Analysis and Detection of Android App Privilege Escalation Vulnerability Based on Machine Learning

  • Jiang XinEmail author
  • Zhang Wen
  • Niu Shaozhang
  • Xue Yiming
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 109)


Android is currently playing an important role in smartphone operating systems. However, there are potential risks hidden in Android applications. One of them is application vulnerability, which can put users’ information in danger. In this paper, we investigate the machine learning techniques in identify one of the most common application vulnerabilities—privilege escalation vulnerability (referred as PE vulnerability). We propose a machine learning system for detecting PE vulnerability. Our method is component-based detection, which means a more granular method. In this way, we can not only identify App with problems, but also locate component with loopholes. We first analyze the principle of PE vulnerability’s formation process, and then propose an EMPC model according to key elements in the process. The model is used to select features in the following steps. Second, we apply machine learning techniques to build a classification model to classify samples. Seven classification algorithms are applied. The experiment results show that our method is feasible in detecting PE vulnerability in component-degree.


Android app vulnerability Vulnerability model Machine learning 



This work was supported by National Natural Science Foundation of China (No. U1536121, 61370195).


  1. 1.
    FreeBuf Report. Accessed June 2017
  2. 2.
    Maiorca, D., Mercaldo, F., Giacinto, G., et al.: R-packdroid: API package-based characterization and detection of mobile ransomware. In: Symposium on Applied Computing, pp. 1718–1723. ACM (2017)Google Scholar
  3. 3.
    Chen, S., Xue, M., Tang, Z., et al.: Stormdroid: a streaminglized machine learning-based system for detecting android malware, pp. 377–388 (2016)Google Scholar
  4. 4.
    Dimjašević, M., Atzeni, S., Ugrina, I., et al.: Evaluation of android malware detection based on system calls, pp. 1–8 (2016)Google Scholar
  5. 5.
    Chen, X., Peng, X., Li, J.-B., Peng, Y.: Overview of deep kernel learning based techniques and applications. J. Netw. Intell. 1(3), 83–98 (2016)Google Scholar
  6. 6.
    Grieco, G., Grinblat, G.L., Uzal, L., et al.: Toward large-scale vulnerability discovery using machine learning, pp. 85–96 (2016)Google Scholar
  7. 7.
    Younis, A., Malaiya, Y.K., Anderson, C., et al.: To fear or not to fear that is the question: code characteristics of a vulnerable function with an existing exploit. In: Conference on Data & Applications Security & Privacy, pp. 97–104. ACM (2016)Google Scholar
  8. 8.
    Gruver, B.: Smali: An assembler/disassembler for Android’s dex, July 2015.

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Jiang Xin
    • 1
    Email author
  • Zhang Wen
    • 1
  • Niu Shaozhang
    • 1
  • Xue Yiming
    • 2
  1. 1.Beijing Key Lab of Intelligent Telecommunication Software and MultimediaBeijing University of Posts and TelecommunicationsBeijingChina
  2. 2.College of Information and Electrical EngineeringChina Agricultural UniversityBeijingChina

Personalised recommendations