An Android Application Vulnerability Mining Method Based On Static and Dynamic Analysis

被引：0

作者：

Wang Chao ^{[1
]}

Li Qun ^{[1
]}

Wang XiaoHu ^{[1
]}

Ren TianYu ^{[1
]}

Dong JiaHan ^{[1
]}

Guo GuangXin ^{[1
]}

Shi EnJie ^{[1
]}

机构：

[1] State Grid Beijing Elect Power Res Inst, Beijing, Peoples R China

来源：

PROCEEDINGS OF 2020 IEEE 5TH INFORMATION TECHNOLOGY AND MECHATRONICS ENGINEERING CONFERENCE (ITOEC 2020) | 2020年

关键词：

Android APP; Vulnerability mining; Static analysis; Dynamic analysis;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Due to the advantages and limitations of the two kinds of vulnerability mining methods of static and dynamic analysis of android applications, the paper proposes a method of Android application vulnerability mining based on dynamic and static combination. Firstly, the static analysis method is used to obtain the basic vulnerability analysis results of the application, and then the input test case of dynamic analysis is constructed on this basis. The fuzzy input test is carried out in the real machine environment, and the application security vulnerability is verified with the taint analysis technology, and finally the application vulnerability report is obtained. Experimental results show that compared with static analysis results, the method can significantly improve the accuracy of vulnerability mining.

引用

页码：599 / 603

页数：5

共 50 条

[1] Android software vulnerability mining framework based on dynamic taint analysis technology
Zhao Min
Yang Haimin
Chen Ping
Yang Zhengxing
[J]. PROCEEDINGS OF 2019 IEEE 3RD INFORMATION TECHNOLOGY, NETWORKING, ELECTRONIC AND AUTOMATION CONTROL CONFERENCE (ITNEC 2019), 2019, : 2112 - 2115
[2] Android application vulnerabilities static mining technology
Tang, Junwei
Liu, Jiazhen
Li, Ruixuan
Li, Weiming
[J]. Huazhong Keji Daxue Xuebao (Ziran Kexue Ban)/Journal of Huazhong University of Science and Technology (Natural Science Edition), 2016, 44 : 20 - 24
[3] Bintaint: A Static Taint Analysis Method for Binary Vulnerability Mining
Feng, Zenan
Wang, Zhenyu
Dong, Weiyu
Chang, Rui
[J]. 2018 INTERNATIONAL CONFERENCE ON CLOUD COMPUTING, BIG DATA AND BLOCKCHAIN (ICCBB 2018), 2018, : 1 - 8
[4] Research on Android Vulnerability Mining Technology Based on Control Flow Analysis
Yu Lu
Shen Yi
Pan Zulie
[J]. PROCEEDINGS OF 2016 SIXTH INTERNATIONAL CONFERENCE ON INSTRUMENTATION & MEASUREMENT, COMPUTER, COMMUNICATION AND CONTROL (IMCCC 2016), 2016, : 496 - 499
[5] Androshield: Automated android applications vulnerability detection, a hybrid static and dynamic analysis approach
Amin, Amr
Eldessouki, Amgad
Magdy, Menna Tullah
Abdeen, Nouran
Hindy, Hanan
Hegazy, Islam
[J]. Information (Switzerland), 2019, 10 (10):
[6] AndroShield: Automated Android Applications Vulnerability Detection, a Hybrid Static and Dynamic Analysis Approach
Amin, Amr
Eldessouki, Amgad
Magdy, Menna Tullah
Abdeen, Nouran
Hindy, Hanan
Hegazy, Islam
[J]. INFORMATION, 2019, 10 (10)
[7] DDefender: Android Application Threat Detection Using Static and Dynamic Analysis
Alshahrani, Hani
Mansour, Harrison
Thorn, Seaver
Alshehri, Ali
Alzahrani, Abdulrahman
Fu, Huirong
[J]. 2018 IEEE INTERNATIONAL CONFERENCE ON CONSUMER ELECTRONICS (ICCE), 2018,
[8] Static and Dynamic Analysis of Android Malware
Kapratwar, Ankita
Di Troia, Fabio
Stamp, Mark
[J]. ICISSP: PROCEEDINGS OF THE 3RD INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY, 2017, : 653 - 662
[9] REDDROID: Android Application Redundancy Customization Based on Static Analysis
Jiang, Yufei
Bao, Qinkun
Wang, Shuai
Liu, Xiao
Wu, Dinghao
[J]. 2018 29TH IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE), 2018, : 189 - 199
[10] Detect Storage Vulnerability of User-Input Privacy in Android Applications with Static and Dynamic Analysis
Jiang, Li
Zhuang, Yi
[J]. CLOUD COMPUTING AND SECURITY, PT II, 2017, 10603 : 280 - 291

← 1 2 3 4 5 →