Vulnerability detection system and method of Android hybrid-application code injection

A hybrid application and vulnerability detection technology, applied in the fields of instrumentation, computing, electrical digital data processing, etc., can solve the problem of complex vulnerability detection methods, and achieve the effect of improving vulnerability detection efficiency, effectiveness, and accuracy.

Active Publication Date: 2018-10-12
HUAZHONG UNIV OF SCI & TECH
View PDF5 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of the above defects, the present invention provides a vulnerability detection system and method for Android mixed application code injection, aiming to solve the problem that the existing vulnerabilit

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability detection system and method of Android hybrid-application code injection
  • Vulnerability detection system and method of Android hybrid-application code injection
  • Vulnerability detection system and method of Android hybrid-application code injection

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0038] In order to make the objectives, technical solutions and improvements of the present invention clearer and easier to understand, the following further describes the present invention in detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.

[0039] The following first explains and describes the technical terms of the present invention:

[0040] Android OS: A mobile operating system based on the Linux kernel, led by Google, has a high share of the mobile operating system market with its open features;

[0041] Android hybrid applications: Android hybrid applications are mainly based on mutual calls between JS and Native. From the development level, the mechanism of "development once, running more" has been realized, and it has become truly suitable for cross-platform development and has good native applicati...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a vulnerability detection system and method of Android hybrid-application code injection. The system includes a permission feature extraction module, a data channel feature extraction module and a vulnerability detection module. The permission feature extraction module is used for extracting a sensitive permission application set of a to-be-detected hybrid application fromto-be-detected hybrid-application code. The data channel feature extraction module is used for extracting a source point set and a receiving point set of data channels from the to-be-detected hybrid-application code. A first input end of the vulnerability detection module is connected to the output end of the permission feature extraction module, and the second input end thereof is connected to the output end of the data channel feature extraction module. The vulnerability detection module is used for according to sensitive permissions and the source point set and the receiving point set of the data channels, using a vulnerability detection model to determine whether vulnerability code injection of the to-be-detected hybrid application exists. Compared with traditional detection methods based on control flow and program call graphs, the method of the invention has higher efficiency, is very high in classification accuracy, and has very good usability.

Description

technical field [0001] The invention belongs to the field of mobile security and loophole detection, and more specifically relates to a loophole detection system and method for Android hybrid application code injection. Background technique [0002] With the development of Internet technology and the portability of mobile terminals, smart phones are becoming more and more popular. At the same time, in order to meet the needs of users' daily life and entertainment, developers are also developing more and more applications. The application market led by Google Play provides people with various applications, such as social networking, shopping, games, and photography. and news. However, the security problems brought about by smart phones are becoming more and more serious, and the user's private data (geographic location, address book, account password) will also be exposed in the mobile phone and become the target of malicious users. According to market research results, as ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/55G06F21/56G06F21/57
CPCG06F21/55G06F21/563G06F21/577
Inventor 李瑞轩涂建伟汤俊伟韩洪木辜希武张婧代德顺
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap