Ajoy Das
ABSTRACT
Collusive malwares in Android exploit the Inter Component Communication (ICC) scheme in Android architecture. Several collusive malware detection and analysis tools have been developed since the beginning of Android. These tools are mostly based on static code analysis and dynamic behavior analysis. Although such approaches can point out ICC paths and risk associated with them pretty well, an addition of visual component can provide ease of perception on collusive malware behaviors. We reviewed the state-of-the-art approaches and developed a tool, AndroCap which integrates the static code analysis process of a state-of-the-art tool to our system, visualizes the ICC paths and risks associated with them found from static code analysis results and dynamically collects data from apps running on Android environment to observe malicious communication among app components. We further test AndroCap on a set malwares and present the results. Our results show that the developed tool can successfully visualize ICC paths found from static code analysis and mark suspicious ones using contrasting colors. Further, malicious communication among components can be dynamically observed by executing apps on Android environment.
- Mohannad Alhanahnah, Qiben Yan, Hamid Bagheri, Hao Zhou, Yutaka Tsutano, Witawas Srisa-an, and Xiapu Luo. 2019. Detecting Vulnerable Android Inter-App Communication in Dynamically Loaded Code. In IEEE Conference on Computer Communications (INFOCOM). Paris, France, 550–558.Google Scholar
- Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM Sigplan Notices 49, 6 (June 2014), 259–269.Google ScholarDigital Library
- Amiangshu Bosu, Fang Liu, Danfeng Daphne Yao, and Gang Wang. 2017. Collusive data leak and more: Large-scale threat analysis of inter-app communications. In Asia Conference on Computer and Communications Security. ACM, Abu Dhabi, UAE, 71–85.Google ScholarDigital Library
- John Jenkins and Haipeng Cai. 2017. Dissecting Android inter-component communications via interactive visual explorations. In IEEE International Conference on Software Maintenance and Evolution. Shanghai, China, 519–523.Google ScholarCross Ref
- Youn Kyu Lee, Jae Young Bang, Gholamreza Safi, Arman Shahbazian, Yixue Zhao, and Nenad Medvidovic. 2017. A SEALANT for inter-app security holes in android. In IEEE/ACM 39th International Conference on Software Engineering (ICSE). Buenos Aires, Argentina, 312–323.Google ScholarDigital Library
- Li Li, Alexandre Bartel, Tegawendé F Bissyandé, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, title=Iccta: Detecting inter-component privacy leaks in android apps, Eric Bodden, Damien Octeau, and Patrick McDaniel. 2015. In Proceedings of the 37th International Conference on Software Engineering-Volume 1. IEEE Press, Florence, Italy, 280–291.Google Scholar
- Fang Liu, Haipeng Cai, Gang Wang, Danfeng Yao, Karim O Elish, and Barbara G Ryder. 2017. MR-Droid: A scalable and prioritized analysis of inter-app communication risks. In IEEE Security and Privacy Workshops. San Jose, CA, USA, 189–198.Google ScholarCross Ref
- Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon. 2013. Effective inter-component communication mapping in android: An essential step towards holistic security analysis. In Presented as part of the 22nd USENIX Security Symposium USENIX Security 13). Washington, D.C, USA, 543–558.Google Scholar
- Siegfried Rasthofer, Steven Arzt, and Eric Bodden. 2014. A machine-learning approach for classifying and categorizing android sources and sinks.. In NDSS. Citeseer.Google Scholar
- Roman Schlegel, Kehuan Zhang, Xiao-yong Zhou, Mehool Intwala, Apu Kapadia, and XiaoFeng Wang. 2011. Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones.. In NDSS. San Diego, California, USA, 17–33.Google Scholar
- Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 1999. Soot: A Java bytecode optimization framework. In Conference of the Centre for Advanced Studies on Collaborative research (Mississauga, Ontario, Canada). IBM Press, 13–23.Google Scholar
- Fengguo Wei, Sankardas Roy, Xinming Ou, 2018. Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. ACM Transactions on Privacy and Security 21, 3, Article 14(2018).Google ScholarDigital Library
Recommendations
Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications SecurityInter-Component Communication (ICC) provides a message passing mechanism for data exchange between Android applications. It has been long believed that inter-app ICCs can be abused by malware writers to launch collusion attacks using two or more apps. ...
Android Applications Repackaging Detection Techniques for Smartphone Devices
The problem of malwares affecting Smartphones has been widely recognized by the researchers across the world. Majority of these malwares target Android OS. Studies have found that most of the Android malwares hide inside repackaged apps to get inside ...
Effectiveness of Android Obfuscation on Evading Anti-malware
CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and PrivacyObfuscation techniques have been conventionally used for legitimate applications, including preventing application reverse engineering, tampering and protecting intellectual property. A malware author could also leverage these benign techniques to hide ...
Comments