The Research Of Android Privilege Escalation Attack Detecting Techniques

In recent years, with the rapid development of mobile internet, smart phone grows popular and becomes the leading device connected to the Internet taking the place of computer. Among them, smart phone with Android based on Linux kernel develops most rapidly. Smart phone application market is also growing prosperity, but security issues caused by malware are increasing serious. Android as the first open source mobile operating system, its openness has brought serious security risks, such as malicious chargeback, privacy theft and system damage, and gives users a great loss. Therefore, the research of Android security mechanism and malware detection technology has a very important practical significance.This paper analyzed the system architecture and security mechanism of Android platform, elaborated privilege escalation attack model with action execution deputy attack and privacy theft deputy attack as examples, and figured out the lack of security mechanism of Android platform and suggestions for improvement of it. By comparing existing malware detection techniques of Android platform and analyzing the lack of these techniques to detect privilege escalation attack, this paper combined with the latest capability leak path detection idea, increased the support on dynamic registration component and added more safety rules. This paper carried out a system design, implementation and verification for privilege escalation attack detection program.This detection system is divided into three modules:Android application reverse engineering module, risk components detection module and capability leak path detection module. Android application reverse engineering module generates configuration file and source code by decompiling Android application. Risk components detection module parses the configuration file and analyzes the risk components of privilege escalation attack. Capability leak path detection module analyzes the source code by lexical analysis, syntax analysis and generates an abstract syntax tree to find the key APIs and the flow of sensitive data, for detecting a privilege escalation attack path. Finally, this paper gave a sample test for detection system. For the security vulnerabilities of action execution deputy attack and privacy theft deputy attack, do a manual analysis validation and write malicious code to do a privilege escalation attack by exploiting the security vulnerability.