scholarly journals Risk Measurement Method for Privilege Escalation Attacks on Android Apps Based on Process Algebra

Information ◽  
2020 ◽  
Vol 11 (6) ◽  
pp. 293
Author(s):  
Limin Shen ◽  
Hui Li ◽  
Hongyi Wang ◽  
Yihuan Wang ◽  
Jiayin Feng ◽  
...  
Keyword(s):  
Process Algebra ◽  
Information Leakage ◽  
Risk Measurement ◽  
Attack Behavior ◽  
Sensitive Data ◽  
Test Set ◽  
Attack Model ◽  
Android Apps ◽  
Dangerous Behavior ◽  
Measurement Function

On the Android platform, information leakage can use an application-layer privilege escalation attack composed of multi-app collusion. However, the detection effect of a single app that can construct privilege escalation attacks is not good. Furthermore, the existing software and app measurement methods are not applicable to the measurement of collusion privilege escalation attacks. We propose a method for measuring the risk of a single app by using process algebra to model and determine the attack behavior, and we construct a measurement function based on sensitive data transitions and the feature set of attack behavior. Through the analysis of the privilege escalation attack model, the feature set of attack behavior is obtained. Then, based on the extracted behavior feature set, process algebra is used to model the dangerous behavior of an app. The dangerous behavior of the app is determined by weak equivalence and non-equivalence, and finally the risk of the app is measured based on the measurement function. Three known applications are used to verify the attack, and the risk measurement values are above 0.98. Based on the classification of applications on the market, we select typical apps in each category to build the test set. Benchmark tests and test set experiments show that the risk measurement results are consistent with the actual detection results, verifying the feasibility and effectiveness of this method.

scholarly journals Risk Measurement Method of Collusion Privilege Escalation Attacks for Android Apps Based on Feature Weight and Behavior Determination

2021 ◽  
Vol 2021 ◽  
pp. 1-18
Author(s):  
Hui Li ◽  
Limin Shen ◽  
Yuying Wang ◽  
Jiayin Feng ◽  
Honglei Tan ◽  
...  
Keyword(s):  
Measurement Method ◽  
Risk Measurement ◽  
Attack Behavior ◽  
Application Layer ◽  
Analytic Hierarchy ◽  
Android Apps ◽  
Measurement Function ◽  
Feature Weight ◽  
And Behavior ◽  
Hierarchy Process

To solve the issue of measuring the risk of the application-layer collusion privilege escalation attacks in Android apps, this paper proposed a risk measurement method based on the feature weight and behavior determination. Analytic hierarchy process (AHP) is used to calculate the weight of feature in the feature set extracted from the app. App behavior and attack behavior are modeled by process algebra. The weak equivalent and nonequivalent are introduced to determine the behavior of apps, whereas the measurement function is constructed to calculate the app risk measurement value. In an experiment with three known apps, the measurement values are 0.629, 1, and 0.976. These results are consistent with reality, and the effectiveness and feasibility of the proposed method are verified. Through the benchmark and test set experiments, it can be seen that the measurement value of apps that has weak equivalent to attack behavior is distributed between 0.0468 and 1, and the measurement value distribution is reasonable, which verifies the accuracy and rationality of the method.

scholarly journals Multifeature-Based Behavior of Privilege Escalation Attack Detection Method for Android Applications

2020 ◽  
Vol 2020 ◽  
pp. 1-16 ◽  
Author(s):  
Limin Shen ◽  
Hui Li ◽  
Hongyi Wang ◽  
Yihuan Wang
Keyword(s):  
Process Algebra ◽  
Detection Method ◽  
Attack Detection ◽  
Multiple Features ◽  
Test Set ◽  
Behavior Detection ◽  
Attack Model ◽  
Application Behavior ◽  
Android Applications ◽  
Path Detection

This study proposed an application behavior-detection method based on multifeature and process algebra for detecting privilege escalation attacks in Android applications. The five features of application that constituted the attack were determined through an analysis of the privilege escalation attack model. On the basis of the extraction of multiple features, process algebra was used to build the application-behavior model and the attack model. Strong equivalence relation was used to verify the application behavior. Finally, dataflow path detection is conducted among the applications that can constitute privilege escalation attacks to determine those apps constituted a privilege escalation attack. The accuracy and effectiveness of the proposed method were verified using the DroidBench benchmark test and the test set that includes 55 APKs of 22 types.

scholarly journals A first look at Android applications in Google Play related to COVID-19

2021 ◽  
Vol 26 (4) ◽  
Author(s):  
Jordan Samhi ◽  
Kevin Allix ◽  
Tegawendé F. Bissyandé ◽  
Jacques Klein
Keyword(s):  
Mobile Apps ◽  
Contact Tracing ◽  
Location Tracking ◽  
Response Effort ◽  
Sensitive Data ◽  
Android Apps ◽  
Digital World ◽  
Public Health Organizations ◽  
Android Applications ◽  
Google Play

AbstractDue to the convenience of access-on-demand to information and business solutions, mobile apps have become an important asset in the digital world. In the context of the COVID-19 pandemic, app developers have joined the response effort in various ways by releasing apps that target different user bases (e.g., all citizens or journalists), offer different services (e.g., location tracking or diagnostic-aid), provide generic or specialized information, etc. While many apps have raised some concerns by spreading misinformation or even malware, the literature does not yet provide a clear landscape of the different apps that were developed. In this study, we focus on the Android ecosystem and investigate Covid-related Android apps. In a best-effort scenario, we attempt to systematically identify all relevant apps and study their characteristics with the objective to provide a first taxonomy of Covid-related apps, broadening the relevance beyond the implementation of contact tracing. Overall, our study yields a number of empirical insights that contribute to enlarge the knowledge on Covid-related apps: (1) Developer communities contributed rapidly to the COVID-19, with dedicated apps released as early as January 2020; (2) Covid-related apps deliver digital tools to users (e.g., health diaries), serve to broadcast information to users (e.g., spread statistics), and collect data from users (e.g., for tracing); (3) Covid-related apps are less complex than standard apps; (4) they generally do not seem to leak sensitive data; (5) in the majority of cases, Covid-related apps are released by entities with past experience on the market, mostly official government entities or public health organizations.

scholarly journals Factors that Influence the Android Apps Permissions

2016 ◽  
Vol 1 (2) ◽  
pp. 59
Author(s):  
Normi Sham Awang Abu Bakar ◽  
Iqram Mahmud
Keyword(s):  
Not Given ◽  
Sensitive Data ◽  
Security Issues ◽  
Android Apps ◽  
Android Applications ◽  
Android Market ◽  
Malicious Apps ◽  
The Right ◽  
User Ratings ◽  
Average User

The Android Market is the official (and primary) storefor Android applications. The Market provides users with average user ratings, user reviews, descriptions, screenshots,and permissions to help them select applications. Generally, prior to installation of the apps, users need to agree on the permissions requested by the apps, they are not given any other option. Essentially, users may not aware on some security issues that may arise from the permissions. Some apps request the right to manipulate sensitive data, such as GPS location, photos, calendar, contact, email and files. In this paper, we explain the sources of sensitive data, what the malicious apps can do to the data, and apply the empirical software engineering analysis to find the factors that could potentially influence the permissions in Android apps. In addition, we also highlight top ten most implemented permissions in Android apps and also analyse the permissions for the apps categories in Android.

scholarly journals A Survey: Data Leakage Detection Techniques

2018 ◽  
Vol 8 (4) ◽  
pp. 2247
Author(s):  
K. S. Wagh
Keyword(s):  
Credit Card ◽  
Information Leakage ◽  
Leakage Detection ◽  
Sensitive Data ◽  
Detection Techniques ◽  
Personal Credit ◽  
Customer Information ◽  
Other Information ◽  
Effective System ◽  
Credit Card Data

Data is an important property of various organizations and it is intellectual property of organization. Every organization includes sensitive data as customer information, financial data, data of patient, personal credit card data and other information based on the kinds of management, institute or industry. For the areas like this, leakage of information is the crucial problem that the organization has to face, that poses high cost if information leakage is done. All the more definitely, information leakage is characterize as the intentional exposure of individual or any sort of information to unapproved outsiders. When the important information is goes to unapproved hands or moves towards unauthorized destination. This will prompts the direct and indirect loss of particular industry in terms of cost and time. The information leakage is outcomes in vulnerability or its modification. So information can be protected by the outsider leakages. To solve this issue there must be an efficient and effective system to avoid and protect authorized information. From not so long many methods have been implemented to solve same type of problems that are analyzed here in this survey.  This paper analyzes little latest techniques and proposed novel Sampling algorithm based data leakage detection techniques.

Privacy Information Leakage Prevention in Cognitive Social Mining Applications

2019 ◽  
pp. 188-212
Author(s):  
Suriya Murugan ◽  
Anandakumar H.
Keyword(s):  
Social Networks ◽  
Social Relations ◽  
Private Information ◽  
Online Social Networks ◽  
Information Leakage ◽  
User Profile ◽  
User Privacy ◽  
Sensitive Data ◽  
Data Set ◽  
Secure Information

Online social networks, such as Facebook are increasingly used by many users and these networks allow people to publish and share their data to their friends. The problem is user privacy information can be inferred via social relations. This chapter makes a study and performs research on managing those confidential information leakages which is a challenging issue in social networks. It is possible to use learning methods on user released data to predict private information. Since the main goal is to distribute social network data while preventing sensitive data disclosure, it can be achieved through sanitization techniques. Then the effectiveness of those techniques is explored, and the methods of collective inference are used to discover sensitive attributes of the user profile data set. Hence, sanitization methods can be used efficiently to decrease the accuracy of both local and relational classifiers and allow secure information sharing by maintaining user privacy.

scholarly journals Adversary for Social Good: Protecting Familial Privacy through Joint Adversarial Attacks

2020 ◽  
Vol 34 (07) ◽  
pp. 11304-11311
Author(s):  
Chetan Kumar ◽  
Riazat Ryan ◽  
Ming Shao
Keyword(s):  
Social Networks ◽  
Information Leakage ◽  
Personal Data ◽  
Huge Amount ◽  
Sensitive Data ◽  
Social Good ◽  
Face Images ◽  
Adversarial Attack ◽  
Graph Neural Networks ◽  
Family Privacy

Social media has been widely used among billions of people with dramatical participation of new users every day. Among them, social networks maintain the basic social characters and host huge amount of personal data. While protecting user sensitive data is obvious and demanding, information leakage due to adversarial attacks is somehow unavoidable, yet hard to detect. For example, implicit social relation such as family information may be simply exposed by network structure and hosted face images through off-the-shelf graph neural networks (GNN), which will be empirically proved in this paper. To address this issue, in this paper, we propose a novel adversarial attack algorithm for social good. First, we start from conventional visual family understanding problem, and demonstrate that familial information can easily be exposed to attackers by connecting sneak shots to social networks. Second, to protect family privacy on social networks, we propose a novel adversarial attack algorithm that produces both adversarial features and graph under a given budget. Specifically, both features on the node and edges between nodes will be perturbed gradually such that the probe images and its family information can not be identified correctly through conventional GNN. Extensive experiments on a popular visual social dataset have demonstrated that our defense strategy can significantly mitigate the impacts of family information leakage.

PDroid: Detecting Privacy Leakage on Android

2014 ◽  
Vol 556-562 ◽  
pp. 2658-2662 ◽  
Author(s):  
Pu Han Zhang ◽  
Jing Zhe Li ◽  
Shuai Shao ◽  
Peng Wang
Keyword(s):  
Data Flow ◽  
Programming Model ◽  
Flow Analysis ◽  
Prototype System ◽  
Sensitive Information ◽  
Sensitive Data ◽  
Data Flow Analysis ◽  
Call Graph ◽  
Android Apps ◽  
Privacy Leakage

The prevalence of Android makes it face the severe security threats from malicious apps. Many Android malware can steal users’ sensitive data and leak them out. The data flow analysis is a popular technique used to detect privacy leakages by tracking the sensitive information flow statically. In practice, an effective data flow analysis should employ inter-procedure information tracking. However, the Android event-driven programming model brings a challenge to construct the call graph (CG) for a target app. This paper presents a method which employs the inter-procedural and context-sensitive data flow analysis to detect privacy leakage in Android apps. To make the analysis accurate, a flow-sensitive and points-to call target analysis is employed to construct and improve the call graph. A prototype system, called PDroid, has been implemented and applied to some real malware. The experiment shows that our method can effective detect the privacy leakages cross multiple method call instances.

scholarly journals Identification of Information Leakage and Guilt Agent by using MAC-IP Binding and Recursive Partitioning Algorithm to Modulate the Uncertainty in the Organization’s Network

2019 ◽  
Vol 9 (1) ◽  
pp. 4091-4096
Keyword(s):  
Decision Tree ◽  
Recursive Partitioning ◽  
Information Leakage ◽  
Third Party ◽  
Sensitive Information ◽  
Sensitive Data ◽  
The Third ◽  
Partitioning Algorithm ◽  
The Third Party ◽  
Modern Era

In this modern era, all organizations depend on internet and data so, maintaining of all data is done by the third party in large organizations. But in this present on-developing world, one have to share the data inside or outside the organization which incorporates the sensitive data of the venture moreover. Data of the organization have sensitive data which should not share with any others but unfortunately, that data was there in the third party hands so; we need to protect the data and also have to identify the guilt agent. For this, we propose a model that would evaluate and correctly identifies guilt agents, for which a recursive partitioning has been created which is a decision tree that spills data in to the sub partitions and does the easiest way to get alert and at least one specialist or it can autonomously accumulate by some different means. The main intention of the model is to secure sensitive information by recognizing the leakage and distinguish the guilt agent.

scholarly journals Influencing User’s Behavior Concerning Android Privacy Policy: An Overview

2021 ◽  
Vol 2021 ◽  
pp. 1-19
Author(s):  
Ming Di ◽  
Shah Nazir ◽  
Fucheng Deng
Keyword(s):  
User Behavior ◽  
Third Party ◽  
Security And Privacy ◽  
Privacy Policy ◽  
Sensitive Data ◽  
Privacy And Security ◽  
Android Apps ◽  
Search Results ◽  
Privacy Risks ◽  
Work Done

The wide-ranging implementation of Android applications used in various devices, from smartphones to intelligent television, has made it thought-provoking for developers. The permission granting mechanism is one of the defects imposed by the developers. Such assessing of defects does not allow the user to comprehend the implication of privacy for granting permission. Mobile applications are speedily easily reachable to typical users of mobile. Despite possible applications for improving the affordability, availability, and effectiveness of delivering various services, it handles sensitive data and information. Such data and information carry considerable security and privacy risks. Users are usually unaware of how the data can be managed and used. Reusable resources are available in the form of third-party libraries, which are broadly active in android apps. It provides a diversity of functions that deliver privacy and security concerns. Host applications and third-party libraries are run in the same process and share similar permissions. The current study has presented an overview of the existing approaches, methods, and tools used for influencing user behavior concerning android privacy policy. Various prominent libraries were searched, and their search results were analyzed briefly. The search results were presented in diverse perspectives for showing the details of the work done in the area. This will help researchers to offer new solutions in the area of the research.

Sign in / Sign up

Export Citation Format

Share Document