System Signals Monitoring and Processing for Colluded Application Attacks Detection in Android OS

Abstract

This paper investigates a novel colluded application attack's influence on the system's technological signals of an Android OS smartphone. This attack requires two or more applications to collaborate in order to bypass permission restriction mechanisms and leak private data. We implement this attack on a real stock Android OS smartphone and record such technological signals as overall memory consumption, CPU utilization, and CPU frequency. These recordings are studied in order to investigate the feasibility of their employment in building the attack classifiers. In developing those classifiers, we employed various machine learning techniques processing these technological signals. Such machine learning techniques as a feed-forward and long-short term memory neural networks were investigated and compared against each other. The results achieved are presented and analyzed.