Android App Malicious Behavior Detection Based on User Intention

Security-sensitive behaviors in Android applications (apps for short) may or may not be malicious. We propose that a fundamental difference between malicious and benign behaviors is that their corresponding user intentions are different, i.e., whether there is an association between the app behavior and user intention. The user knows and wants this behavior to happen. Based on this discovery, we first design and realize IBdroid, which can precisely monitor user inter-faces, user actions and security-sensitive behaviors of apps. Then the user intention features, which can perceive the correlations between user intention and app behavior from time, process, semantic and data perspectives, are extracted from the records obtained by IBdroid. Finally, an approach using user intention features is proposed to differentiate benign and malicious behaviors. In our evaluations, we correctly identify 333 out of 354 security-sensitive behaviors, achieving 96.43% precision and 91.53% recall, the experimental result demonstrates that our approach can effectively and accurately detect and block malicious behaviors of Android apps.

[1]  Huanguo Zhang,et al.  Research on android malware detection and interception based on behavior monitoring , 2012, Wuhan University Journal of Natural Sciences.

[2]  Peng Wang,et al.  AsDroid: detecting stealthy behaviors in Android applications by user interface and program behavior contradiction , 2014, ICSE.

[3]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.

[4]  Ricardo Baeza-Yates,et al.  Predicting The Next App That You Are Going To Use , 2015, WSDM.

[5]  Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security , 2014, CCS.

[6]  Zhong Chen,et al.  AutoCog: Measuring the Description-to-permission Fidelity in Android Applications , 2014, CCS.

[7]  Tao Xie,et al.  WHYPER: Towards Automating Risk Assessment of Mobile Applications , 2013, USENIX Security Symposium.

[8]  Tao Xie,et al.  AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[9]  Wenke Lee,et al.  Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting , 2015, NDSS.

[10]  Xuxian Jiang,et al.  Profiling user-trigger dependence for Android malware detection , 2015, Comput. Secur..

[11]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[12]  E N Jonsson,et al.  Xpose--an S-PLUS based population pharmacokinetic/pharmacodynamic model building aid for NONMEM. , 1999, Computer methods and programs in biomedicine.

[13]  Alessandra Gorla,et al.  Checking app behavior against app descriptions , 2014, ICSE.

[14]  Hongxia Jin,et al.  Towards Permission Request Prediction on Mobile Apps via Structure Feature Learning , 2015, SDM.