Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Android application-oriented intelligent fuzzy test method

A fuzzy testing and intelligent technology, applied in software testing/debugging, error detection/correction, instruments, etc., can solve problems such as difficult coverage rate determination, high false negative rate, randomness and simplicity, so as to increase the probability of vulnerability discovery, Improved detection efficiency and high analysis accuracy

Active Publication Date: 2018-07-10
NANJING UNIV OF SCI & TECH
View PDF4 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] Although the above-mentioned fuzz testing method has a relatively high detection rate for application vulnerabilities, it has obvious defects: the test data generation method is too random and simple, and the blindness of the test leads to low test efficiency, and it is difficult to determine the coverage rate, resulting in the failure of fuzz testing. The results are evaluated; sufficient code coverage cannot be guaranteed, resulting in a high false negative rate; test data is independent of each other, making it difficult to find complex vulnerabilities, etc.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android application-oriented intelligent fuzzy test method
  • Android application-oriented intelligent fuzzy test method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] In order to perform more accurate vulnerability analysis on applications and make up for the blindness of traditional fuzzing techniques, the test method has gradually changed from a single fuzzing test method to an intelligent fuzzing test method, that is, symbolic execution technology analysis is introduced in the testing process Intrinsic knowledge of the target program to assist fuzzing.

[0034] Fuzz testing technology based on reverse symbolic execution mainly combines reverse symbolic execution and fuzzing. Firstly, find out the function entry point set, sensitive operation point, control flow information and function call information in Android application through static analysis. Use the currently obtained application information to perform reverse symbolic execution on the sensitive operation point to obtain the path constraints for executing the sensitive operation point. The obtained path constraints are obtained by constraint solving to obtain the path cor...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an Android application-oriented intelligent fuzzy test method. The method comprises application reverse symbol execution and Android application fuzzy testing. Android vulnerability characteristics are used for performing modeling analysis on an Android application to obtain an Android application entry function, a sensitive operation point, control flow and function call information; the reverse symbol execution is performed by taking the sensitive operation point as an entry to obtain path constraint information; the path constraint information is subjected to constraint solving to obtain a path test case triggering a vulnerability; the generated path test case is used for performing fuzzy testing on the Android application to monitor a program running state; andthe program running information is analyzed to generate a related vulnerability report. The test case triggering the vulnerability can be generated, so that the path explosion is avoided and the fuzzytesting under the guidance of the method is more targeted. Compared with a conventional fuzzy testing method, the method solves the problem of fuzzy testing blindness and improves the fuzzy testing efficiency.

Description

technical field [0001] The invention relates to a method for testing the security of Android application software, in particular to a method for guiding fuzz testing based on reverse symbol execution, which combines the advantages of reverse symbol execution and fuzz testing to analyze the security of software. Background technique [0002] With the widespread popularization of the mobile Internet and the widespread use of Android smartphones, the Android mobile application software industry has developed rapidly and has begun to affect all aspects of people's work and life, such as: mobile office software, mobile game software, mobile social software , mobile positioning software and mobile payment software, etc. A large number of Android applications are downloaded and installed on users' mobile phones through application stores or third-party markets. However, most of the applications come from third-party developers, and these applications can be put on the market witho...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36G06F21/57
CPCG06F11/3684G06F11/3688G06F21/577G06F2221/033
Inventor 俞研邱煜吴家顺胡恒伟黄兴远孙贝
Owner NANJING UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com