Tapjacking Threats and Mitigation Techniques for Android Applications
作者: Vanessa Cooper
DOI:
关键词: Malware 、 Laptop 、 Web application 、 Mobile device 、 End user 、 Android (operating system) 、 Web page 、 Engineering 、 Computer security 、 Clickjacking
摘要: With the increased dependency on web applications through mobile devices, malicious attack techniques have now shifted from traditional running desktop or laptop (allowing mouse click-based interactions) to devices touch-based interactions). Clickjacking is a type of originating in applications, where victims are lured click seemingly benign objects pages. However, when clicked, unintended actions performed without user’s knowledge. In particular, it shown that users touch an object application triggering not actually intended by victims. This new form clickjacking called tapjacking. Much research work has focused developing mitigation level issue. none thoroughly investigated attacks and due tapjacking devices. this thesis, we identify coding practices can be helpful for software practitioners avoid define detection prevent consequence end users. We first find out falls within broader literature malware, particular Android malware. direction, propose classification Then, novel technique based Kullback-Leibler Divergence (KLD) possible behavior applications. validate approach with set android also implemented prototype tool detecting symptom using KLD measurement. The evaluation results show detected effectively KLD. thesis organized following format: survey techniques, discussion our proposed KLD-Based approach, implementation.
参考文章(24)
Brigitte Bigi, Using Kullback-Leibler Distance for Text Categorization Lecture Notes in Computer Science. ,vol. 2633, pp. 305- 319 ,(2003) , 10.1007/3-540-36618-0_22
Damien Octeau, William Enck, Patrick McDaniel, Swarat Chaudhuri, A study of android application security usenix security symposium. pp. 21- 21 ,(2011)
Adrienne Porter Felt, Kate Greenwood, David Wagner, The effectiveness of application permissions usenix conference on web application development. pp. 7- 7 ,(2011)
Vanessa N. Cooper, Hossain Shahriar, Hisham M. Haddad, A Survey of Android Malware Characterisitics and Mitigation Techniques international conference on information technology: new generations. pp. 327- 332 ,(2014) , 10.1109/ITNG.2014.71
Chao Yang, Vinod Yegneswaran, Phillip Porras, Guofei Gu, Detecting money-stealing apps in alternative Android markets Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 1034- 1036 ,(2012) , 10.1145/2382196.2382316
Leonid Batyuk, Markus Herpich, Seyit Ahmet Camtepe, Karsten Raddatz, Aubrey-Derrick Schmidt, Sahin Albayrak, Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications international conference on malicious and unwanted software. pp. 66- 72 ,(2011) , 10.1109/MALWARE.2011.6112328
Juan E. Tapiador, John A. Clark, Information-Theoretic Detection of Masquerade Mimicry Attacks 2010 Fourth International Conference on Network and System Security. pp. 183- 190 ,(2010) , 10.1109/NSS.2010.55
David Barrera, H. G üne ş Kayacik, Paul C. van Oorschot, Anil Somayaji, A methodology for empirical analysis of permission-based security models and its application to android Proceedings of the 17th ACM conference on Computer and communications security - CCS '10. pp. 73- 84 ,(2010) , 10.1145/1866307.1866317
Guorui Li, Ying Wang, Differential Kullback-Leibler Divergence Based Anomaly Detection Scheme in Sensor Networks computer and information technology. pp. 966- 970 ,(2012) , 10.1109/CIT.2012.197
A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, C. Glezer, Google Android: A Comprehensive Security Assessment ieee symposium on security and privacy. ,vol. 8, pp. 35- 44 ,(2010) , 10.1109/MSP.2010.2