摘要
随着智能手机的普及,手机应用市场的发展也变得如火如荼。开发人员在新应用的开发中,会用到一些第三方提供的SDK,但是其经常存在安全漏洞,对用户的隐私造成威胁。本文基于机器学习的方法设计了针对Android第三方SDK的漏洞检测系统,同时利用设计出的检测系统对常见的50款第三方SDK进行了漏洞测试,发现50个样本中有31个存在漏洞,漏洞类型主要包括恶意索取敏感权限、滥用HTTP协议、API误用以及本地服务器漏洞。
With the popularity of smart phones,the development of the mobile phone application market has also become in full swing.Developers often use SDKs provided by some third-party in the development of new applications,but they often have security vulnerabilities that pose a threat to users'privacy.Based on the method of machine learning,a vulnerability detection system for Android third-party SDK is designed,and at the same time conducted a vulnerability test using the 50 third-party SDKs common in the designed detection system.It is found that 31 of the 50 samples have vulnerabilities and vulnerabilities.The types mainly include malicious request for sensitive permissions,abuse of HTTP protocol,API misuse and local server vulnerabilities.
作者
索蓓蓓
Suo Beibei(Shaanxi Xueqian Normal University,Xi'an 710061,China)
出处
《单片机与嵌入式系统应用》
2021年第1期19-22,共4页
Microcontrollers & Embedded Systems
基金
2019年陕西省教育厅专项科学研究计划项目—基于大数据分析的Android系统SDK传输数据安全性研究(19JK0212)阶段性成果之一。
