Permission use analysis for vetting undesirable behaviors in android apps

IEEE Transactions on Information Forensics and Security

Volumn 9, Issue 11, 2014, Pages 1828-1842

  Zhang, Yuan ^a   Yang, Min ^a   Yang, Zhemin ^a   Gu, Guofei ^b   Ning, Peng ^c   Zang, Binyu ^a  

^a FUDAN UNIVERSITY   (China)

^b Department of Electrical and Computer Engineering   (United States)

^c North Carolina State University   (United States)

Author keywords

Android behavior representation; Android security; Permission use analysis; Vetting undesirable behaviors

Indexed keywords

ANDROID APPS; ANDROID SECURITIES; BEHAVIOR REPRESENTATION; PERMISSION USE ANALYSIS; VETTING UNDESIRABLE BEHAVIORS;

EID: 84908068169     PISSN: 15566013     EISSN: None     Source Type: Journal    
DOI: 10.1109/TIFS.2014.2347206     Document Type: Article

References (64)

1. W. Enck et al., "TaintDroid: An information flow tracking system for real-time privacy monitoring on smartphones," in Proc. 9th USENIX Conf. OSDI, pp. 1-6, 2010.
2. IDC: Android Market Share Reached 75% Worldwide in Q3 2012. [Online]. Available: http://techcrunch.com/2012/11/02/idc-android-market-share-reached-75-wo%rldwide-in-q3-2012/, accessed May 7, 2013.
3. D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji, "A methodology for empirical analysis of permission-based security models and its application to Android," in Proc. 17th ACM CCS, 2010, pp. 73-84.
4. Mcafee Threats Report: Third Quarter 2012. [Online]. Available: http://www.mcafee.com/ca/resources/reports/rp-quarterly-threat-q3-2012.pdf, accessed May 7, 2013.
5. K. Rieck, T. Holz, C. Willems, P. Düssel, and P. Laskov, "Learning and classification of malware behavior," in Proc. 5th Int. Conf. DIMVA, Jul. 2008, pp. 108-125.
6. I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, "Crowdroid: Behavior-based malware detection system for Android," in Proc. 1st ACM Workshop SPSM, 2011, pp. 15-26.
7. A. Bose, X. Hu, K. G. Shin, and T. Park, "Behavioral detection of malware on mobile handsets," in Proc. 6th Int. Conf. MobiSys, 2008, pp. 225-238.
8. A. Lanzi, D. Balzarotti, C. Kruegel, M. Christodorescu, and E. Kirda, "Accessminer: Using system-centric models for malware protection," in Proc. 17th ACM Conf. CCS, 2010, pp. 399-412.
9. M. Christodorescu, S. Jha, and C. Kruegel, "Mining specifications of malicious behavior," in Proc. 6th Joint Meeting ESEC-FSE, pp. 5-14, Sep. 2007.
10. M. Fredrikson, S. Jha, M. Christodorescu, R. Sailer, and X. Yan, "Synthesizing near-optimal malware specifications from suspicious behaviors," in Proc. IEEE Symp. SP, May 2010, pp. 45-60.
11. P. M. Comparetti, G. Salvaneschi, E. Kirda, C. Kolbitsch, C. Kruegel, and S. Zanero, "Identifying dormant functionality in malware programs," in Proc. IEEE Symp. SP, May 2010, pp. 61-76.
12. D. Canali, A. Lanzi, D. Balzarotti, C. Kruegel, M. Christodorescu, and E. Kirda, "A quantitative study of accuracy in system call-based malware detection," in Proc. ISSTA, 2012, pp. 122-132.
13. H.-G. Schmidt, K. Raddatz, A.-D. Schmidt, A. Camtepe, and S. Albayrak, "Google Android: A comprehensive introduction," DAI-Labor, Berlin, Germany, Tech. Rep. TUB-DAI 03/09-01, 2009.
14. W. Ma, P. Duan, S. Liu, G. Gu, and J.-C. Liu, "Shadow attacks: Automatically evading system-call-behavior based malware detection," J. Comput. Virol., vol. 8, nos. 1-2, pp. 1-13, May 2012.
15. W. Enck, M. Ongtang, and P. McDaniel, "Understanding Android security," IEEE Security Privacy, vol. 7, no. 1, pp. 50-57, Jan./Feb. 2009.
16. A. P. Felt, K. Greenwood, and D. Wagner, "The effectiveness of application permissions," in Proc. 2nd USENIX Conf. WebApps, 2011, p. 7.
17. (2011). Apple: iOS 4. [Online]. Available: http://www.apple.com/iphone
18. Android Permissions. [Online]. Available: http://developer.android.com/reference/android/Manifest.permission.html, accessed May 7, 2013.
19. Y. Zhang et al., "Vetting undesirable behaviors in Android apps with permission use analysis," in Proc. ACM SIGSAC Conf. CCS, 2013, pp. 611-622.
20. Z. Yang, M. Yang, Y. Zhang, G. Gu, P. Ning, and X. S. Wang, "AppIntent: Analyzing sensitive data transmission in Android for privacy leakage detection," in Proc. ACM SIGSAC Conf. CCS, 2013, pp. 1043-1054.
21. X. Wei, L. Gomez, I. Neamtiu, and M. Faloutsos, "Profiledroid: Multi-layer profiling of Android applications," in Proc. 18th Annu. Int. Conf. Mobicom, 2012, pp. 137-148.
22. L. K. Yan and H. Yin, "Droidscope: Seamlessly reconstructing the os and dalvik semantic views for dynamic Android malware analysis," in Proc. USENIX Security Symp., 2012, pp. 569-584.
23. K. Z. Chen et al., "Contextual policy enforcement in Android applications with permission event graphs," in Proc. NDSS, Feb. 2013.
24. A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, "Android permissions demystified," in Proc. 18th ACM Conf. CCS, 2011, pp. 627-638.
25. K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, "PScout: Analyzing the Android permission specification," in Proc. ACM Conf. CCS, 2012, pp. 217-228.
26. Pendingintent. [Online]. Available: http://developer.android.com/reference/android/app/PendingIntent.html, accessed May 7, 2013.
27. Ui/Application Exerciser Monkey. [Online]. Available: http://developer.android.com/tools/help/monkey.html, accessed May 7, 2013.
28. A. Reina, A. Fattori, and L. Cavallaro, "A system call-centric analysis and stimulation technique to automatically reconstruct Android malware behaviors," in Proc. EuroSec, Apr. 2013.
29. Y. Zhou and X. Jiang, "Dissecting Android malware: Characterization and evolution," in Proc. IEEE Symp. SP, May 2012, pp. 95-109.
30. H. R. Zeidanloo and A. A. Manaf, "Botnet command and control mechanisms," in Proc. 2nd ICCEE, Dec. 2009, pp. 564-568.
31. A. Apvrille and K. Yang, "Defeating mTANs for profit - Part one," Virus Bull. Mag., vol. 7, no. 4, pp. 4-10, Apr. 2011.
32. SMS Emulation Using the Android Emulator. [Online]. Available: http://developer.android.com/tools/devices/emulator.html#sms, accessed May 7, 2013.
33. CopperDroid Analysis Report for GGTracker. [Online]. Available: http://copperdroid.isg.rhul.ac.uk/copperdroid/view.php?id=4514, accessed May 7, 2013.
34. Android.SMSReplicator. [Online]. Available: http://www.symantec.com/security-response/writeup.jsp?docid=2010-110214%-1252-99, accessed May 7, 2013.
35. CopperDroid Analysis Report for SMSReplicator. [Online]. Available: http://copperdroid.isg.rhul.ac.uk/copperdroid/view.php?id=5378, accessed May 7, 2013.
36. ZeuS-in-the-Mobile - Facts and Theories. [Online]. Available: http://www.securelist.com/en/analysis/204792194/ZeuS-in-the-Mobile-Fact-and-Theories, accessed May 7, 2013.
37. M. G. Kang, S. McCamant, P. Poosankam, and D. Song, "DTA++: Dynamic taint analysis with targeted control-flow propagation," in Proc. NDSS, Feb. 2011.
38. L. Cavallaro, P. Saxena, and R. Sekar, "On the limits of information flow techniques for malware analysis and containment," in Proc. 5th Int. Conf. DIMVA, Jul. 2008, pp. 143-163.
39. G. Sarwar, O. Mehani, R. Boreli, and D. Kaafar, "On the effectiveness of dynamic taint analysis for protecting against private information leaks on Android-based devices," in Proc. 10th Int. Conf. SECRYPT, 2013, pp. 461-467.
40. M. Grace, Y. Zhou, Z. Wang, and X. Jiang, "Systematic detection of capability leaks in stock Android smartphones," in Proc. NDSS, 2012.
41. V. Rastogi, Y. Chen, and W. Enck, "AppsPlayground: Automatic security analysis of smartphone applications," in Proc. 3rd ACM Conf. CODASPY, 2013, pp. 209-220.
42. P. Gilbert, B.-G. Chun, L. P. Cox, and J. Jung, "Vision: Automated security validation of mobile apps at app markets," in Proc. 2nd Int. Workshop MCS, 2011, pp. 21-26.
43. A. MacHiry, R. Tahiliani, and M. Naik, "Dynodroid: An input generation system for Android apps," Program Anal. Group, Georgia Inst. Technol., Atlanta, GA, USA, Tech. Rep. GIT-CERCS-12-09, 2012.
44. A. Moser, C. Kruegel, and E. Kirda, "Exploring multiple execution paths for malware analysis," in Proc. IEEE Symp. SP, May 2007, pp. 231-245.
45. J. Wilhelm and T.-C. Chiueh, "A forced sampled execution approach to kernel rootkit identification," in Proc. 10th Int. Conf. RAID, 2007, pp. 219-235.
46. Z. Xu, L. Chen, G. Gu, and C. Kruegel, "PeerPress: Utilizing enemies' P2P strength against them," in Proc. ACM Conf. CCS, 2012, pp. 581-592.
47. S. Chakradeo, B. Reaves, P. Traynor, and W. Enck, "MAST: Triage for market-scale mobile malware analysis," in Proc. 6th ACM Conf. WiSec, 2013, pp. 13-24.
48. A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, "A survey of mobile malware in the wild," in Proc. 1st ACM Workshop SPSM, 2011, pp. 3-14.
49. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, "Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets," in Proc. NDSS, 2012.
50. M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang, "RiskRanker: Scalable and accurate zero-day Android malware detection," in Proc. 10th Int. Conf. MobiSys, 2012, pp. 281-294.
51. A. P. Felt, S. Egelman, M. Finifter, D. Akhawe, and D. Wagner, "How to ask for permission," in Proc. HotSec, 2012.
52. W. Enck, M. Ongtang, and P. McDaniel, "On lightweight mobile phone application certification," in Proc. 16th ACM Conf. CCS, 2009, pp. 235-245.
53. M. Nauman, S. Khan, and X. Zhang, "Apex: Extending Android permission model and enforcement with user-defined runtime constraints," in Proc. 5th ASIACCS, 2010, pp. 328-332.
54. M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel, "Semantically rich application-centric security in Android," in Proc. ACSAC, Dec. 2009, pp. 340-349.
55. K. Singh, "Practical context-aware permission control for hybrid mobile applications," in Proc. 16th Int. Symp. RAID, Oct. 2013, pp. 307-327.
56. S. Rosen, Z. Qian, and Z. M. Mao, "AppProfiler: A flexible method of exposing privacy-related behavior in Android applications to end users," in Proc. 3rd ACM CODASPY, 2013, pp. 221-232.
57. R. Pandita, X. Xiao, W. Yang, W. Enck, and T. Xie, "WHYPER: Towards automating risk assessment of mobile applications," in Proc. USENIX Security Symp., pp. 527-542, Aug. 2013.
58. M. Frank, B. Dong, A. P. Felt, and D. Song, "Mining permission request patterns from Android and Facebook applications," in Proc. IEEE 12th ICDM, Dec. 2012, pp. 870-875.
59. H. Peng et al., "Using probabilistic generative models for ranking risks of Android apps," in Proc. ACM CCS, 2012, pp. 241-252.
60. A. P. Felt, H. J.Wang, A. Moshchuk, S. Hanna, and E. Chin, "Permission re-delegation: Attacks and defenses," in Proc. USENIX Security Symp., 2011.
61. M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach, "Quire: Lightweight provenance for smart phone operating systems," in Proc. USENIX Security Symp., 2011.
62. L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang, "CHEX: Statically vetting Android apps for component hijacking vulnerabilities," in Proc. ACM Conf. CCS, 2012, pp. 229-240.
63. P. P. F. Chan, L. C. K. Hui, and S. M. Yiu, "DroidChecker: Analyzing Android applications for capability leak," in Proc. 5th ACM Conf. WISEC, 2012, pp. 125-136.
64. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry, "Towards taming privilege-escalation attacks on Android," in Proc. NDSS, Feb. 2012.