Design And Implementation Of Mobile APP Network Protocol Defect Detection Technology

With the rapid development of mobile Internet technology and the popularity of mobile intelligent terminals,mobile APP is playing an increasingly important role in people's daily life.However,limited by the CPU computing power of mobile intelligent terminals,massive data need to be transmitted to remote server interaction processing through network protocol.At this time,mobile APP using traditional network protocol will face more security threats.Faced with more and more serious security threats,how to detect defects in mobile APP network quickly,efficiently and accurately has become an urgent problem in the development of mobile Internet.At present,the analysis of network protocols mainly focuses on the functionality of the protocol.The purpose is to verify whether the design functions of the protocol are implemented,while little attention is paid to the security of the protocol.There are various problems for network protocol defect detection technology.Manual testing relies on the experience of testers and the efficiency of testing is low;The traditional fuzzy testing technology because of its blind or semi-blind variation of the characteristics of the field,directly applied to the mobile APP network protocol defect detection test cases there will be a low hit rate.Based on the analysis of network protocols,this paper focuses on the research of protocol security detection technology.Combining network protocol analysis with defect detection,a new mobile APP network protocol defect detection system is designed and implemented.The system mainly includes network traffic capture module,protocol analysis module,dynamic stain analysis module and defect detection module.The research results of this paper mainly include the following three aspects:1)In order to solve the problems of mobile APP network protocol defect detection,such as low hit rate and multi-dimensional mutation,a fuzzy test technology based on message format is proposed,and its test case generation strategy is optimized.2)In order to track and restore the generation process of some fields in the protocol,this paper introduces a dynamic taint analysis technology,which adds a tainted mark to the parameters of the system's key APIs and tracks the process of the mobile APP's processing parameters through the tainted spreading rules.At the networked API check for blemishes and restore the process.3)Fuzzy test using SPIKE framework for random variation for none key fields in the protocol of the key field in accordance with the strict dynamic taint analysis process was generated,and realize multidimensional variation that test cases can be generated by the server check,improve the hit rate of the test case.Finally,we use the system to detect defects in the specific mobile APP and find the existing security flaws,verify the feasibility of the system,and compare it with the single SPIKE framework,and verify that the system has higher detection efficiency and accuracy.In addition,three kinds of protocols used in mobile APP are detected,and their defects are analyzed and summarized,which can provide guidance for the development of similar APP.