feature extracting and classifying algorithm for unknown data link frame [J]. , 2018, 35(4): 521-528.
[7]	TIAN Jie, WANG Weiqiang, SUN Yi. Recognition of overlaid Chinese characters in videos without binarization [J]. , 2018, 35(3): 402-408.
[8]	YE Yanling, FU Xiaotong, ZHANG Yuqing, YUE Hongzhou. An automated and directed testing technique for target behavior of Android application [J]. , 2018, 35(3): 409-416.
[9]	YAN Zhitao, FANG Binxing, LIU Qixu, CUI Xiang. A wireless router-based lightweight defense framework for IoT devices [J]. , 2017, 34(6): 759-770.
[10]	WANG Kaiyong, DENG Yu. Identification of spatial connection intensity of Zhongyuan urban agglomeration based on microblogging [J]. , 2016, 33(6): 775-782.
[11]	YAN Shujun, WANG Wenjie, ZHANG Yuqing. An efficient method of web fingerprint identification [J]. , 2016, 33(5): 679-685.
[12]	HOU Jinzhong, ZHANG Libo, LUO Tiejian. A distributed storage method of balancing video resources [J]. , 2016, 33(5): 686-692.
[13]	CAO Laicheng, ZHAO Jianjun, CUI Xiang, LI Ke. Cyberspace device identification based on K-means with cosine distance measure [J]. , 2016, 33(4): 562-569.
[14]	DONG Ying, ZHANG Yuqing, YUE Hongzhou. Vulnerability exploitation for Joomla content management system [J]. , 2015, 32(6): 825-835.
[15]	LUO Gang, ZHAO Yawei, WANG Yong. Risk propagation patterns of guarantee network based on the theory of complex network [J]. , 2015, 32(6): 836-842.