Experimenting Similarity-Based Hijacking Attacks Detection and Response in Android Systems

  • Anis Bkakria
  • Mariem Graa
  • Nora Cuppens-Boulahia
  • Frédéric Cuppens
  • Jean-Louis Lanet
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10717)


Hacker can launch hijacking attacks in Android systems to steal personal information of the targeted user. He/She stealthily injects into the foreground a hijacking Activity indistinguishable from the user interface at the right timing. Hijacking attacks take advantage of the user trust that this interface is real. Therefore, the hacker has chance to acquire user private information. In this paper, we compare user interfaces similarity between victim and hacking activities. Our approach has been proved to be effective in detecting Activity hijacking attacks with reasonable performance overheads and number of false positives. In the worst case, our solution generates 4.2% of false positives and incurs only \(0.39\%\) performance overhead on a CPU-bound micro-benchmark.


  1. 1.
  2. 2.
    Cumulative number of apps downloaded from the Google play as of May 2016 (in billions).
  3. 3.
    Bianchi, A., Corbetta, J., Invernizzi, L., Fratantonio, Y., Kruegel, C., Vigna, G.: What the app is that? Deception and countermeasures in the Android user interface. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 931–948. IEEE (2015)Google Scholar
  4. 4.
    Bkakria, A., Mariem, G., Cuppens-Boulahia, N., Cuppens, F., Lanet, J.L.: Realtime detection and reaction to activity hijacking attacks in Android smartphones. In: 15th International Conference on Privacy, Security and Trust (PST). IEEE, August 2017, to appearGoogle Scholar
  5. 5.
    Chen, Q.A., Qian, Z., Mao, Z.M.: Peeking into your app without actually seeing it: UI state inference and novel android attacks. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 1037–1052 (2014)Google Scholar
  6. 6.
    Pendragon Software Corporation: Caffeinemark 3.0 (1997).
  7. 7.
    Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)CrossRefGoogle Scholar
  8. 8.
    F-secure: Warning on possible Android mobile trojans (2010).
  9. 9.
    Felt, A.P., Wagner, D.: Phishing on mobile devices (2011)Google Scholar
  10. 10.
    Forbes: Alleged “nazi” Android FBI ransomware mastermind arrested in Russia (2015).
  11. 11.
  12. 12.
    Kitayama, S., Duffy, S., Kawamura, T., Larsen, J.T.: Perceiving an object and its context in different cultures a cultural look at new look. Psychol. Sci. 14(3), 201–206 (2003)CrossRefGoogle Scholar
  13. 13.
    Lin, C.C., Li, H., Zhou, X.Y., Wang, X.: Screenmilker: how to milk your Android screen for secrets. In: NDSS (2014)Google Scholar
  14. 14.
    Malisa, L., Kostiainen, K., Capkun, S.: Detecting mobile application spoofing attacks by leveraging user visual similarity perceptionGoogle Scholar
  15. 15.
    Marforio, C., Masti, R.J., Soriente, C., Kostiainen, K., Capkun, S.: Personalized security indicators to detect application phishing attacks in mobile platforms. arXiv preprint arXiv:1502.06824 (2015)
  16. 16.
    Simon, S.J.: The impact of culture and gender on web sites: an empirical study. DATA BASE 32(1), 18–37 (2001). CrossRefGoogle Scholar
  17. 17.
    Sun, M., Li, M., Lui, J.: DroidEagle: seamless detection of visually similar Android apps. In: Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, p. 9. ACM (2015)Google Scholar
  18. 18.
    Trends, D.: Do not use imessage chat for Android, it’s not safe (2013).

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Anis Bkakria
    • 1
  • Mariem Graa
    • 1
  • Nora Cuppens-Boulahia
    • 1
  • Frédéric Cuppens
    • 1
  • Jean-Louis Lanet
    • 2
  1. 1.IMT AtlantiqueCesson SévignéFrance
  2. 2.Campus de beaulieuRennesFrance

Personalised recommendations