Research On The Key Technologies Of Vulnerability Detection In Mobile Platform

With the rapid development of mobile internet and the improvement of computing power of mobile devices, more and more data are stored and processed on intelligent mobile terminal equipment. Mobile platform has gradually become the focus of the attacker. At present, the number of mobile malware is explosively growing, and security vulnerabilities emerge in endlessly. However, a number of limitations bring some challenges to the vulnerability detection of mobile platform, including existing technology, the unique characteristics of the system architecture and software structure, and the limited computing power of the mobile platform. How to effectively provide data security for users, reduce the harm caused by cryptographic misuse, prevent the component hijacking and denial of service attacks caused by the defect of component communication, and detect a variety of security vulnerabilities caused by dynamic loading become an important research direction of vulnerability detection on mobile platform. In order to effectively deal with the various security threats existing in the mobile platform,present vulnerability detection technologies are analyzed systematically in this article,and the detection methods based on static stain tracking, hybrid detection,instrumentation and machine learning are proposed, aiming to improve the efficiency and accuracy of mobile platform vulnerability detection. The main innovations and contributions of this paper are as follows:1. Information leakage detection method based on fine-grained taint tracking strategies. The stain tracking technology is facing two major problems, the first is the validation of rules for the stain propagation the second is the comprehensiveness of the transmission path. Aiming at handling the above two questions, a detection method is proposed. According to the syntax and semantic of code, internal call graph of the application, the life cycle model of the application and the communication mechanism of the system, fine-grained taint track rules are constructed. Applications are performed taint analysis according to the different leak manner and the propagation strategies, and the information leakage vulnerabilities can be determined by the taint analysis result. Experiments show that the scheme can detect a variety of ways of sensitive data leakage effectively, improving the detection accuracy and flexibility, and reduce the uncomprehensive of information flow path and false positive rate in the process of detection.2. Cryptographic misuse vulnerability detection method based on code instrumentation technology. In order to solve the problem of residual error rate and efficiency in existing detection methods, a three-stage detection method based on vulnerability model analysis is proposed. The first stage is the static analysis process, the branch path traversal of the encryption API are completed. The second stage is the dynamic analysis phase, based on code instrumentation the runtime log of encryption API is obtained and recorded.The third stage is the feature-matching phase, which determines whether a cryptographic misuse vulnerability is exist by matching the log feature and the established model library of cryptographic misuse. Based on the detection tool implement by this article, various type of application are tested and analyzed. 9 cryptographic misuse vulnerabilities are detected in 4 mobile banking client, 11 cryptographic misuse vulnerabilities are detected in 5 financial payment applications.3. Component communication vulnerability based on hybrid detection.For the static detection methods cannot effectively detect the vulnerability of component hijacking, data and privilege leakage and denial of service existing in the component communication process, a comprehensive detection method based on hybrid detection is proposed. In the static analysis phase, internal and external components are checked firstly, then the risk of being hijacked is determined for the components, and data or access leak of the components request with data transmission is determined by stain tracking analysis at last. According to the form of transmission data detected in the static analysis phase, dynamic testing constructs the test data for the Fuzzing firstly, and then send test instructions to the application installed on the test platform and collect the execution logs, and determine whether there is a risk of denial of service at last. Experimental results show that the detection method reduces the analysis time and improves the efficiency and accuracy of the detection. Varieties of mainstream applications are examined with components communication security problems.4. Dynamic loading vulnerability detection method based on cost-sensitive ensemble learning algorithm for multi-label. For the diversity of dynamic loading vulnerabilities, The multi-label ensemble learning is applied to the detection of the vulnerability. Based on the improved feature selection algorithm and the constructed classification algorithm, a dynamic loading vulnerability detection method consisting of two phases is proposed.Static analysis phase determines the location information of the loading point firstly, then feature extraction algorithm is performed to extract the feature vector for each loading procedure; Classification phase classifies the extracted feature vector by means of constructed multi-label classification ensemble learning algorithm and confirms the presence of malicious behavior ultimately. A dynamic loading flaw detection system is implemented based on the proposed method, and 4464 applications downloaded from Android market are tested by the tool. Experimental result shows that the detection method can detect security detects of dynamic loading effectively, and the method is more comprehensive than other methods.To sum up, for the vulnerability detection problem of mobile platform,represented by Android which occupy the largest mobile market share, the largest mobile market share of, a series of vulnerability detection methods are proposed from four aspects: fine-grained stain tracking, hybrid detection,code instrumentation and multi-label vulnerability marking. Finally, in order to verify the actual detection effect of the proposed method, the detection system for the Android platform have been built in this article, and the proposed detection method is implemented on this platform. Compared with the existing detection methods, the accuracy and efficiency of the test results are improved.