Research On Dynamic Features Analysis Method In Android Privacy Information Leak Detection

The Android device has a large amount of important privacy information of the user.Therefore,it has become the target of many malicious Android application attacks.These applications frequently leak private information without the user's awareness and pose a great threat to the security of the mobile phone.In the detection of private information leakage,the taint analysis is usually based on the data flow.However,the dynamic features in the code pose great challenges because the dynamic features form breakpoints in the data flow and hinder the taint propagation analysis.In order to make up for data flow breakpoints,breakpoint information is usually acquired by dynamic tests to make up for dynamic breakpoints in dataflow analysis.However,currently most of the research methods adopt dynamic random test,and there is no in-depth analysis of the trigger factors of dynamic features.The coverage is incomplete,which leads to the omission of dynamic characteristic information and makes the analysis of private information leakage incomplete.Therefore,in this thesis,we studied the dynamic features analysis method in the privacy information leakage detection.Dynamic testing is guided by static analysis.We mined dynamic feature information,ensured path sensitivity and context sensitivity,and improved the coverage and accuracy of private information leakage analysis.The research work of this thesis is as follows:(1)We analyzed and summarized the analysis methods for dynamic features in private information leakage detection.Random test is difficult to trigger the call of dynamic features,the trigger of dynamic features depends on the specific call path and parameter constraints,different paths and different parameter input can trigger different dynamic features.Therefore,the key point of dynamic features analysis is to accurately distinguish different paths and perform parameter analysis on each path.(2)We proposed a scheme for acquiring dynamic features information in Android privacy information leakage detection.Firstly,we analyzed the characteristics of dynamic features used in the code,used program call graphs to extract the call subgraphs related to dynamic features in reverse,reduced unnecessary code analysis,and limit the analysis to a smaller program code.Secondly,according to the different definition-use relationship of the target parameters,we divided the call sub-graphs into dynamic feature call paths,analyzed the slices of each call path,and extracted the parameter constraints of the call path.Finally,we used the dynamic feature call path and the extracted parameter constraints to generate test cases,input the test cases into the system to guide the dynamic test to obtain the dynamic feature information.(3)According to the proposed scheme,we implemented a prototype system DFanalysis of privacy information leakage detection.We tested and analyzed the triggering rate of dynamic features,dynamic feature triggering efficiency,privacy leak detection capability,and program applicability through experiments,and verified the effectiveness of the solution.