Abstract
Recently, more and more rootkit tools are provided by some well-known vendors in the mainstream Android markets. Many people are willing to root their phones to uninstall pre-installed applications, flash third-party ROMs and so on. As it is reported, a significant proportion of Android phones are rooted at least one time. However, applications with root exploit bring critical security threat to users. When the phone is rooted, the permission system, which enforces access control to those privacy-related resources in Android phones, could be bypassed. Thus, the phone will be an easy point for malware to launch attacks. What’s more, even the phone is unrooted, permission escalation attacks also can be carried out. Remarkably, an amount of sophisticated Android malware embeds root exploit payloads. Hence, root exploit always suggests high security risk. It is a pressing concern for researchers to characterize and detect applications with root exploit. In this paper, a novel method to extract key features of apps with root exploit is proposed. Contrary to existing works, contrasting the static features between applications with and without root exploit comprehensively are considered at the first time. We complete and evaluate the methodology on two clean apps and two malware dataset, comprising 52, 1859, 463 and 797 applications respectively. Our empirical results suggest the peculiar features can be obtained, which can capture the key differences between applications with and without root exploit to characterize Android root exploit applications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Users and Groups. https://wiki.archlinux.org/index.php/Users_and_groups#Group_management
NetQin: 2012 moblie phone security report (2012). http://cn.nq.com/neirong/2012shang.pdf
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: S&P 2012, pp. 95–109. IEEE (2012)
Zhang, Z., Wang, Y., Jing, J., Wang, Q., Lei, L.: Once root always a threat: analyzing the security threats of android permission system. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 354–369. Springer, Heidelberg (2014)
System Permission. http://developer.android.com/intl/zh-cn/guide/topics/security/permissions.html
Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang, X.S., Zang, B.: Vetting undesirable behaviors in android apps with permission use analysis. In: CCS 2013, pp. 611–622 (2013)
VirusTotal. https://www.virustotal.com
Androguard. http://code.google.com/p/androguard
Apriori algorithm. https://en.wikipedia.org/wiki/Apriori_algorithm
Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans. Inf. Forensics Secur. 9(11), 1869–1882 (2014)
Lee, H.-T., Kim, D., Park, M., Cho, S.: Protecting data on android platform against privilege escalation attack. Int. J. Comput. Math. (ahead-of-print), 1–14 (2014)
Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In: NDSS (2012)
Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, pp. 281–294. ACM (2012)
Rastogi, V., Chen, Y., Enck, W.: Appsplayground: automatic security analysis of smartphone applications. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, pp. 209–220. ACM (2013)
Ho, T.-H., Dean, D., Gu, X., Enck, W.: Prec: practical root exploit containment for android devices. In: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, pp. 187–198. ACM (2014)
Ham, Y.J., Choi, W.-B., Lee, H.-W.: Mobile root exploit detection based on system events extracted from android platform. In: SAM 2013, 1p. WorldComp (2013)
Acknowledgements
This work was supported in part by National High-tech R&D Program of China under grant No. 2015AA016004, NSFC under grants No. 61170189 and No. 61370126.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Hao, H., Li, Z., He, Y., Ma, J. (2015). Characterization of Android Applications with Root Exploit by Using Static Feature Analysis. In: Wang, G., Zomaya, A., Martinez, G., Li, K. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2015. Lecture Notes in Computer Science(), vol 9532. Springer, Cham. https://doi.org/10.1007/978-3-319-27161-3_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-27161-3_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27160-6
Online ISBN: 978-3-319-27161-3
eBook Packages: Computer ScienceComputer Science (R0)