Application Vulnerabilities Detection Technology Research Based On Android System

Since the beginning of the Android system release,the market is very fond of it,which is not unrelated to its open source features.With the Android-based mobile phone types and the number of explosive growth,the open source of the security issues have become more and more serious.Especially the user privacy data leakage vulnerability,but also because the reasons for the Android system itself and the development of third-party ubiquitous.In order to solve the above problems,we use the machine learning method based on probabilistic neural network to classify the API functions of Android system and improve the coverage of vulnerability detection by using the static detection model based on register-based static stain analysis.Mainly the following part of the study:(1)The security mechanism of Android system and the more mature vulnerability detection technology are studied in detail.This paper briefly introduces the Linux permission mechanism,"sandbox" mechanism,Android privilege mechanism and application signature mechanism in Android system.And introduces the commonly used vulnerability detection technology from the aspects of stain propagation analysis technology,reachable path analysis technology,symbol execution technology and fuzzy detection technology.(2)In this paper,we introduces the acquisition of the source function list and the list of the sink function based on the detection technology of the stain analysis,and points out the shortcomings.Proposed the use of machine learning methods on the Android system API function classification.And introduces the feature analysis and extraction method of API function in detail,and proposes a machine learning classification algorithm based on probabilistic neural network,and improves the classification effect by Bagging integration method.(3)On the basis of learning machine source list and sink sending function list,a data leak detection model based on static stain analysis is implemented.Detecting possible application data leaks through Android application preprocessing,control flow graph generation,reflection function processing,and static taint analysis based on on-demand alias analysis.Improve the detection coverage of the vulnerability on the basis of effective static analysis to avoid the high false positive rate of stain problem.In this paper,a machine learning method based on integrated probabilistic neural network and a vulnerability detection model based on static stain propagation analysis are used.Machine learning and detection model are implemented using Java language,Soot open source tool and matlab software.The accuracy and recall of the effect and the coverage of the vulnerability detection model.