A method for Android system vulnerability detection based on vulnerability poc

A vulnerability detection, Android system technology, applied in computer security devices, instruments, computing, etc., can solve the problems of low detection efficiency, incomplete detection content, and poor user experience, so as to achieve comprehensive detection content and vulnerability maintenance workload. Less, improve the effect of user experience

Active Publication Date: 2020-12-11
广州安海信息安全技术有限公司
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The purpose of the present invention is to: provide a method for realizing Android system vulnerability detection based on the vulnerability poc, to solve the technical problems of low detection efficiency, incomplete detection content and poor user operation experience in the prior art, and make up for the shortcomings of the existing solutions insufficient

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for Android system vulnerability detection based on vulnerability poc

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] All the features disclosed in this specification, except mutually exclusive features and / or steps, can be combined in any way.

[0037] Combine below figure 1 The present invention will be described in detail.

[0038] A method for realizing Android system vulnerability detection based on the vulnerability POC belongs to the category of active detection, and the executor of the detection is an APP program, including the following steps:

[0039] Step 1 (S1): crawl the required vulnerability information from CVE and other public vulnerability websites, and use YAML to create a vulnerability description file with specific information;

[0040] Step 2: Crawl the required poc file from the public vulnerability website, and convert it into c or java version of the poc code, and use YAML and poc code to build the vulnerability library used for detection;

[0041] Step 3: Develop an APP program for detection. The APP program has functions such as vulnerability library manage...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for realizing Android system vulnerability detection on the basis of a vulnerability poc (Proof of Concept). The method comprises the following steps that: establishing a vulnerability description file and a vulnerability library; developing an APP (Application) program; installing the APP program on a detected Android terminal; through an ADB (Android Debug Bridge), establishing a communication link with the APP program through a superior detection system; after the APP program receives a detection starting instruction, starting detection work; according to Android system information, loading a corresponding vulnerability detection unit list by the APP program; executing loaded vulnerability detection units one by one by a vulnerability detection engine, executing a detection task, and collecting a detection result; combining the detection result with the corresponding vulnerability description file by the vulnerability detection engine to generate a final detection report, and returning the final detection report to the superior detection system through the communication link; and deleting the APP program, carrying out disconnection, and finishing detection. By use of the method, the technical problems of low detection efficiency, incomplete detection contents and poor user operation experience in the prior art can be solved, and deficiencies in an existing scheme are made up.

Description

technical field [0001] The invention belongs to the technical field of Android system security protection, and in particular relates to a method for detecting Android system vulnerabilities. Background technique [0002] With the increasing popularity of the Internet and smart mobile terminals in people's lives, mobile security issues and hidden dangers are becoming more and more serious. At present, the incidents of implanting malicious codes on mobile terminals for cybercrime are on the rise, and users of mobile terminals are facing unprecedented security risks. Especially for smartphones with Android system, based on the open source of the source code, the security risks of various smart products developed by it have attracted people's attention. Vulnerabilities in the Android system may be exploited by various viruses and Trojan horses, resulting in many damages such as online banking theft, monitoring, unreasonable fee deductions, privacy leaks, and becoming a source o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/034
Inventor 甘刚
Owner 广州安海信息安全技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap