Detecting Local Covert Channels Using Process Activity Correlation on Android Smartphones - Université d'Orléans Accéder directement au contenu
Article Dans Une Revue International Journal of Computer Systems Science & Engineering Année : 2017

Detecting Local Covert Channels Using Process Activity Correlation on Android Smartphones

Résumé

Modern malware threats utilize many advanced techniques to increase their stealthiness. To this aim, information hiding is becoming one of the preferred approaches, especially to exfiltrate data. However, for the case of smartphones, covert communications are primarily used to bypass the security framework of the device. The most relevant case is when two "colluding applications" cooperate to elude the security policies enforced by the underlying OS. Unfortunately, detecting this type of malware is a challenging task as well as a poorly generalizable process. In this paper, we propose a method for the detection of malware exploiting colluding applications. In more details, we analyze the correlation of processes to spot the unknown pair covertly exchanging information. Experimental results collected on an Android device showcase the effectiveness of the approach, especially to detect low-attention raising covert channels, i.e., those active when the user is not operating the smartphone.
Fichier non déposé

Dates et versions

hal-01302828 , version 1 (15-04-2016)

Identifiants

  • HAL Id : hal-01302828 , version 1

Citer

Marcin Urbanski, Wojciech Mazurczyk, Jean-François Lalande, Luca Caviglione. Detecting Local Covert Channels Using Process Activity Correlation on Android Smartphones. International Journal of Computer Systems Science & Engineering, 2017, 32 (2), pp.71-80. ⟨hal-01302828⟩
218 Consultations
0 Téléchargements

Partager

Gmail Facebook X LinkedIn More