Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Mining method for built-in application vulnerability of Android system

A vulnerability mining and vulnerability technology, applied in the information field, can solve problems such as hindering the development of Android

Active Publication Date: 2017-05-10
BEIJING UNIV OF TECH
View PDF0 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Android is facing a serious problem in the process of skyrocketing - security, this problem may become the primary factor hindering the development of Android

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Mining method for built-in application vulnerability of Android system
  • Mining method for built-in application vulnerability of Android system
  • Mining method for built-in application vulnerability of Android system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] Vulnerability mining based on APK file decompilation

[0023] S1, build an Android vulnerability library; analyze the characteristics of each type of vulnerability, sort out the vulnerability rules for each type of vulnerability, and attach different weights according to the threat of each type of vulnerability;

[0024] S2: Decompile the target APK file to obtain files including Manifest files, resource files and code files; parse the decompiled Manifest files and resource files to obtain application permission applications, component declarations, and class function calls. ; Then disassemble the corresponding executable file, slice and assemble the disassembled code;

[0025] S3: The collected disassembled code is analyzed through grammatical lexical analysis, dangerous API analysis, control flow, and data flow analysis to obtain the behavior characteristics of the target APK file and generate characteristic data; perform lexical analysis and grammar analysis on the smali co...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the field of the information technology, and particularly relates to a mining method for the built-in application vulnerability of an Android system. The codes of each class of vulnerabilities are analyzed in detail, the class of vulnerability rule is sorted for each class of vulnerabilities, and different weights are attached according to the threat degree of each class of vulnerabilities; an APK (Android Package) file is decompiled, a corresponding executable file is disassembled, and a disassembling code is segmented; collected codes are generated into feature data, and an IDA (Interactive Disassembler) tool is imported to analyze a .so file; vulnerability matching is carried out; a .so file analysis result is combined to finally obtain a static weight report; before dynamic detection is started, an appointed APK file static report is obtained, the calling of an API (Application Program Interface) function is monitored; and through the integration of a Drozer dynamic analysis frame, various test commands are input in a command line, an attack surface is determined, and a test is carried out by aiming at an assaultable place. By use of the method, the safety of the developed APK can be quickly found, and the method has an important meaning for maintaining the stability and the business safety of the Android system.

Description

Technical field [0001] The invention belongs to the field of information technology, and specifically relates to a method for mining built-in application vulnerabilities in an Android system. Realizing the rapid discovery of the security of the developed APK is of great significance to maintaining the stability of the Android system and business security. Background technique [0002] Android currently has a dominant position in the mobile operating system market worldwide. The installation rate of Android on smartphones is about 87%, and it continues to grow. Android is facing a serious problem in the process of skyrocketing-security, this problem may become the primary factor hindering the development of Android. Many security organizations and individuals at home and abroad are engaged in vulnerability research. Two more authoritative vulnerability release agencies are CVE (Common Vulnerabilities and Exposures) and CERT (Computer Emergency Response Team). In addition, fore...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/563G06F21/566
Inventor 姜伟吴贤达庄俊玺王晓茜潘邵芹田原
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com