| With the prevalence of mobile devices, Android operating system achieved a great success for its excellent performance. However, Android has also become the target of many malicious applications. In order to restrict the behaviors of applications, a permission mechanism is designed for Android. However, this mechanism is flawed: Once a permission is granted, the app will be able to use this permission without user’s intentions, which may result in the disclosure of users’personal information. This is called permission abuse attack, which has become a research focus in Android security.In the view of detection of permission abuse attack, the technical background of Android system is introduced firstly. Android permission mechanism and its flaws are highlighted in this introduction. Then the traditional software analysis techniques (both static and dynamic) are introduced. Next, we analyzed the limitations of traditional software analysis techniques when detecting permission abuse attacks.In the view of the limitations of traditional software analysis techniques, and the characteristics of Android permission abuse attacks, two parts of research work are followed.Firstly, we researched on the basic principles of Android permission abuse attacks, and the core idea of detecting this attacks. The behaviors of benign applications are mostly triggered by the user, the software behaviors are highly related with user operations. However, in applications which contain permission abuse attack behaviors, the relation between software behaviors and user operations is rather low. Permission abuse attacks can be detected using this relation.Secondly, The DroidDect system is designed and implemented. DroidDect system is based on dynamic detection method and association analysis. Two kinds of data are collected by customizing Android system source code, the application behavior data and the user GUI operation data. After getting these data, DroidDect will calculate the confidence between them based on association analysis. The confidence threshold was obtained by testing benign applications. Detection results will be obtained by comparing the confidence of application detected and the confidence threshold.Finally, the DroidDect system is evaluated through experiments. The results show that there is a large gap between the confidence of benign applications and apps which contain permission abuse attack codes. Certain types of permission abuse attacks (Record, Camera, Sensor and Location) can be effectively detected by DroidDect through comparing the confidence gap. Additionally, we found the overhead of DroidDect is subtle from the results of performance test. |
PDF Full Text Request