scholarly journals Multifeature-Based Behavior of Privilege Escalation Attack Detection Method for Android Applications

2020 ◽  
Vol 2020 ◽  
pp. 1-16 ◽  
Author(s):  
Limin Shen ◽  
Hui Li ◽  
Hongyi Wang ◽  
Yihuan Wang
Keyword(s):  
Process Algebra ◽  
Detection Method ◽  
Attack Detection ◽  
Multiple Features ◽  
Test Set ◽  
Behavior Detection ◽  
Attack Model ◽  
Application Behavior ◽  
Android Applications ◽  
Path Detection

This study proposed an application behavior-detection method based on multifeature and process algebra for detecting privilege escalation attacks in Android applications. The five features of application that constituted the attack were determined through an analysis of the privilege escalation attack model. On the basis of the extraction of multiple features, process algebra was used to build the application-behavior model and the attack model. Strong equivalence relation was used to verify the application behavior. Finally, dataflow path detection is conducted among the applications that can constitute privilege escalation attacks to determine those apps constituted a privilege escalation attack. The accuracy and effectiveness of the proposed method were verified using the DroidBench benchmark test and the test set that includes 55 APKs of 22 types.

scholarly journals Risk Measurement Method for Privilege Escalation Attacks on Android Apps Based on Process Algebra

Information ◽  
2020 ◽  
Vol 11 (6) ◽  
pp. 293
Author(s):  
Limin Shen ◽  
Hui Li ◽  
Hongyi Wang ◽  
Yihuan Wang ◽  
Jiayin Feng ◽  
...  
Keyword(s):  
Process Algebra ◽  
Information Leakage ◽  
Risk Measurement ◽  
Attack Behavior ◽  
Sensitive Data ◽  
Test Set ◽  
Attack Model ◽  
Android Apps ◽  
Dangerous Behavior ◽  
Measurement Function

On the Android platform, information leakage can use an application-layer privilege escalation attack composed of multi-app collusion. However, the detection effect of a single app that can construct privilege escalation attacks is not good. Furthermore, the existing software and app measurement methods are not applicable to the measurement of collusion privilege escalation attacks. We propose a method for measuring the risk of a single app by using process algebra to model and determine the attack behavior, and we construct a measurement function based on sensitive data transitions and the feature set of attack behavior. Through the analysis of the privilege escalation attack model, the feature set of attack behavior is obtained. Then, based on the extracted behavior feature set, process algebra is used to model the dangerous behavior of an app. The dangerous behavior of the app is determined by weak equivalence and non-equivalence, and finally the risk of the app is measured based on the measurement function. Three known applications are used to verify the attack, and the risk measurement values are above 0.98. Based on the classification of applications on the market, we select typical apps in each category to build the test set. Benchmark tests and test set experiments show that the risk measurement results are consistent with the actual detection results, verifying the feasibility and effectiveness of this method.

scholarly journals Examination of Abnormal Behavior Detection Based on Improved YOLOv3

Electronics ◽  
2021 ◽  
Vol 10 (2) ◽  
pp. 197
Author(s):  
Meng-ting Fang ◽  
Zhong-ju Chen ◽  
Krzysztof Przystupa ◽  
Tao Li ◽  
Michal Majka ◽  
...  
Keyword(s):  
Detection Method ◽  
Abnormal Behavior ◽  
Detection Accuracy ◽  
Average Precision ◽  
Research Results ◽  
Behavior Detection ◽  
Abnormal Behavior Detection ◽  
The Mean ◽  
Examination Room ◽  
Detection Speed

Examination is a way to select talents, and a perfect invigilation strategy can improve the fairness of the examination. To realize the automatic detection of abnormal behavior in the examination room, the method based on the improved YOLOv3 (The third version of the You Only Look Once algorithm) algorithm is proposed. The YOLOv3 algorithm is improved by using the K-Means algorithm, GIoUloss, focal loss, and Darknet32. In addition, the frame-alternate dual-thread method is used to optimize the detection process. The research results show that the improved YOLOv3 algorithm can improve both the detection accuracy and detection speed. The frame-alternate dual-thread method can greatly increase the detection speed. The mean Average Precision (mAP) of the improved YOLOv3 algorithm on the test set reached 88.53%, and the detection speed reached 42 Frames Per Second (FPS) in the frame-alternate dual-thread detection method. The research results provide a certain reference for automated invigilation.

scholarly journals A Novel Shilling Attack Detection Method

2014 ◽  
Vol 31 ◽  
pp. 165-174 ◽  
Author(s):  
Alper Bilge ◽  
Zeynep Ozdemir ◽  
Huseyin Polat
Keyword(s):  
Detection Method ◽  
Attack Detection ◽  
Shilling Attack ◽  
Shilling Attack Detection
Sign in / Sign up

Export Citation Format

Share Document