基于异常的android mediasserver漏洞探索性分析与检测

Guillermo Suarez-Tangil, Santanu Kumar Dash, P. García-Teodoro, J. Camacho, L. Cavallaro
{"title":"基于异常的android mediasserver漏洞探索性分析与检测","authors":"Guillermo Suarez-Tangil, Santanu Kumar Dash, P. García-Teodoro, J. Camacho, L. Cavallaro","doi":"10.1049/iet-ifs.2017.0460","DOIUrl":null,"url":null,"abstract":"Smartphone platforms are becoming increasingly complex, which gives way to software vulnerabilities difficult to identify and that might allow malware developers to gain unauthorised privileges through technical exploitation. However, the authors maintain that these types of attacks indirectly renders a number of unexpected behaviours in the system that can be profiled. In this work, the authors present CoME\n, an anomaly-based methodology aiming at detecting software exploitation in Android systems. CoME\n models the normal behaviour of a given software component or service and it is capable of identifying any unanticipated behaviour. To this end, they first monitor the normal operation of a given exploitable component through lightweight virtual introspection. Then, they use a multivariate analysis approach to estimate the normality model and detect anomalies. They evaluate their system against one of the most critical vulnerable and widely exploited services in Android, i.e. the mediaserver. Results show that the proposed approach can not only provide a meaningful explanatory of discriminant features for illegitimate activities, but can also be used to accurately detect malicious software exploitations at runtime.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"4 1","pages":"404-413"},"PeriodicalIF":0.0000,"publicationDate":"2018-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Anomaly-based exploratory analysis and detection of exploits in android mediaserver\",\"authors\":\"Guillermo Suarez-Tangil, Santanu Kumar Dash, P. García-Teodoro, J. Camacho, L. Cavallaro\",\"doi\":\"10.1049/iet-ifs.2017.0460\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Smartphone platforms are becoming increasingly complex, which gives way to software vulnerabilities difficult to identify and that might allow malware developers to gain unauthorised privileges through technical exploitation. However, the authors maintain that these types of attacks indirectly renders a number of unexpected behaviours in the system that can be profiled. In this work, the authors present CoME\\n, an anomaly-based methodology aiming at detecting software exploitation in Android systems. CoME\\n models the normal behaviour of a given software component or service and it is capable of identifying any unanticipated behaviour. To this end, they first monitor the normal operation of a given exploitable component through lightweight virtual introspection. Then, they use a multivariate analysis approach to estimate the normality model and detect anomalies. They evaluate their system against one of the most critical vulnerable and widely exploited services in Android, i.e. the mediaserver. Results show that the proposed approach can not only provide a meaningful explanatory of discriminant features for illegitimate activities, but can also be used to accurately detect malicious software exploitations at runtime.\",\"PeriodicalId\":13305,\"journal\":{\"name\":\"IET Inf. Secur.\",\"volume\":\"4 1\",\"pages\":\"404-413\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-04-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IET Inf. Secur.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1049/iet-ifs.2017.0460\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Inf. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1049/iet-ifs.2017.0460","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5

摘要

智能手机平台正变得越来越复杂,这给难以识别的软件漏洞让路,这可能使恶意软件开发人员通过技术利用获得未经授权的特权。然而,作者坚持认为,这些类型的攻击间接地在系统中呈现了许多可以被分析的意外行为。在这项工作中,作者提出了CoME,一种基于异常的方法,旨在检测Android系统中的软件利用。CoME为给定软件组件或服务的正常行为建模,并且能够识别任何意外行为。为此,它们首先通过轻量级虚拟自省监视给定可利用组件的正常操作。然后,他们使用多变量分析方法来估计正态性模型并检测异常。他们针对Android中最脆弱和被广泛利用的服务之一(即mediaserver)来评估他们的系统。结果表明,该方法不仅可以对非法活动的判别特征提供有意义的解释,而且可以用于在运行时准确检测恶意软件利用。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Anomaly-based exploratory analysis and detection of exploits in android mediaserver
Smartphone platforms are becoming increasingly complex, which gives way to software vulnerabilities difficult to identify and that might allow malware developers to gain unauthorised privileges through technical exploitation. However, the authors maintain that these types of attacks indirectly renders a number of unexpected behaviours in the system that can be profiled. In this work, the authors present CoME , an anomaly-based methodology aiming at detecting software exploitation in Android systems. CoME models the normal behaviour of a given software component or service and it is capable of identifying any unanticipated behaviour. To this end, they first monitor the normal operation of a given exploitable component through lightweight virtual introspection. Then, they use a multivariate analysis approach to estimate the normality model and detect anomalies. They evaluate their system against one of the most critical vulnerable and widely exploited services in Android, i.e. the mediaserver. Results show that the proposed approach can not only provide a meaningful explanatory of discriminant features for illegitimate activities, but can also be used to accurately detect malicious software exploitations at runtime.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信