Smartphones, tablets and other mobile devices have become objects that we can no longer do without, as a matter of fact for us they are like an extension of our body and many people are addicted to them; this behavior is a consequence of the use we make of it, since these devices allow us to manage sensitive data (i.e., financial ones) and access information of different types (i.e., photos, messages or health data). For this reason it is essential to detect the harmful behaviors present within our smartphones, taking into account the weaknesses of the current anti-malware mechanisms. In this article we propose an approach capable of discriminating trusted applications from those that instead have malicious behavior, since they are involved in a colluding attack. We resort to the processing of the audio signal extracted from the conversion of an application into an audio file. The processing allows to generate a vector of characteristics to be analyzed with different classifiers. The experimental analysis is performed on a set of Android applications consisting of 359 trusted and (colluding) untrusted applications, showing the effectiveness of our method in detecting colluding applications.
Android collusion detection by means of audio signal analysis with machine learning techniques
Casolare R.;Di Giacomo U.;Mercaldo F.;Santone A.
2021-01-01
Abstract
Smartphones, tablets and other mobile devices have become objects that we can no longer do without, as a matter of fact for us they are like an extension of our body and many people are addicted to them; this behavior is a consequence of the use we make of it, since these devices allow us to manage sensitive data (i.e., financial ones) and access information of different types (i.e., photos, messages or health data). For this reason it is essential to detect the harmful behaviors present within our smartphones, taking into account the weaknesses of the current anti-malware mechanisms. In this article we propose an approach capable of discriminating trusted applications from those that instead have malicious behavior, since they are involved in a colluding attack. We resort to the processing of the audio signal extracted from the conversion of an application into an audio file. The processing allows to generate a vector of characteristics to be analyzed with different classifiers. The experimental analysis is performed on a set of Android applications consisting of 359 trusted and (colluding) untrusted applications, showing the effectiveness of our method in detecting colluding applications.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.