Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Android binary file vulnerability detection method and system

A binary file and vulnerability detection technology, applied in the fields of instruments, digital data processing, platform integrity maintenance, etc., can solve the problems of not supporting SysVIPC function, meaningless execution and mutation, low code coverage, etc., to improve the initial Code coverage, perfect test results, high code coverage effect

Inactive Publication Date: 2018-08-17
XIDIAN UNIV
View PDF0 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

MFFA, released in 2015, is a tool for fuzzing testing of the libstagefright library in the Android system, but the framework only uses a simple random mutation strategy to generate test cases, generating a large number of wrongly formatted and invalid test cases, making the entire The fuzzing process spends a lot of time on meaningless execution and mutation
[0007] (1) The code coverage rate caused by the simple random mutation strategy in Fuzzing technology is not high;
[0008] (2) At present, most of the Fuzzing tools on the Android platform are aimed at the communication mechanism between upper-layer applications and components, and simply test the system calls, but lack the Fuzzing tools for the Android system framework and system class library
Android does not support the SysV IPC function due to customization reasons, and cannot directly use shared memory directly like using functions such as shmget on linux

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android binary file vulnerability detection method and system
  • Android binary file vulnerability detection method and system
  • Android binary file vulnerability detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0062] In order to make the object, technical solution and advantages of the present invention more clear, the present invention will be further described in detail below in conjunction with the examples. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0063] In the existing technology, the code coverage rate caused by the simple random mutation strategy in Fuzzing technology is not high;

[0064] At present, most of the Fuzzing tools on the Android platform are aimed at the communication mechanism between upper-layer applications and components, and simply test the system calls, but lack the Fuzzing tools for the Android system framework and system class library.

[0065] The core idea of ​​the present invention's vulnerability mining technology for Android binary files is based on Fuzzing vulnerability mining technology, and then combines machine learning, instrumentati...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of Android binary file vulnerability excavation, and discloses an Android binary file vulnerability detection method and system. The method comprises the steps that the collection of code coverage rate information is achieved by using a pile pitching technology based on LLVM to be adopted as judging criteria of measuring the feed sufficiency in a genetic algorithm, and seeds are selected to perform random variation of the next generation; a testing case generation model is constructed by using an RNN network in machine learning, and testing cases obtained by training using a large number of files of a certain format are used for generating the model to automatically generate new testing cases. By means of the method, a Fuzzing test can be conducted on binary files such as Android system libraries and the like, the coverage rate of initial codes can be effectively improved by using a machine learning technology to perform training to obtain the testing case generation model to generate initial testing cases, the needed variation and execution time for searching for some routes is saved, and the efficiency of Fuzzing is improved.

Description

technical field [0001] The invention belongs to the technical field of exploiting vulnerabilities of Android binary files, and in particular relates to a method and system for detecting vulnerabilities of Android binary files. Background technique [0002] At present, the existing technologies commonly used in the industry are as follows: [0003] Fuzzing is a black-box testing technique that tests the robustness and security of programs by continuously generating a large amount of malformed test data. The core of this technology is test case generation technology, good test case generation technology can guarantee higher code coverage and test efficiency. The test case generation technology in Fuzzing can be divided into two types: generation type and variation type. The generation type is to directly generate test cases according to preset rules (such as the format of files and protocols), while the variation type is to generate test cases through the given The seed tes...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57G06F21/56
CPCG06F21/577G06F21/566
Inventor 张德岳
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com