Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Vulnerability detection method and terminal, storage medium

A vulnerability detection and detector technology, which is applied in the direction of instruments, electronic digital data processing, platform integrity maintenance, etc., can solve problems such as complex analysis structure, unsuitable for practical application, and low detection efficiency

Pending Publication Date: 2018-12-28
ZTE CORP +1
View PDF4 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The analysis method based on data flow is the method with the highest detection accuracy in the static analysis of Android applications. However, among the current common methods for static analysis of Android applications, the flowdroid tool is used to perform static analysis on applications, although the theoretical detection accuracy is relatively high. High, but the static analysis structure of the flowdroid tool is relatively complex, so when performing vulnerability detection on applications, the requirements for detection configuration are high and the detection efficiency is low, which is not suitable for practical applications
It can be seen that the existing vulnerability detection methods for static analysis of Android applications cannot effectively detect vulnerabilities based on data streams, resulting in the defect that the detection efficiency is relatively low during vulnerability detection.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability detection method and terminal, storage medium
  • Vulnerability detection method and terminal, storage medium
  • Vulnerability detection method and terminal, storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0099] figure 1 A schematic diagram of an implementation process of a vulnerability detection method proposed by an embodiment of the present invention Figure 1 ,like figure 1 As shown, in the embodiment of the present invention, the method for performing vulnerability detection by a terminal may include the following steps:

[0100] Step 101: Obtain a function call graph corresponding to the application installation package file, and determine the calling method and target data corresponding to the calling method according to the pre-stored source method and the function call graph.

[0101] In the embodiment of the present invention, the terminal can first obtain the function call graph corresponding to the application installation package file, and then can determine the calling method and the target data corresponding to the calling method according to the pre-stored source method and the function call graph. It should be noted that, in the embodiment of the present inv...

Embodiment 2

[0112] figure 2 A schematic diagram of an implementation process of a vulnerability detection method proposed by an embodiment of the present invention Figure II ,like figure 2 As shown, based on the first embodiment, in the embodiment of the present invention, further, the method for the terminal to perform data flow analysis and detection on the target data according to the pre-stored vulnerability detection principle and the preset detection strategy may include the following steps:

[0113] Step 102a: Determine a detection script corresponding to the pre-stored vulnerability detection principle according to the preset configuration file.

[0114] In the embodiment of the present invention, before performing data flow analysis and detection on the above target data, the terminal may first determine a detection script corresponding to the above pre-stored vulnerability detection principle according to a preset configuration file, and then may perform the above detection ...

Embodiment 3

[0121] image 3 A schematic diagram of an implementation process of a vulnerability detection method proposed by an embodiment of the present invention Figure 3 ,like image 3 As shown, based on Embodiment 1 and Embodiment 2, in this embodiment of the present invention, the method for the terminal to perform data flow forward analysis and detection on target data according to a detection script may include the following steps:

[0122] Step 201: Perform in-method forward analysis and detection on the target data according to the detection script.

[0123] In the embodiment of the present invention, when it is determined that the data flow analysis method corresponding to the above-mentioned pre-stored vulnerability detection principle is a data flow forward analysis method, the terminal can perform in-method forward analysis and detection on the target data by executing the above detection script.

[0124] Further, in the embodiment of the present invention, when the termin...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a vulnerability detection method and a terminal, and a storage medium. The method comprises the following steps: obtaining a function call diagram corresponding to an application installation package file; and according to the pre-stored source method and the function call diagram, determining the calling method and the target data corresponding to the calling method; obtaining a function call diagram corresponding to the application installation package file. According to the pre-stored vulnerability detection principle and the preset detection strategy, the target data is analyzed and detected by data stream, and the corresponding vulnerability detection results are obtained. Among them, the pre-stored vulnerability detection principle is used todetermine the data stream analysis method of the target data; Data stream analysis methods include data stream forward analysis and data stream backward analysis.

Description

technical field [0001] The present invention relates to terminal technology, in particular to a vulnerability detection method, terminal and storage medium. Background technique [0002] With the rapid development of terminal technology, the Android operating system has become the terminal operating system with the highest market share, and the number of applications developed based on the Android operating system is also increasing. When using a vulnerable application installed on an Android terminal, there is a risk that personal information such as photos, contacts, bank card account numbers, etc. stored on the terminal will be stolen, resulting in leakage of user privacy and property loss. Therefore, developers should perform vulnerability detection and analysis on Android applications before releasing them, and fix the vulnerabilities according to the detection results. At present, the methods of Android application analysis are mainly divided into static analysis and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 靖二霞应凌云苏璞睿王静田甜王继刚
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com