Skip to main content
SpringerLink
Log in

Characterization of Android Applications with Root Exploit by Using Static Feature Analysis

  • Conference paper
  • First Online:
Algorithms and Architectures for Parallel Processing (ICA3PP 2015)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9532))

Abstract

Recently, more and more rootkit tools are provided by some well-known vendors in the mainstream Android markets. Many people are willing to root their phones to uninstall pre-installed applications, flash third-party ROMs and so on. As it is reported, a significant proportion of Android phones are rooted at least one time. However, applications with root exploit bring critical security threat to users. When the phone is rooted, the permission system, which enforces access control to those privacy-related resources in Android phones, could be bypassed. Thus, the phone will be an easy point for malware to launch attacks. What’s more, even the phone is unrooted, permission escalation attacks also can be carried out. Remarkably, an amount of sophisticated Android malware embeds root exploit payloads. Hence, root exploit always suggests high security risk. It is a pressing concern for researchers to characterize and detect applications with root exploit. In this paper, a novel method to extract key features of apps with root exploit is proposed. Contrary to existing works, contrasting the static features between applications with and without root exploit comprehensively are considered at the first time. We complete and evaluate the methodology on two clean apps and two malware dataset, comprising 52, 1859, 463 and 797 applications respectively. Our empirical results suggest the peculiar features can be obtained, which can capture the key differences between applications with and without root exploit to characterize Android root exploit applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. IDC. http://www.idc.com/getdoc.jsp?containerId=prUS25282214

  2. Users and Groups. https://wiki.archlinux.org/index.php/Users_and_groups#Group_management

  3. NetQin: 2012 moblie phone security report (2012). http://cn.nq.com/neirong/2012shang.pdf

  4. Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: S&P 2012, pp. 95–109. IEEE (2012)

    Google Scholar 

  5. Zhang, Z., Wang, Y., Jing, J., Wang, Q., Lei, L.: Once root always a threat: analyzing the security threats of android permission system. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 354–369. Springer, Heidelberg (2014)

    Google Scholar 

  6. System Permission. http://developer.android.com/intl/zh-cn/guide/topics/security/permissions.html

  7. Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang, X.S., Zang, B.: Vetting undesirable behaviors in android apps with permission use analysis. In: CCS 2013, pp. 611–622 (2013)

    Google Scholar 

  8. VirusTotal. https://www.virustotal.com

  9. Androguard. http://code.google.com/p/androguard

  10. Apriori algorithm. https://en.wikipedia.org/wiki/Apriori_algorithm

  11. Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans. Inf. Forensics Secur. 9(11), 1869–1882 (2014)

    Article  Google Scholar 

  12. Lee, H.-T., Kim, D., Park, M., Cho, S.: Protecting data on android platform against privilege escalation attack. Int. J. Comput. Math. (ahead-of-print), 1–14 (2014)

    Google Scholar 

  13. Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In: NDSS (2012)

    Google Scholar 

  14. Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, pp. 281–294. ACM (2012)

    Google Scholar 

  15. Rastogi, V., Chen, Y., Enck, W.: Appsplayground: automatic security analysis of smartphone applications. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, pp. 209–220. ACM (2013)

    Google Scholar 

  16. Ho, T.-H., Dean, D., Gu, X., Enck, W.: Prec: practical root exploit containment for android devices. In: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, pp. 187–198. ACM (2014)

    Google Scholar 

  17. Ham, Y.J., Choi, W.-B., Lee, H.-W.: Mobile root exploit detection based on system events extracted from android platform. In: SAM 2013, 1p. WorldComp (2013)

    Google Scholar 

Download references

Acknowledgements

This work was supported in part by National High-tech R&D Program of China under grant No. 2015AA016004, NSFC under grants No. 61170189 and No. 61370126.

Author information

Authors and Affiliations

  1. School of Computer Science and Engineering, Beihang University, Beijing, 100191, China

    Huikang Hao & Zhoujun Li

  2. Beijing Key Laboratory of Network Technology, Beihang University, Beijing, 100081, China

    Zhoujun Li

  3. National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing, 100029, China

    Yueying He

  4. China Information Technology Security Evaluation Center, Beijing, 100085, China

    Jinxin Ma

Authors
  1. Huikang Hao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhoujun Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yueying He
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jinxin Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Huikang Hao .

Editor information

Editors and Affiliations

  1. Central South University, Changsha, China

    Guojin Wang

  2. Sch of Information Technologies, Sydney University, Sydney, New South Wales, Australia

    Albert Zomaya

  3. Department of Information and Commu, University of Murcia, Murcia, Murcia, Spain

    Gregorio Martinez

  4. Changsha, China

    Kenli Li

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Hao, H., Li, Z., He, Y., Ma, J. (2015). Characterization of Android Applications with Root Exploit by Using Static Feature Analysis. In: Wang, G., Zomaya, A., Martinez, G., Li, K. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2015. Lecture Notes in Computer Science(), vol 9532. Springer, Cham. https://doi.org/10.1007/978-3-319-27161-3_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27161-3_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27160-6

  • Online ISBN: 978-3-319-27161-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation