SIAT: A Systematic Inter-Component Communication Analysis Technology for Detecting Threats on Android

by   Yupeng Hu, et al.

In this paper, we present the design and implementation of a Systematic Inter-Component Communication Analysis Technology (SIAT) consisting of two key modules: Monitor and Analyzer. As an extension to the Android operating system at framework layer, the Monitor makes the first attempt to revise the taint tag approach named TaintDroid both at method-level and file-level, to migrate it to the app-pair ICC paths identification through systemwide tracing and analysis of taint in intent both at the data flow and control flow. By taking over the taint logs offered by the Monitor, the Analyzer can build the accurate and integrated ICC models adopted to identify the specific threat models with the detection algorithms and predefined rules. Meanwhile, we employ the models' deflation technology to improve the efficiency of the Analyzer. We implement the SIAT with Android Open Source Project and evaluate its performance through extensive experiments on well-known datasets and real-world apps. The experimental results show that, compared to state-of-the-art approaches, the SIAT can achieve about 25%∼200% accuracy improvements with 1.0 precision and 0.98 recall at the cost of negligible runtime overhead. Moreover, the SIAT can identify two undisclosed cases of bypassing that prior technologies cannot detect and quite a few malicious ICC threats in real-world apps with lots of downloads on the Google Play market.


page 1

page 2

page 3

page 4


Android Inter-App Communication Threats, Solutions, and Challenges

Researchers and commercial companies have made a lot of efforts on detec...

Divide and Conquer: Recovering Contextual Information of Behaviors in Android Apps around Limited-quantity Audit Logs

Android users are now suffering serious threats from various unwanted ap...

IIFA: Modular Inter-app Intent Information Flow Analysis of Android Applications

Android apps cooperate through message passing via intents. However, whe...

CryptoEval: Evaluating the Risk of Cryptographic Misuses in Android Apps with Data-Flow Analysis

The misunderstanding and incorrect configurations of cryptographic primi...

TriggerZoo: A Dataset of Android Applications Automatically Infected with Logic Bombs

Many Android apps analyzers rely, among other techniques, on dynamic ana...

SCLib: A Practical and Lightweight Defense against Component Hijacking in Android Applications

Cross-app collaboration via inter-component communication is a fundament...

Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps

One prominent tactic used to keep malicious behavior from being detected...

Please sign up or login with your details

Forgot password? Click here to reset