Proposing Automatic Dataset Generation System to Support Android Sensitive Data Leakage Detection Systems
Authors: 
Nguyen Tan Cam, Nghi Hoang Khoa, Le Duc Thinh, Van-Hau Pham, 
Tuan NguyenAuthors Info & Claims
Nguyen Tan Cam, Nghi Hoang Khoa, Le Duc Thinh, Van-Hau Pham, Tuan NguyenAuthors Info & ClaimsPages 78 - 83
Abstract
Android sensitive information leakage datasets studies are still limited. Specifically, DroidBench dataset contains 120 case studies of which only 3 case studies are used for analyzing inter-application data flow. Therefore, increasing the number of case study of Android sensitive information leakage datasets is necessary to contribute to improving the accuracy of the evaluations of related research studies in the future. Besides this, the creation of datasets for the evaluation of systems for analyzing other components of the Android operating system such as Application Framework, Linux Kernel, ... is also necessary. In this paper, we propose a system that allows creation of test cases to assess sensitive information leakage detection systems on devices which are using Android operating systems. This system allows creating datasets containing case studies that cause sensitive data leakage not only in a chain of applications but also in the Application Framework component. Evaluation results show that the proposed system works stably with case studies which have a large number of application chains up to 1000 applications and 20 inter-application communication channels for each application pair.
References
[1]
Gartner. (2018). Gartner Says Worldwide Device Shipments Will Increase 2.1 Percent in 2018. Available: https://www.gartner.com/en/newsroom/press-releases/2018-01-29-gartner-says-worldwide-device-shipments-will-increase-2-point-1-percent-in-2018
[2]
IDC. (2018). Smartphone Market Share. Available: https://www.idc.com/promo/smartphone-market-share/os
[3]
F-Secure. (2014, May). Mobile Threat Report Q1 2014. Available: https://www.f-secure.com/documents/996508/1030743/Mobile_Threat_Report_Q1_2014.pdf
[4]
Semantec. (2015, May). 2015 Internet Security Threat Report, Volume 20 Available: http://www.symantec.com/security_response/publications/threatreport.jsp
[5]
Symantec. (2016). Internet Security Threat Report, VOLUME 21, APRIL 2016. Available: https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf
[6]
L. Li, A. Bartel, T. Bissyande, J. Klein, Y. L. Traon, S. Arzt, et al., "IccTA: Detecting Inter-Component Privacy Leaks in Android Apps," presented at the The 37th International Conference on Software Engineering (ICSE), Firenze, Italy, 2015.
[7]
W. Klieber, L. Flynn, A. Bhosale, L. Jia, and L. Bauer, "Android taint flow analysis for app sets," presented at the Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis, Edinburgh, United Kingdom, 2014.
[8]
L. Li, A. Bartel, T. Bissyandé, J. Klein, and Y. Traon, "ApkCombiner: Combining Multiple Android Apps to Support Inter-App Analysis," in ICT Systems Security and Privacy Protection. vol. 455, H. Federrath and D. Gollmann, Eds., ed: Springer International Publishing, 2015, pp. 513--527.
[9]
C. Zheng, S. Zhu, S. Dai, G. Gu, X. Gong, X. Han, et al., "SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications," presented at the Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices, Raleigh, North Carolina, USA, 2012.
[10]
A. Feizollah, N. B. Anuar, R. Salleh, G. Suarez-Tangil, and S. Furnell, "Androdialysis: Analysis of android intent effectiveness in malware detection," computers & security, vol. 65, pp. 121--134, 2017.
[11]
F. Liu, H. Cai, G. Wang, D. Yao, K. O. Elish, and B. G. Ryder, "Prioritized Analysis of Inter-App Communication Risks," presented at the Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, Scottsdale, Arizona, USA, 2017.
[12]
Cve. (2019, Jan 15). Common Vulnerabilities and Exposures - Android. Available: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Android
[13]
E. SPRIDE. (2018, March 10). DroidBench -- Benchmarks. Available: http://sseblog.ec-spride.de/tools/droidbench/
[14]
Y. Z. X. Jiang. (2012, Sep 10,). Android Malware Genome Project Available: http://www.malgenomeproject.org/
[15]
K. Allix, T. F. Bissyandé, J. Klein, and Y. Le Traon, "Androzoo: Collecting millions of android apps for the research community," in Mining Software Repositories (MSR), 2016 IEEE/ACM 13th Working Conference on, 2016, pp. 468--471.
[16]
J. Mitra and V.-P. Ranganath, "Ghera: A Repository of Android App Vulnerability Benchmarks," in Proceedings of the 13th International Conference on Predictive Models and Data Analytics in Software Engineering, 2017, pp. 43--52.
[17]
F. Wei, S. Roy, X. Ou, and Robby, "Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps," ACM Trans. Priv. Secur., vol. 21, pp. 1--32, 2018.
[18]
Z. Yuan, Y. Lu, and Y. Xue, "Droiddetector: android malware characterization and detection using deep learning," Tsinghua Science and Technology, vol. 21, pp. 114--123, 2016.
[19]
P. Faruki, V. Laxmi, A. Bharmal, M. S. Gaur, and V. Ganmoor, "AndroSimilar: Robust signature for detecting variants of Android malware," Journal of Information Security and Applications, vol. 22, pp. 66--80, 2015.
[20]
Y. Liu, L. Zhang, and X. Huang, "Using G Features to Improve the Efficiency of Function Call Graph Based Android Malware Detection," Wireless Personal Communications, vol. 103, pp. 2947--2955, 2018.
[21]
J. Blasco and T. M. Chen, "Automated generation of colluding apps for experimental research," Journal of Computer Virology and Hacking Techniques, pp. 1--12, 2018.
[22]
S. Rasthofer, S. Arzt, and E. Bodden, "A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks," 2014.
[23]
N. T. Cam, P. Hau, and T. Nguyen, "Android Security Analysis Based on Inter-application Relationships," in Information Science and Applications (ICISA) 2016, J. K. Kim and N. Joukov, Eds., ed Singapore: Springer Singapore, 2016, pp. 689--700.
[24]
N. T. Cam, V.-H. Pham, and T. Nguyen, "Sensitive data leakage detection in pre-installed applications of custom Android firmware," in 2017 18th IEEE International Conference on Mobile Data Management (MDM), 2017, pp. 340--343.
Index Terms
- Proposing Automatic Dataset Generation System to Support Android Sensitive Data Leakage Detection Systems
Recommendations
Detecting sensitive data leakage via inter-applications on Android using a hybrid analysis technique
AbstractIn this study, we present the uitHyDroid system, which allows the detection of sensitive data leakage via multi-applications using hybrid analysis. uitHyDroid uses static analysis to collect user interface elements that must interact to illuminate ...
Vetting undesirable behaviors in android apps with permission use analysis
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications securityAndroid platform adopts permissions to protect sensitive resources from untrusted apps. However, after permissions are granted by users at install time, apps could use these permissions (sensitive resources) with no further restrictions. Thus, recent ...
Android's Sensitive Data Leakage Detection Based on API Monitoring
MINES '13: Proceedings of the 2013 Fifth International Conference on Multimedia Information Networking and SecurityDue to the openness of Android, more and more malware has exploded, and constitutes a huge security threat to Android-based smartphones. This paper proposes a mechanism to study sensitive data leakage by analyzing sensitive APIs, decompiles Android APK ...
Comments
Information & Contributors
Information
Published In
April 2019
267 pages
ISBN:9781450361064
DOI:10.1145/3330482
Copyright © 2019 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 19 April 2019
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- This research is funded by University of Information Technology ? Vietnam National University HoChiMinh City under grant number D1-2018-07
Conference
ICCAI '19
ICCAI '19: 2019 5th International Conference on Computing and Artificial Intelligence
April 19 - 22, 2019
Bali, Indonesia
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 94Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)0
Reflects downloads up to 10 Aug 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in