Design and Implementation of Privilege Escalation Attack Detecting System Based on Android Platform

doi:10.3969/j.issn.1671-1122.2016.02.003

Abstract

Abstract:

Along with the rapid development of Android mobile operation system, its security issue has taken attentions. In the Android, it is necessary to apply the authorities to the system for sensitive operations. Although some system modules related to authority control have been designed in the Android, the attackers still can use the system vulnerabilities or third party program vulnerabilities to carry out the privilege escalation attack, and then illegally use some functions beyond their application permissions. This kind of attack is not only a great threat to the security of the system, but also has the feature of concealment. Based on the analysis and innovation on the past research, this paper proposes a new light weight method for detecting the privilege escalation attack, which uses the control flow detection and Android sensitive authority dictionary matching. In addition, detection software with high degree of automation and high detection efficiency is designed and implemented on the basis of privilege escalation attack detecting method.

Key words: privilege escalation attack, detection, Android, control flow, authority dictionary

CLC Number:

TP309

Tao ZHANG, Bei PEI, Weiping WEN, Zhong CHEN. Design and Implementation of Privilege Escalation Attack Detecting System Based on Android Platform[J]. Netinfo Security, 2016, 16(2): 15-21.

Figures/Tables 9

References 14

[1]	360互联网安全中心.2015年第三季度中国手机安全状况报告[EB/OL]. , 2015-10-22.
[2]	ONGTANG M, MCLAUGHLIN S, ENCK W, et al.Semantically Rich Application-centric Security in Android[J]. Security and Communication Networks,2012,5(6) : 658-673.
[3]	廖明华,郑力明.Android 安全机制分析与解决方案初探[J].科学技术与工程,2009,26(11):6351-6354.
[4]	ENCK W, ONGTANG M, MCDANIEL P.Understanding Android Security[J].IEEE Security & Privacy, 2009 , 7(1) : 53-54.
[5]	SHABTAI A,KANONOV U,ELOVICI Y.Intrusion Detection on Mobile Devices Using the Knowledge Based Temporal-abstraction Method[J]. Systems and Software, 2010, 83(8) :1527-1536.
[6]	张帆,钟章队. 基于权限分析的手机恶意软件检测与防范[J]. 信息网络安全,2015(10):66-73.
[7]	SHABTAI A, FLEDEL Y, ELOVICI Y, et al.Using the KBTA Method for Inferring Computer and Network Security Alerts from Timestamped, Rawsystem Metrics[J]. Computer Virology, 2009, 8(3): 267-298.
[8]	闫梅, 彭新光. 基于Android安全机制的权限检测系统[J] . 计算机工程与设计,2013,34(3):854-858.
[9]	DAVI L,DMITRIENKO A,SADEGHI A R, et al.Privilege Escalation Attacks on Android[M]. Berlin : Springer, 2011.
[10]	FELT A P, GREENWOOD K, WAGNER D. The Effectiveness of Install-time Permission Systems for Third-party Applications[EB/OL]., 2010-12-3.
[11]	刘智伟,孙其博. 基于权限管理的Android应用行为检测[J]. 信息网络安全,2014(6):72-77.
[12]	DIETZ M, SHASHI S, et al. Quire: Lightweight Provenance for Smart Phone Operating Systems[J]. Computing Research Repository, 2011, abs/1102(2) : 2334.
[13]	于达. 一种针对Android系统提权攻击的检测方法研究与实现[D].北京:北京大学,2013.
[14]	张金鑫,杨晓辉. 基于权限分析的Android应用程序检测系统[J]. 信息网络安全,2014(7):30-34.

[1]	Rong WANG, Chunguang MA, Peng WU. An Intrusion Detection Method Based on Federated Learning and Convolutional Neural Network [J]. Netinfo Security, 2020, 20(4): 47-54.
[2]	Lingyu BIAN, Linlin ZHANG, Kai ZHAO, Fei SHI. Ethereum Malicious Account Detection Method Based on LightGBM [J]. Netinfo Security, 2020, 20(4): 73-80.
[3]	Zhiyan ZHAO, Xiaomo JI. Research on the Intelligent Fusion Model of Network Security Situation Awareness [J]. Netinfo Security, 2020, 20(4): 87-93.
[4]	Zhaojun GU, Yitong REN, Chunbo LIU, Zhi WANG. Intranet Log Anomaly Detection Model Based on Conformal Prediction [J]. Netinfo Security, 2020, 20(3): 45-50.
[5]	Wenhua LUO, Caidian XU. Network Intrusion Detection Based on Improved MajorClust Clustering [J]. Netinfo Security, 2020, 20(2): 14-21.
[6]	Zongping LÜ, Chundi ZHAO, Zhaojun GU, Jingxian ZHOU. Dynamic Detection of Ransomware Based on Stacking Model Fusion [J]. Netinfo Security, 2020, 20(2): 57-57.
[7]	Hao ZHANG, Long CHEN, Zhiqiang WEI. Abnormal Traffic Detection Technology Based on Data Augmentation and Model Update [J]. Netinfo Security, 2020, 20(2): 66-74.
[8]	Tao JING, Wei WAN. Research on a P2P Network Communication Behavior Analytical Method for Status Migration Attribute-oriented [J]. Netinfo Security, 2020, 20(1): 16-25.
[9]	Liuyang HOU, Senlin LUO, Limin PAN, Ji ZHANG. Multi-feature Android Malware Detection Method [J]. Netinfo Security, 2020, 20(1): 67-74.
[10]	Xiaoran LI, Rong HAO, Jia YU. Certificateless Provable Data Possession with Data Uploading Control [J]. Netinfo Security, 2020, 20(1): 83-88.
[11]	Xin SONG, Kai ZHAO, Linlin ZHANG, Wenbo FANG. Research on Android Malware Detection Based on Random Forest [J]. Netinfo Security, 2019, 19(9): 1-5.
[12]	Jian KANG, Jie WANG, Zhengxu LI, Guangda ZHANG. A Model for Anomaly Intrusion Detection with Different Feature Extraction Strategies in IoT [J]. Netinfo Security, 2019, 19(9): 21-25.
[13]	Like CHEN, Shuhua RUAN, Xingshu CHEN, Haizhou WANG. Research on Intelligent Detection of Social Media Robot Accounts [J]. Netinfo Security, 2019, 19(9): 96-100.
[14]	Wenying FENG, Xiaobo GUO, Yuanye HE, Cong XUE. Intrusion Detection Model Based on Feedforward Neural Network [J]. Netinfo Security, 2019, 19(9): 101-105.
[15]	Liangchen CHEN, Baoxu LIU, Shu GAO. Research on Traffic Data Sampling Technology in Network Attack Detection [J]. Netinfo Security, 2019, 19(8): 22-28.