Android binary file vulnerability detection method and system

A binary file and vulnerability detection technology, applied in the fields of instruments, digital data processing, platform integrity maintenance, etc., can solve the problems of not supporting SysVIPC function, meaningless execution and mutation, low code coverage, etc., to improve the initial Code coverage, perfect test results, high code coverage effect

Inactive Publication Date: 2018-08-17
XIDIAN UNIV
View PDF0 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

MFFA, released in 2015, is a tool for fuzzing testing of the libstagefright library in the Android system, but the framework only uses a simple random mutation strategy to generate test cases, generating a large number of wrongly formatted and invalid test cases, making the entire The fuzzing process spends a lot of time on meaningless execution and mutation
[0007] (1) The code coverage rate caused by the simple random mutation strategy in Fuzzing technology

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android binary file vulnerability detection method and system
  • Android binary file vulnerability detection method and system
  • Android binary file vulnerability detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0062] In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.

[0063] In the prior art, the code coverage rate caused by the simple random mutation strategy in Fuzzing technology is not high;

[0064] At present, most of the Fuzzing tools of the Android platform are aimed at the communication mechanism between the upper-level applications and components, and simply test the system calls, but lack the Fuzzing tools for the Android system framework and system library.

[0065] The core idea of ​​the vulnerability mining technology for Android binary files of the present invention is based on the Fuzzing vulnerability mining technology, and then combines machine learning, piling technolog...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of Android binary file vulnerability excavation, and discloses an Android binary file vulnerability detection method and system. The method comprises the steps that the collection of code coverage rate information is achieved by using a pile pitching technology based on LLVM to be adopted as judging criteria of measuring the feed sufficiency in a genetic algorithm, and seeds are selected to perform random variation of the next generation; a testing case generation model is constructed by using an RNN network in machine learning, and testing cases obtained by training using a large number of files of a certain format are used for generating the model to automatically generate new testing cases. By means of the method, a Fuzzing test can be conducted on binary files such as Android system libraries and the like, the coverage rate of initial codes can be effectively improved by using a machine learning technology to perform training to obtain the testing case generation model to generate initial testing cases, the needed variation and execution time for searching for some routes is saved, and the efficiency of Fuzzing is improved.

Description

technical field [0001] The invention belongs to the technical field of exploiting vulnerabilities of Android binary files, and in particular relates to a method and system for detecting vulnerabilities of Android binary files. Background technique [0002] At present, the existing technologies commonly used in the industry are as follows: [0003] Fuzzing is a black-box testing technique that tests the robustness and security of programs by continuously generating a large amount of malformed test data. The core of this technology is test case generation technology, good test case generation technology can guarantee higher code coverage and test efficiency. The test case generation technology in Fuzzing can be divided into two types: generation type and variation type. The generation type is to directly generate test cases according to preset rules (such as the format of files and protocols), while the variation type is to generate test cases through the given The seed tes...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/57G06F21/56
CPCG06F21/577G06F21/566
Inventor 张德岳
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap