Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Vulnerability detection system and method for android hybrid application code injection

A hybrid application and vulnerability detection technology, applied in the fields of instrumentation, computing, electrical digital data processing, etc., can solve the problem of complex vulnerability detection methods, and achieve the effect of improving vulnerability detection efficiency, effectiveness, and accuracy.

Active Publication Date: 2021-02-09
HUAZHONG UNIV OF SCI & TECH
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of the above defects, the present invention provides a vulnerability detection system and method for Android mixed application code injection, aiming to solve the problem that the existing vulnerability detection system finds the vulnerability attack path by constructing a function call graph to realize the vulnerability detection, which leads to the existing vulnerability detection method complex technical issues

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability detection system and method for android hybrid application code injection
  • Vulnerability detection system and method for android hybrid application code injection
  • Vulnerability detection system and method for android hybrid application code injection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038]In order to make the objectives, technical solutions and improvements of the present invention clearer and easier to understand, the following further describes the present invention in detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, but not to limit the present invention.

[0039]The following first explains and describes the technical terms of the present invention:

[0040]Android OS: A mobile operating system based on the Linux kernel, led by Google, has a high share of the mobile operating system market with its open features;

[0041]Android hybrid applications: Android hybrid applications are mainly based on mutual calls between JS and Native. From the development level, the mechanism of "development once, running more" has been realized, and it has become truly suitable for cross-platform development and has good native applications. The user ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a loophole detection system and method for Android mixed application code injection. The system includes an authority feature extraction module, a data channel feature extraction module and a vulnerability detection module. The authority feature extraction module is used to extract the mixed application code to be detected The sensitive permission application set of the hybrid application; the data channel feature extraction module is used to extract the source point set and the receiving point set of the data channel from the mixed application code to be detected; the first input terminal of the vulnerability detection module is the same as the output of the permission feature extraction module The second input terminal is connected to the output terminal of the data channel feature extraction module, which is used to determine whether there is vulnerability code injection in the mixed application to be detected by using the vulnerability detection model according to the sensitive authority and the source point set and the receiving point set of the data channel . Compared with the traditional detection method based on control flow and program call graph, it has higher efficiency, high classification accuracy and good usability.

Description

Technical field[0001]The invention belongs to the field of mobile security and vulnerability detection, and more specifically relates to a vulnerability detection system and method for Android mixed application code injection.Background technique[0002]With the development of Internet technology and the portability of mobile terminals, smart phones are becoming more and more popular. At the same time, in order to ensure the daily life and entertainment needs of users, developers are also developing more and more applications. The application market led by GooglePlay provides people with various applications, such as social networking, shopping, games, and photography. And news. However, the security problems brought by smart phones have become more and more serious, and the user's private data (geographical location, address book, account password) will also be exposed in the phone and become the target of malicious users. Market research results show that as of the fourth quarter of...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/55G06F21/56G06F21/57
CPCG06F21/55G06F21/563G06F21/577
Inventor 李瑞轩涂建伟汤俊伟韩洪木辜希武张婧代德顺
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products