Go to DBLP homepageA Framework for Detecting Hidden Partners in App Collusion
Abstract: Nowadays, in Android ecosystem, to bypass current malware detections, adversaries often distribute the malicious and sensitive functions into different apps. These apps collude to conduct some malicious activities, such as illegally collecting the user’s sensitive data. To further understand the harm of app collusion, we conduct a real-world study. Besides the simple collusion case with two apps, which has been well studied, there are also some complicated collusion cases that have seldom been studied but would greatly endanger users’ privacy. These cases can be categorized into N-to-1 collusion, 1-to-N collusion, and chain-based collusion. To deal with such complicated collusion attacks and detect the hidden partners, a detection framework CSCdroid was proposed. CSCdroid obtains sensitive data flow and static features such as ICC (Inter-Component Communication) channels in apps through static analysis. Then it detects potential collusion apps by data flow linking. To show the effectiveness of CSCdroid, we apply it to the app dataset provided by DroidBench, and its F1 score can reach 0.91, which is better than the current existing work Amandroid and DIALDroid. We conduct experiments on a real-world app dataset (4,100 apps) with CSCdroid, and results show that 73 apps leak the user’s sensitive data. Some of the 73 apps present complex collusion scenarios with other apps. These complex collusion scenarios can result in the aggregation of sensitive information within an app, posing a significant threat to user privacy.
External IDs:dblp:conf/trustcom/GuanDWYL24
Loading