Don’t Be Surprised: I See Your Mobile App Stealing Your Data

To detect the potential malicious mobile applications that may cause data leakages, this paper1 proposes to take advantage of the attack-neutral and hard-to-avoid system calls of the mobile system, reconstructing an activity graph for each application to reflect its interactions with the system. This paper makes efforts to automate the activity graph generation in Android, with the main contribution being an open source tool that can be of great assistance for the test team of application stores. The tool’s effectiveness has been validated by our evaluation against some existing or home-brewed mobile applications that leak data.1This paper is a report of research outcomes from open source master projects [4]–[6], and the resultant code can be shared upon request.

[1]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[2]  John Yen,et al.  Towards probabilistic identification of zero-day attack paths , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[3]  Arpitaben Shah Android malware detection and forensics based on API calls , 2016 .

[4]  Xiaoyan Sun,et al.  Patrol: Revealing Zero-Day Attack Paths through Network-Wide System Object Dependencies , 2013, ESORICS.

[5]  Christopher Krügel,et al.  On the Detection of Anomalous System Call Arguments , 2003, ESORICS.

[6]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[7]  Philip K. Chan,et al.  Learning Patterns from Unix Process Execution Traces for Intrusion Detection , 1997 .

[8]  Salvatore J. Stolfo,et al.  Learning Rules from System Call Arguments and Sequences for Anomaly 20 Detection , 2003 .

[9]  Steven A. Hofmeyr,et al.  Intrusion Detection via System Call Traces , 1997, IEEE Softw..

[10]  Xuxian Jiang,et al.  Stealthy malware detection and monitoring through VMM-based “out-of-the-box” semantic view reconstruction , 2010, TSEC.

[11]  R. Sekar,et al.  Dataflow anomaly detection , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[12]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[13]  Vitor Monte Afonso,et al.  Identifying Android malware using dynamically obtained features , 2014, Journal of Computer Virology and Hacking Techniques.