Research On Third Party Class Library Vulnerability Mining Based On Android

With the rapid development of the mobile Internet and the continuous updating of the Android operating system,applications running on the Android system are becoming more and more complex,which makes it necessary for developers to use Android-based third-party libraries to quickly build applications.At the same time,the rapid growth of third-party libraries and their extensive use by developers to build applications resulted in a variety of security vulnerabilities,posing a serious security risk to our application.Based on the study of the security mechanism of Android system,the security issues of third-party libraries,and the multiple vulnerability mining technologies,this paper proposes a special vulnerability mining method for Android third-party libraries.The main work of this paper is as follows:(1)Analyze the security architecture of Android system at different levels,and analyze the security issues and research status of each layer.Then,the third party library of Android and its security issues are thoroughly studied and elaborated,and the current research status and the next research direction are analyzed.At last,this paper briefly introduces current mainstream vulnerability mining technology,and focuses on the Fuzzing test technology used in this paper.(2)In order to realize the detection of the third-party library used by the application,this paper selects the source of the third-party library,and then runs the hash algorithm,the result is stored in the feature library as the characteristic value,and finally the feature matching method is used to detect which third-party libraries are used for the given Android application.Finally,the experimental analysis shows that the method can effectively detect the third-party library in the app.(3)Based on the detailed study of the features of Android third-party library and vulnerability mining technology,this paper proposes a Fuzzing vulnerability detection technology based on genetic algorithm.On the basis of the traditional Fuzzing test,the third party library is classified firstly,and the common features and the functions with highest coverage of each type of third-party library are summarized.Then the genetic algorithm is improved,and the test case is optimized by using the genetic algorithm,which improves the efficiency of the test case.Finally,on the basis of satisfying the efficiency,in order to make the program appear abnormal faster,a new idea of further optimization of test cases by using known vulnerability types and function features is proposed,with a view to discovering vulnerabilities more quickly.