Hacker can launch hijacking attacks in Android systems to steal personal information of the targeted user. He/She stealthily injects into the foreground a hijacking Activity indistinguishable from the user interface at the right timing. Hijacking attacks take advantage of the user trust that this interface is real. Therefore, the hacker has chance to acquire user private information. In this paper, we compare user interfaces similarity between victim and hacking activities. Our approach has been proved to be effective in detecting Activity hijacking attacks with reasonable performance overheads and number of false positives. In the worst case, our solution generates 4.2% of false positives and incurs only 0.39% performance overhead on a CPU-bound micro-benchmark.
展开▼