基于逆向工程的Android应用漏洞检测技术研究

Android application vulnerability detection technology based on reverse engineering

Android应用程序面临着各种各样的安全威胁,针对如何在黑客利用Android程序漏洞攻击前发现潜在漏洞的漏洞检测技术研究,提出了一种基于APK逆向分析的应用漏洞检测技术.在逆向反编译APK静态代码的基础上,运用特征提取算法将smali静态代码解析转换为函数调用图作为特征来源,建立原始特征集合提取模型,继而通过改进ReliefF特征选择算法对原始特征集合进行数据降维,提取APK包中的漏洞特征向量,依次构建漏洞的检测规则.再结合Android漏洞库收录的漏洞特征对特征向量进行正则匹配,以挖掘其中潜在的安全漏洞.基于该检测方法实现了系统模型并进行对比性实验,实验结果表明此检测方法的漏洞检出率达91%以上.因此,该漏洞检测技术能够有效挖掘Android应用中常见的安全漏洞.

Android applications are faced with a variety of security threats. Aiming at how to detect potential vulnerabilities before hackers exploit Android vulnerabilities,a vulnerability detection technique based on APK reverse analysis was proposed. On the basis of reverse decompiling APK static code,using feature extraction algorithm to transform smali static code parsing into function calling graph as feature source,the original feature set extraction model was established. Then the dimension of the original feature set was reduced by the improved ReliefF feature selection algorithm,and the vulnerability features in the APK packet were extracted. The quantity constructed the flaw detection rule in turn. In order to mine the potential security vulnerabilities,the feature vectors were regularly matched with the vulnerability features included in the Android vulnerability library.Based on this detection method,the system model was implemented and a comparative experiment is carried out. The experimental results showed that the detection rate of this method was over 91%. Therefore,the vulnerability detection technique can effectively mine common security vulnerabilities in Android applications.