Preventing Collusion Attack in Android

Preventing Collusion Attack in Android

Iman Kashefi1, Maryam Kassiri2, and Mazleena Salleh1

1Faculty of Computing, Universiti Teknologi Malaysia, Malaysia

2Faculty of Computer Engineering, Islamic Azad University, Iran

Abstract: Globally, the number of Smartphone users has risen above a billion, and most of users use them to do their day-today activities. Therefore, the security of smartphones turns to a great concern. Recently, Android as the most popular smartphone platform has been targeted by the attackers. Many severe attacks to Android are caused by malicious applications which acquire excessive privileges at install time. Moreover some applications are able to collude together in order to increase their privileges by sharing their permissions. This paper proposes a mechanism for preventing this kind of collusion attack on Android by detecting the applications which are able to share their acquired permissions. By applying the proposed mechanism on a set of 290 applications downloaded from the Android official market, Google Play, the number of detected applications which potentially are able to conduct malicious activities increased by 12.90% in compare to the existing detection mechanism. Results showed that there were 4 applications among the detected applications which were able to collude together in order to acquire excessive privileges and were totally ignored by the existing method.

 

Keywords: Android security, collusion attacks, colluding applications, over-privileged applications.

 

Received July 19, 2012; accepted September 27, 2012

Full Text

 

  
Read 1973 times Last modified on Sunday, 19 August 2018 06:10
Share
Top
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…