App Collusion Detection (ACID)
Lead Research Organisation:
Swansea University
Department Name: College of Science
Abstract
Abstracts are not currently available in GtR for all funded research. This is normally because the abstract was not required at the time of proposal submission, but may be because it included sensitive information such as personal details.
People |
ORCID iD |
| Markus Roggenbach (Principal Investigator) |
Publications
Asavoae I
(2018)
Model Checking Software
Asavoae I
(2016)
Critical Systems: Formal Methods and Automated Verification
Asavoae, I M
(2018)
DISTINGUISHING BETWEEN MALICIOUS APP COLLUSION AND BENIGN APP COLLABORATION: A MACHINE-LEARNING APPROACH
in Virus Bulletin
Blasco J
(2018)
Detection of app collusion potential using logic programming
in Journal of Network and Computer Applications
I Muttik
(2016)
Partners in Crime: Investigating mobile app collusion
Irina Mariuca Asavoae
(2017)
Data Analytics
J Blasco
(2016)
WILD ANDROID COLLUSIONS
Mariuca Asavoae Irina
(2016)
Towards Automated Android App Collusion Detection
in arXiv e-prints
| Description | Objective of the grant is to develop software that shall support companies such as Intel Security to protect mobile phones from fraud. The investigator team has some running prototypes for fraud detection. |
| Exploitation Route | We are working together with Intel Security on the integration of our prototypes into their fraud detection systems. |
| Sectors | Digital/Communication/Information Technologies (including Software) |
| URL | http://www.cs.swansea.ac.uk/~csmarkus/ACID/ |
| Description | As of September 2017, an app collusion filter from the ACID project is running as part of McAfee's global threat monitoring system on a permanent basis. McAfee's mobile security App currently protects over 100 million users against the latest cyber threats. |
| First Year Of Impact | 2017 |
| Sector | Digital/Communication/Information Technologies (including Software) |
| Impact Types | Economic |
| Description | Visit to McAfee |
| Organisation | McAfee |
| Country | United States |
| Sector | Private |
| PI Contribution | Swansea University made a research visit to the McAfee labs in order to deploy a software that is able to detect app collusion potential. |
| Collaborator Contribution | McAfee evaluated the software and discussed with us how it's quality could be improved by adding elements of dynamic analysis that they have developed. |
| Impact | Warnings about the possibility of app collusion appeared as early as 2011. However, industry had no detection mechanisms. Thus, McAfee invited us to collaborate on the development of detection tools. Our filter developed was the first to detect app collusion in the wild and adopted by McAfee: "After deployment in September 2017, this app collusion filter is now up and running as part of McAfee's global threat monitoring system on a permanent basis" (letter to Markur Roggenbach by Irfan Asrar, McAfee, September 2017). |
| Start Year | 2017 |
| Title | Software for collusion detection |
| Description | This program implements a first approximation to detect app collusion utilising Logic Programming in Prolog. Its goal is to serve as a fast, computationally cheap filter that detects potential colluding apps. It (1) uses Androguard to extract facts about the communication channels and permissions of all single apps in a given app set S, (2) which is then abstracted into an over-approximation of actions and communication channels that could be used by a single app. (3) Finally the collusion rules are fired if the proper combinations of actions and communications are found in S. |
| Type Of Technology | Software |
| Year Produced | 2016 |
| Open Source License? | Yes |
| Impact | As this product has only be released recently, there is no impact yet. However, using this software we have been able to detect what we think is the first example of collusion in the wild. |
| URL | https://github.com/acidrepo/collusion_potential_detector |
| Title | Software for model-checking for collusion |
| Description | The tool K android allows to check android applications for collusion. |
| Type Of Technology | Software |
| Year Produced | 2016 |
| Open Source License? | Yes |
| Impact | Kandroid is an implementation of Android/Smali code semantics in the K framework, supported by ACID project. The aim of Kandroid is to provide a Formal-Methods based platform to detect colluding Android applications. There are two implementations: concrete and abstract. The concrete version implements the semantics of Smali instructions as specified on Android Project website. In contrast to that, the abstract one focuses on capturing the data-flow required to decide if collusion happens. Here, the concrete semantics serves a point of reference, in order to control the abstraction. |
| URL | http://www.cs.swansea.ac.uk/~csmarkus/ProcessesAndData/androidsmali-semantics-k |
| Description | Cyber Security in Welsh Public Private Partnerships |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Professional Practitioners |
| Results and Impact | Cyber Security in Welsh Public-Private Partnerships took place during European Cyber Security Month. Every October, the campaign aims to promote cyber security among citizens and hopes to change the perception of cyber attacks by promoting information security, education, and the sharing of good practices. The event consisted of a cyber security networking fayre in the morning and a series of presentations from guest speakers in the afternoon. The fayre facilitated informal discussions around current cyber security issues, with the afternoon's presentations each offering a different perspective on public-private partnership in the field of cyber security, from policy-making, research, law enforcement, higher education, industry, and small-medium enterprises. My contribution was to be one of the guest speakers, addressing the topic of Cyber Security in Education. |
| Year(s) Of Engagement Activity | 2015 |
| URL | http://www.swansea.ac.uk/media-centre/news-archive/2015/eventpromotescybersecuritytowelshpublic-priv... |
| Description | Presentation at the 2016 international CARO workshop |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | Irina Asavoae and Igor Muttik were giving a presentation "Android malware: they divide, we conquer" on the Swansea research at the international Caro Workshop. CARO (Computer Antivirus Research Organization) is an international organization that was established in 1990 to research and study malware. |
| Year(s) Of Engagement Activity | 2016 |
| URL | http://2016.caro.org |