Colluding Android Apps Detection via Model Checking

The application collusion attack is a new form of threat that is becoming widespread in mobile environment. This technique requires that two or more apps cooperate in some way with the aim to perform a malicious action that they are unable to perform independently. In this paper we present a method exploiting the model checking technique aimed to detect whether two or more apps are performing a collusion attack. We also propose a heuristic function able to reduce the number of the analyzed apps and to localize the collusion. The preliminary investigation has brought very promising results.

[1]  Atif M. Memon,et al.  Colluding Apps: Tomorrow's Mobile Malware Threat , 2015, IEEE Security & Privacy.

[2]  Thomas M. Chen,et al.  Automated generation of colluding apps for experimental research , 2017, Journal of Computer Virology and Hacking Techniques.

[3]  Ahmad-Reza Sadeghi,et al.  Towards Taming Privilege-Escalation Attacks on Android , 2012, NDSS.

[4]  Eric Medvet,et al.  Detecting Android malware using sequences of system calls , 2015, DeMobile@SIGSOFT FSE.

[5]  Antonella Santone,et al.  Identification of Android Malware Families with Model Checking , 2016, ICISSP.

[6]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[7]  Roberto Barbuti,et al.  Reduced Models for Efficient CCS Verification , 2005, Formal Methods Syst. Des..

[8]  Roberto Barbuti,et al.  LORETO: a tool for reducing state explosion in verification of LOTOS programs , 1999 .

[9]  Fabio Persia,et al.  Recognizing human behaviours in online social networks , 2018, Comput. Secur..

[10]  Vivek Sarkar,et al.  Automatic detection of inter-application permission leaks in Android applications , 2013, IBM J. Res. Dev..

[11]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[12]  Nguyen Hoang Nga,et al.  Towards Automated Android App Collusion Detection , 2016, IMPS@ESSoS.

[13]  Ke Xu,et al.  ICCDetector: ICC-Based Malware Detection on Android , 2016, IEEE Transactions on Information Forensics and Security.

[14]  Antonella Santone,et al.  A Model Checking based Proposal for Mobile Colluding Attack Detection , 2019, 2019 IEEE International Conference on Big Data (Big Data).

[15]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[16]  Gerardo Canfora,et al.  Mobile malware detection using op-code frequency histograms , 2015, 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE).

[17]  Antonella Santone,et al.  GreASE: A Tool for Efficient “Nonequivalence” Checking , 2014, TSEM.

[18]  Kim G. Larsen,et al.  CAAL: Concurrency Workbench, Aalborg Edition , 2015, ICTAC.

[19]  Flora Amato,et al.  Improving security in cloud by formal modeling of IaaS resources , 2017, Future Gener. Comput. Syst..

[20]  Antonella Santone,et al.  De novo reconstruction of gene regulatory networks from time series data, an approach based on formal methods. , 2014, Methods.

[21]  Hubert Ritzdorf,et al.  Analysis of the communication between colluding applications on modern smartphones , 2012, ACSAC '12.

[22]  Gerardo Canfora,et al.  LEILA: Formal Tool for Identifying Mobile Malicious Behaviour , 2019, IEEE Transactions on Software Engineering.

[23]  Antonella Santone,et al.  Ransomware Steals Your Phone. Formal Methods Rescue It , 2016, FORTE.

[24]  Colin Stirling,et al.  An Introduction to Modal and Temporal Logics for CCS , 1991, Concurrency: Theory, Language, And Architecture.

[25]  Antonella Santone,et al.  Deep learning for image-based mobile malware detection , 2020, Journal of Computer Virology and Hacking Techniques.

[26]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.