Zero false alarm detection method for Android App vulnerabilities

Abstract

The invention discloses a zero false alarm detection method for Android App vulnerabilities, which comprises the following steps of: 1) analyzing experience knowledge (such as vulnerability attack paths, CVE reports and the like) of the Android App vulnerabilities, and summarizing, detecting and triggering comprehensive description of the vulnerabilities; 2) App feature extraction: statically searching vulnerability attributes and constructing field values required by a test case and a trigger; 3) performing exploration path constraints by using symbols, and filtering invalid field values in the step 2); 4) dynamically generating a test case and a trigger, and triggering the target App; 5) performing dynamic binary instrumentation on the entry function and the target function of the targetApp; 6), if the behavior of the target function is matched with the vulnerability behavior, judging that the vulnerability exists. According to the zero false alarm detection method, the informationfor detecting and triggering the vulnerability is summarized by analyzing the experience knowledge of the vulnerability; meanwhile, static analysis, symbolic execution and the dynamic binary instrumentation technology are combined for detecting and verifying the vulnerability, and the zero-false-alarm detection effect is achieved.

Description

technical field [0001] The invention relates to a zero-false-positive detection method for Android App vulnerabilities, which is mainly used in the development of Android App vulnerability detection systems. Background technique [0002] Static analysis technology: referred to as static analysis or static detection, is a white box testing technology. This detection technology does not need to be performed when the system is running, but only through lexical analysis, syntax analysis, data flow analysis and other operations on the source code of the application, and according to various analysis results to detect whether the source code of the target application is standardized, Whether there are security threats to the application, whether the reliability and maintainability of the application meet certain standards, and so on. The more commonly used static code analysis techniques include: lexical analysis and syntax analysis, control flow analysis and data flow analysis, ...

AI Technical Summary

Problems solved by technology

The disadvantage of dynamic instrumentation is: the overhead of instrumentation occurs when the program is running, which makes the execution of the program very slow; and dynamic instrumentation is more difficult to achieve - it is not easy to rewrite the executable code at runtime. instructions while avoiding interference with the execution of the program itself

[0006] Most of the existing Android App vulnerability detection tools use static analysis and dynamic analysis techniques. Static analysis tools cannot verify vulnerabilities in the running state, and there is a high false positive rate; dynamic analysis tools can verify vulnerabilities, but the generated test cases are blind. high performance, low operating efficiency

Images