This study proposed an application behavior-detection method based on multifeature and process algebra for detecting privilege escalation attacks in Android applications. The five features of application that constituted the attack were determined through an analysis of the privilege escalation attack model. On the basis of the extraction of multiple features, process algebra was used to build the application-behavior model and the attack model. Strong equivalence relation was used to verify the application behavior. Finally, dataflow path detection is conducted among the applications that can constitute privilege escalation attacks to determine those apps constituted a privilege escalation attack. The accuracy and effectiveness of the proposed method were verified using the DroidBench benchmark test and the test set that includes 55 APKs of 22 types.

中文翻译：

---

基于多功能的Android应用程序特权提升攻击检测方法

该研究提出了一种基于功能和进程代数的应用程序行为检测方法，用于检测Android应用程序中的权限提升攻击。通过分析特权提升攻击模型，确定了构成攻击的应用程序的五个功能。在提取多个特征的基础上，使用进程代数建立了应用程序行为模型和攻击模型。使用强等价关系来验证应用程序行为。最后，在可以构成特权提升攻击的应用程序之间进行数据流路径检测，以确定那些构成特权提升攻击的应用程序。