Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Vulnerability detection system and method of Android hybrid-application code injection

A hybrid application and vulnerability detection technology, applied in the fields of instrumentation, computing, electrical digital data processing, etc., can solve the problem of complex vulnerability detection methods, and achieve the effect of improving vulnerability detection efficiency, effectiveness, and accuracy.

Active Publication Date: 2018-10-12
HUAZHONG UNIV OF SCI & TECH
View PDF5 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of the above defects, the present invention provides a vulnerability detection system and method for Android mixed application code injection, aiming to solve the problem that the existing vulnerability detection system finds the vulnerability attack path by constructing a function call graph to realize the vulnerability detection, which leads to the existing vulnerability detection method complex technical issues

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability detection system and method of Android hybrid-application code injection
  • Vulnerability detection system and method of Android hybrid-application code injection
  • Vulnerability detection system and method of Android hybrid-application code injection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] In order to make the object, technical solution and improvement of the present invention clearer and easier to understand, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0039] Below at first explain and illustrate with regard to the technical terms of the present invention:

[0040] Android OS: a mobile operating system based on the Linux kernel developed by Google, which has a relatively high market share in the mobile operating system market due to its open features;

[0041] Android hybrid application: Android hybrid application mainly uses JS and Native to call each other. From the development level, it realizes the "one-time development, multiple operations" mechanism, which is really suitable for cross-platform development and has goo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a vulnerability detection system and method of Android hybrid-application code injection. The system includes a permission feature extraction module, a data channel feature extraction module and a vulnerability detection module. The permission feature extraction module is used for extracting a sensitive permission application set of a to-be-detected hybrid application fromto-be-detected hybrid-application code. The data channel feature extraction module is used for extracting a source point set and a receiving point set of data channels from the to-be-detected hybrid-application code. A first input end of the vulnerability detection module is connected to the output end of the permission feature extraction module, and the second input end thereof is connected to the output end of the data channel feature extraction module. The vulnerability detection module is used for according to sensitive permissions and the source point set and the receiving point set of the data channels, using a vulnerability detection model to determine whether vulnerability code injection of the to-be-detected hybrid application exists. Compared with traditional detection methods based on control flow and program call graphs, the method of the invention has higher efficiency, is very high in classification accuracy, and has very good usability.

Description

technical field [0001] The invention belongs to the field of mobile security and loophole detection, and more specifically relates to a loophole detection system and method for Android hybrid application code injection. Background technique [0002] With the development of Internet technology and the portability of mobile terminals, smart phones are becoming more and more popular. At the same time, in order to meet the needs of users' daily life and entertainment, developers are also developing more and more applications. The application market led by Google Play provides people with various applications, such as social networking, shopping, games, and photography. and news. However, the security problems brought about by smart phones are becoming more and more serious, and the user's private data (geographic location, address book, account password) will also be exposed in the mobile phone and become the target of malicious users. According to market research results, as ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/55G06F21/56G06F21/57
CPCG06F21/55G06F21/563G06F21/577
Inventor 李瑞轩涂建伟汤俊伟韩洪木辜希武张婧代德顺
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com