2018, Shweta Bhandari’s dissertation

Full text of the dissertation.

Abstract. With almost universal digital convergence, mobile devices provide an attractive attack surface for cyber thieves as the devices hold personal details and have potential capabilities for eavesdropping. Android is the most popular mobile operating system and hence, is the target of malicious hackers who use Android apps as a tool to gain access to private information. Academic researchers and commercial anti-malware companies are working vigorously to detect malicious apps by proposing detection tools. These tools fail when malicious behavior is scattered across more than one app. Also, the Android framework is not designed to protect the information that is going outside an app. In such a scenario, an individual app shall appear benign whereas it may leak private information in the presence of another specific app(s). This phenomenon of intentional data leakage is termed collusion, and the apps involved are termed colluding apps. In this thesis, we design and develop collusion analysis and detection techniques for Android malware. We also propose a formal methods based analysis for the detection of maliciousness causing inter-app information leakage. Currently, there is no standard app dataset available to verify efficacy and scalability of methods dealing with collusion detection. Therefore, we developed 64 wide-ranging apps exhibiting collusion as our benchmark dataset, now, available as open-source. We have also formally defined Dangerous Permissions, Sensitive API Calls, Inter-Component Communication Methods and Resource-Permission Map function that is further used to define Communication, Communication Path, Sensitive Communication Path and Application Collusion.