Collusion Attacks Detection Among Android Applications

With the rapid development of mobile Internet,smart phones have become an indispensable part of people's daily life.Android is the most popular operating system in the smartphone market.In Android,applications exchange data through Inter-Component Communication(ICC),which can occur within a single application or among multiple applications.However,the ICC model brings not only convenience to component interaction between applications but also brings security problems.If the communication model is exploited by Android malicious programs,collusion attacks will occur among applications,which will lead to the leakage of user privacy information and bring huge losses and serious troubles to users.Therefore,the security of Android applications has become a very important issue in security research.Among the existing methods for analyzing the security of Android applications,most ones analyze a single application and are not suitable for analyzing collusion attacks among applications.Therefore,in view of the collusion attacks among applications on the Android platform,this paper proposes a method based on static and formal analyses.In this paper,we first preprocess the Android APK file,including decompile the APK file to get the AndroidManifest.xml file and extracting the APK file to get the classes.dex file.Then,based on the results obtained from the preprocessing operation,we carry out a static analysis with the APK file.The AndroidManifest.xml file and the classes.dex file are parsed to obtain ICC information such as components,intents,intent filters and permissions.We perform a static taint analysis on the APK file to get sensitive paths,and integrate the above five kinds of information to get the entity.Finally,a formal analysis is carried out based on the results of static analysis.The formal modeling language Alloy is used to model each entity and the communication process of Android application through intent.Alloy is also used to construct an assertion representing collusion attacks.After that,the Alloy Analyzer is used to detect the assertion and determine whether there is any collusion among applications.Then,the result is visually reported to the user.In order to verify the correctness and effectiveness of the method,a series of experiments have been designed and implemented.The experimental dataset covers 2,000 Android applications,including different categories of applications randomly downloaded from Google Play,the open source application market F-Droid,domestic third-party application market,and MalGenome.The method is evaluated from three aspects of automation,correctness and performance,and is compared with the methods which analysis single application and multiple applications.The final experimental results show the correctness and effectiveness of the collusion attacks detection method among Android applications in this paper.