Abstract
The application collusion attack is a new form of threat that is becoming widespread in mobile environment. This technique requires that two or more apps cooperate in some way with the aim to perform a malicious action that they are unable to perform independently. In this paper we present a method exploiting the model checking technique aimed to detect whether two or more apps are performing a collusion attack. We also propose a heuristic function able to reduce the number of the analyzed apps and to localize the collusion. The preliminary investigation has brought very promising results.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Amato, F., Castiglione, A., De Santo, A., Moscato, V., Picariello, A., Persia, F., Sperlí, G.: Recognizing human behaviours in online social networks. Comput. Secur. 74, 355–370 (2018)
Amato, F., Moscato, F., Moscato, V., Colace, F.: Improving security in cloud by formal modeling of IaaS resources. Future Gener. Comput. Syst. 87, 754–764 (2018)
Andersen, J.R., Andersen, N., Enevoldsen, S., Hansen, M.M., Larsen, K.G., Olesen, S.R., Srba, J., Wortmann, J.K.: CAAL: concurrency workbench, Aalborg edition. In: Proceedings of the Theoretical Aspects of Computing - ICTAC 2015 - 12th International Colloquium Cali, Colombia, 29–31 October 2015. LNCS, vol. 9399, pp. 573–582. Springer (2015)
Asavoae, I.M., Blasco, J., Chen, T.M., Kalutarage, H.K., Muttik, I., Nguyen, H.N., Roggenbach, M., Shaikh, S.A.: Towards automated Android app collusion detection. In: Proceedings of the 1st International Workshop on Innovations in Mobile Privacy and Security, IMPS 2016, co-located with the International Symposium on Engineering Secure Software and Systems (ESSoS 2016), London, UK, 6 April 2016, pp. 29–37 (2016)
Barbuti, R., De Francesco, N., Santone, A., Vaglini, G.: LORETO: a tool for reducing state explosion in verification of LOTOS programs. Softw. Pract. Exper. 29(12), 1123–1147 (1999)
Barbuti, R., De Francesco, N., Santone, A., Vaglini, G.: Reduced models for efficient CCS verification. Formal Methods Syst. Des. 26(3), 319–350 (2005)
Battista, P., Mercaldo, F., Nardone, V., Santone, A., Visaggio, C.A.: Identification of Android malware families with model checking. In: Proceedings of the 2nd International Conference on Information Systems Security and Privacy, ICISSP, vol. 1, pp. 542–547 (2016)
Blasco, J., Chen, T.M.: Automated generation of colluding apps for experimental research. J. Comput. Virol. Hacking Tech. 14(2), 127–138 (2018)
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R., Shastry, B.: Towards taming privilege-escalation attacks on Android. In: NDSS, vol. 17, p. 19. Citeseer (2012)
Canfora, G., Martinelli, F., Mercaldo, F., Nardone, V., Santone, A., Visaggio, C.A.: LEILA: formal tool for identifying mobile malicious behaviour. IEEE Trans. Softw. Eng. 45(12), 1230–1252 (2018)
Canfora, G., Medvet, E., Mercaldo, F., Visaggio, C.A.: Detecting Android malware using sequences of system calls. In: Proceedings of the 3rd International Workshop on Software Development Lifecycle for Mobile, pp. 13–20. ACM (2015)
Canfora, G., Mercaldo, F., Visaggio, C.A.: Mobile malware detection using op-code frequency histograms. In: 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE), vol. 4, pp. 27–38. IEEE (2015)
Casolare, R., Martinelli, F., Mercaldo, F., Santone, A.: A model checking based proposal for mobile colluding attack detection. In: IEEE BigData (2019, in press)
Ceccarelli, M., Cerulo, L., Santone, A.: De novo reconstruction of gene regulatory networks from time series data, an approach based on formal methods. Methods 69(3), 298–305 (2014)
Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 239–252. ACM (2011)
Clarke, E.M., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (2001)
de Francesco, N., Lettieri, G., Santone, A., Vaglini, G.: GreASE: a tool for efficient “nonequivalence” checking. ACM Trans. Softw. Eng. Methodol. (TOSEM) 23(3), 24 (2014)
Marforio, C., Ritzdorf, H., Francillon, A., Capkun, S.: Analysis of the communication between colluding applications on modern smartphones. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 51–60. ACM (2012)
Memon, A.M., Anwar, A.: Colluding apps: tomorrow’s mobile malware threat. IEEE Secur. Priv. 13(6), 77–81 (2015)
Mercaldo, F., Nardone, V., Santone, A., Visaggio, C.A.: Ransomware steals your phone. Formal methods rescue it. In: Proceedings of the Formal Techniques for Distributed Objects, Components, and Systems - 36th IFIP WG 6.1 International Conference, FORTE 2016, Held as Part of the 11th International Federated Conference on Distributed Computing Techniques, DisCoTec 2016, Heraklion, Crete, Greece, 6–9 June 2016. LNCS, vol. 9688, pp. 212–221. Springer (2016)
Mercaldo, F., Santone, A.: Deep learning for image-based mobile malware detection. J. Comput. Virol. Hacking Tech. 1–15 (2020)
Milner, R.: Communication and Concurrency. PHI Series in Computer Science. Prentice Hall, Upper Saddle River (1989)
Sbîrlea, D., Burke, M.G., Guarnieri, S., Pistoia, M., Sarkar, V.: Automatic detection of inter-application permission leaks in Android applications. IBM J. Res. Dev. 57(6), 10–1 (2013)
Stirling, C.: An introduction to modal and temporal logics for CCS. In: Yonezawa, A., Ito, T. (eds.) Concurrency: Theory, Language, and Architecture. LNCS, vol. 491, pp. 2–20. Springer (1989)
Xu, K., Li, Y., Deng, R.H.: ICCDetector: ICC-based malware detection on Android. IEEE Trans. Inf. Forensics Secur. 11(6), 1252–1264 (2016)
Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative Android markets. In: NDSS, vol. 25, pp. 50–52 (2012)
Acknowledgments
This work has been partially supported by MIUR - SecureOpenNets and EU SPARTA and CyberSANE projects.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Casolare, R., Martinelli, F., Mercaldo, F., Nardone, V., Santone, A. (2020). Colluding Android Apps Detection via Model Checking. In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds) Web, Artificial Intelligence and Network Applications. WAINA 2020. Advances in Intelligent Systems and Computing, vol 1150. Springer, Cham. https://doi.org/10.1007/978-3-030-44038-1_71
Download citation
DOI: https://doi.org/10.1007/978-3-030-44038-1_71
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44037-4
Online ISBN: 978-3-030-44038-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)