Yesterday, we published a paper (that was presented at VB2016) on
Android app collusions
: the situation in which two or more apps work together to exfiltrate data from a device using the combined permissions of each app.
Today, we publish a follow-up paper by the same (in fact, slightly larger) group of researchers, affiliated with various UK universities and companies. In it, they describe their method of using machine learning techniques to make the tricky distinction between malicious app collusion and benign app collaboration.
Collusions tend to be difficult to detect, as each app individually will appear benign to most analysis tools, thus careful study is required of a collection of apps as a whole – something which scales very poorly for human analysts. As collusion may have (malicious) applications beyond
Android
apps, the approach may have more general applications too.
Leave a Reply