摘要
现阶段已有很多Android应用软件的自动化漏洞检测方法,针对现有漏洞检测方案仍然依赖于先验知识并且误报率较高的问题,本文研究了基于机器学习的Android应用软件组件暴露漏洞的分析方法.在对Android应用软件结构进行全方位分析的基础上,结合组件暴露漏洞模型,建立了相应的机器学习系统,并能够对Android漏洞特征进行提取、数据清理和向量化.结合人工分析与验证,建立了1 000个Android APK样本集,并通过训练实现了组件暴露漏洞的自动化识别,达到了90%以上的精确度.
There are many automated vulnerability detection methods for Android applications.However,existing vulnerability detection solutions still rely on prior knowledge and lead to high false positive rates.To improve the existing vulnerability detection methods,a machine learning based method was proposed to identify the component exposure vulnerability of Android applications.Analyzing Android application software structure and component exposure vulnerability model,a new machine learning system was established to perform the Android vulnerability features extraction,data cleaning and vectorized operation.Utilizing manual analysis and verification,1 000 Android APK sample sets were established.Through a large number of training,the system can detect the component exposure vulnerabilities automatically,achieving the accuracy up to 90%.
作者
邵帅
王眉林
陈冬青
王婷
姜鑫
SHAO Shuai;WANG Mei-lin;CHEN Dong-qing;WANG Ting;JIANG Xin(China Information Technology Security Evaluation Center,Beijing 100085,China;School of Computer,Beijing University of Posts and Telecommunications,Beijing 100876,China)
出处
《北京理工大学学报》
EI
CAS
CSCD
北大核心
2019年第9期974-977,共4页
Transactions of Beijing Institute of Technology
基金
国家自然科学基金面上项目(61672534)
关键词
机器学习
组件暴露漏洞
ANDROID应用
machine learning
component exposure vulnerability
Android application
