TY - GEN
T1 - Detecting Android Side Channel Probing Attacks Based on System States
AU - Lin, Qixiao
AU - Mao, Jian
AU - Shi, Futian
AU - Zhu, Shishi
AU - Liang, Zhenkai
N1 - Publisher Copyright:
© 2019, Springer Nature Switzerland AG.
PY - 2019
Y1 - 2019
N2 - Side channels are actively exploited by attackers to infer users’ privacy from publicly-available information on Android devices, where attackers probe the states of system components (e.g., CPU and memory), APIs, and device sensors (e.g., gyroscope and microphone). These information can be accessed by applications without any additional permission. As a result, traditional permission-based solutions cannot efficiently prevent/detect these probing attacks. In this paper, we systematically analyze the Android side-channel probing attacks, and observe that the high frequency sensitive data collecting operations from a malicious app caused continuous changes of its process states. Based on this observation, we propose SideGuard, a process-state-based approach to detect side-channel probing attacks. It monitors the process states of the applications and creates the corresponding behavior models described by feature vectors. Based on the application behavior models, we train and obtain classifiers to detect malicious app behaviors by using learning-based classification techniques. We prototyped and evaluated our approach. The experiment results demonstrate the effectiveness of our approach.
AB - Side channels are actively exploited by attackers to infer users’ privacy from publicly-available information on Android devices, where attackers probe the states of system components (e.g., CPU and memory), APIs, and device sensors (e.g., gyroscope and microphone). These information can be accessed by applications without any additional permission. As a result, traditional permission-based solutions cannot efficiently prevent/detect these probing attacks. In this paper, we systematically analyze the Android side-channel probing attacks, and observe that the high frequency sensitive data collecting operations from a malicious app caused continuous changes of its process states. Based on this observation, we propose SideGuard, a process-state-based approach to detect side-channel probing attacks. It monitors the process states of the applications and creates the corresponding behavior models described by feature vectors. Based on the application behavior models, we train and obtain classifiers to detect malicious app behaviors by using learning-based classification techniques. We prototyped and evaluated our approach. The experiment results demonstrate the effectiveness of our approach.
KW - Android system state
KW - Application behavior model
KW - Side-channel attack
KW - Supervised learning
UR - https://www.scopus.com/pages/publications/85068315605
U2 - 10.1007/978-3-030-23597-0_16
DO - 10.1007/978-3-030-23597-0_16
M3 - 会议稿件
AN - SCOPUS:85068315605
SN - 9783030235963
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 201
EP - 212
BT - Wireless Algorithms, Systems, and Applications - 14th International Conference, WASA 2019, Proceedings
A2 - Biagioni, Edoardo S.
A2 - Zheng, Yao
A2 - Cheng, Siyao
PB - Springer Verlag
T2 - 14th International Conference on Wireless Algorithms, Systems, and Applications, WASA 2019
Y2 - 24 June 2019 through 26 June 2019
ER -