DINA: Detecting Hidden Android Inter-App Communication in Dynamic Loaded Code

Mohannad Alhanahnah, Qiben Yan, Hamid Bagheri, Hao Zhou, Yutaka Tsutano, Witawas Srisa-An, Xiapu Luo

Research output: Journal article publicationJournal articleAcademic researchpeer-review

1 Citation (Scopus)

Abstract

Android inter-app communication (IAC) allows apps to request functionalities from other apps, which has been extensively used to provide a better user experience. However, IAC has also become an enticing target by attackers to launch malicious activities. Dynamic class loading (DCL) and reflection are effective features to enhance the functionality of the apps. In this paper, we expose a new attack that leverages these features in conjunction with inter-app communication to conceal malicious attacks with the ability to bypass existing security mechanisms. To counteract such attack, we present DINA, a novel hybrid analysis approach for identifying malicious IAC behaviors concealed within dynamically loaded code through reflective/DCL calls. DINA appends reflection and DCL invocations to control-flow graphs and continuously performs incremental dynamic analysis to detect the misuse of reflection and DCL that obfuscates malicious Intent communications. DINA utilizes string analysis and inter-procedural analysis to resolve hidden IAC and achieves superior detection performance. Our extensive evaluation on 49,000 real-world apps corroborates the prevalent usage of reflection and DCL, and reveals previously unknown and potentially harmful, hidden IAC behaviors in real-world apps.

Original languageEnglish
Article number9017933
Pages (from-to)2782-2797
Number of pages16
JournalIEEE Transactions on Information Forensics and Security
Volume15
DOIs
Publication statusPublished - Feb 2020

Keywords

  • dynamically loaded code
  • inter-app communication
  • Mobile security
  • reflection

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this