RbacIP: A RBAC-Based Method for Intercepting and Processing Malicious Applications in Android Platform

  • Li Lin
  • Jian NiEmail author
  • Jian Hu
  • Jianbiao Zhang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9565)


With the rapid development of Android-based smart phones and pads, android applications show explosive growth. Because third-party application market regulation is lax, many normal applications are embedded malicious code and then many security issues occur. The existing antivirus software cannot intercept malicious behaviors from those repackaged applications in many cases. To solve these problems, we propose a new method called RbacIP, which integrates RBAC into intercept and disposal process of malicious android applications. In RbacIP, the malicious behaviors of applications are monitored by inserting Linux kernel function call dynamically. Exploiting the Netlike technology, the information of malicious behaviors are feedback from the kernel layer to the user layer. On the user layer, depending on the roles assigned, android applications are authorized to the corresponding permissions. According to the characteristics of RBAC, it can achieve the minimum authorization for malicious applications. Meanwhile, to balance the user experience and his privacy protection needs, users are allowed to make fine-grained decision based on RBAC policy, rather than permit or prohibit. Finally, we implemented RbacIP in real android platform. Comprehensive experiments have been conducted, which demonstrate the effectiveness of the proposed method by the comparison with traditional HIPS systems at the malicious programs detection performance and resource consumption.


RBAC Hook Dynamic detection Android-ndk 



This work is supported by grants from the China National Science Foundation (Project No. 61502017), China 863 High-tech Programme (Project No. 2015AA016002). The authors would like to thank the anonymous reviewers for their constructive comments.


  1. 1.
    Alazab, M., Moonsamy, V., Batten, L., et al.: Analysis of malicious and benign android applications. In: 2012 32nd International Conference on Distributed Computing System Workshops, pp. 608–616 (2012)Google Scholar
  2. 2.
    Stephen, F., Dillon, S., Bing, W.: Manilyzer: automated android malware detection through manifest analysis. In: IEEE 11th International Conference on Mobile Ad Hoc and Sensor Systems, pp. 767–772 (2014)Google Scholar
  3. 3.
    Patrick, P., Wen-Kai, S.: Static detection of android malware by using permissions and API calls. In: International Conference on Machine Learning and Cybernetics, pp. 82–87 (2015)Google Scholar
  4. 4.
    Daiyong, Q., Lidong, Z., Fan, Y., et al.: Detection of android malicious apps based on the sensitive behaviors. In: IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom, pp. 877–883 (2014)Google Scholar
  5. 5.
    Mingshen, S., Min, Z., John, C., et al.: Design and implementation of an android host-based intrusion prevention system. In: Proceedings of the 30th Annual Computer Security Applications Conference (2014)Google Scholar
  6. 6.
    Wen-Chieh, W., Shih-Hao, H.: DroidDolphin: a dynamic android malware detection framework using big data and machine learning. In: Proceedings of the 2014 Conference on Research in Adaptive and Convergent Systems (2014)Google Scholar
  7. 7.
    Qiang, W., Jason, C., Konstantin, B., et al.: Authorization recycling in hierarchical RBAC systems. ACM Trans. Inf. Syst. Secur. 14, 3 (2011)Google Scholar
  8. 8.
    Reinhard, T., Julio, S., Wolfgang, S., et al.: Dead or alive: finding zombie features in the linux kernel. In: Proceedings of the First International Workshop on Feature-Oriented Software Development (2009)Google Scholar
  9. 9.
    Jemin, L., Hyungshin, K.: Framework for automated power estimation of android applications. In: Proceeding of the 11th Annual International Conference on Mobile Systems, Applications, and Services (2013)Google Scholar
  10. 10.
    Zheng, S., Shijia, P., Yu-Chi, S., et al.: Headio: zero-configured heading acquisition for indoor mobile devices through multimodal context sensing. In: Proceedings of the 2013 ACM International Joint Conference on Pervasive and Ubiquitous Computing (2013)Google Scholar
  11. 11.
    Sebastian, F., Bert, A., Gerhard, T., et al.: CoenoFire: monitoring performance indicators of firefighters in real-world missions using smartphones. In: Proceedings of the 2013 ACM International Joint Conference on Pervasive and Ubiquitous Computing (2013)Google Scholar
  12. 12.
    Chuangang, R., Kai, C., Peng, L.: Droidmarking: resilient software water-marking for impeding android application repackaging. In: Proceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering (2014)Google Scholar
  13. 13.
    Kun, Y., Jianwei, Z., Yongke, W.: IntentFuzzer: detecting capability leaks of android applications. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (2014)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Li Lin
    • 1
    • 2
    • 3
  • Jian Ni
    • 1
    • 2
    Email author
  • Jian Hu
    • 1
    • 2
  • Jianbiao Zhang
    • 1
    • 2
    • 3
  1. 1.College of Computer ScienceBeijing University of TechnologyBeijingChina
  2. 2.Beijing Key Laboratory of Trusted ComputingBeijingChina
  3. 3.National Engineering Laboratory for Critical Technologies of Information Security Classified ProtectionBeijingChina

Personalised recommendations