Analysis and Detection of Android App Privilege Escalation Vulnerability Based on Machine Learning
Android is currently playing an important role in smartphone operating systems. However, there are potential risks hidden in Android applications. One of them is application vulnerability, which can put users’ information in danger. In this paper, we investigate the machine learning techniques in identify one of the most common application vulnerabilities—privilege escalation vulnerability (referred as PE vulnerability). We propose a machine learning system for detecting PE vulnerability. Our method is component-based detection, which means a more granular method. In this way, we can not only identify App with problems, but also locate component with loopholes. We first analyze the principle of PE vulnerability’s formation process, and then propose an EMPC model according to key elements in the process. The model is used to select features in the following steps. Second, we apply machine learning techniques to build a classification model to classify samples. Seven classification algorithms are applied. The experiment results show that our method is feasible in detecting PE vulnerability in component-degree.
KeywordsAndroid app vulnerability Vulnerability model Machine learning
This work was supported by National Natural Science Foundation of China (No. U1536121, 61370195).
- 1.FreeBuf Report. http://www.freebuf.com/articles/paper/137072.html. Accessed June 2017
- 2.Maiorca, D., Mercaldo, F., Giacinto, G., et al.: R-packdroid: API package-based characterization and detection of mobile ransomware. In: Symposium on Applied Computing, pp. 1718–1723. ACM (2017)Google Scholar
- 3.Chen, S., Xue, M., Tang, Z., et al.: Stormdroid: a streaminglized machine learning-based system for detecting android malware, pp. 377–388 (2016)Google Scholar
- 4.Dimjašević, M., Atzeni, S., Ugrina, I., et al.: Evaluation of android malware detection based on system calls, pp. 1–8 (2016)Google Scholar
- 5.Chen, X., Peng, X., Li, J.-B., Peng, Y.: Overview of deep kernel learning based techniques and applications. J. Netw. Intell. 1(3), 83–98 (2016)Google Scholar
- 6.Grieco, G., Grinblat, G.L., Uzal, L., et al.: Toward large-scale vulnerability discovery using machine learning, pp. 85–96 (2016)Google Scholar
- 7.Younis, A., Malaiya, Y.K., Anderson, C., et al.: To fear or not to fear that is the question: code characteristics of a vulnerable function with an existing exploit. In: Conference on Data & Applications Security & Privacy, pp. 97–104. ACM (2016)Google Scholar
- 8.Gruver, B.: Smali: An assembler/disassembler for Android’s dex, July 2015. https://code.google.com/p/smali/