Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/59604' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/59604' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Android Collusion: Detecting Malicious Applications Inter-Communication through SharedPreferences | IIT - CNR - Istituto di Informatica e Telematica
IIT Home Page CNR Home Page

Android Collusion: Detecting Malicious Applications Inter-Communication through SharedPreferences

The Android platform is currently targeted by malicious writers, continuously focused on the development of new types of attacks to extract sensitive and private information from our mobile devices. In this landscape, one recent trend is represented by the collusion attack. In a nutshell this attack requires that two or more applications are installed to perpetrate the malicious behaviour that is split in more than one single application: for this reason anti-malware are not able to detect this attack, considering that they analyze just one application at a time and that the single colluding application does not exhibit any malicious action. In this paper an approach exploiting model checking is proposed to automatically detect whether two applications exhibit the ability to perform a collusion through the SharedPreferences communication mechanism. We formulate a series of temporal logic formulae to detect the collusion attack from a model obtained by automatically selecting the classes candidate for the collusion, obtained by two heuristics we propose. Experimental results demonstrate that the proposed approach is promising in collusion application detection: as a matter of fact an accuracy equal to 0.99 is obtained by evaluating 993 Android applications.

Information, 2020

Autori esterni: Rosangela Casolare (Università degli Studi del Molise, Campobasso, Italia), Antonella Santone (Università degli Studi del Molise, Campobasso, Italia)
Autori IIT:

Tipo: Contributo in rivista ISI
Area di disciplina: Computer Science & Engineering

File: information-11-00304-v2 (3).pdf

Attività: Metodi formali per la sicurezza di sistemi ICT
Sicurezza di dispositivi mobili