| Android has consistently topped the mobile operating system market over 85% occupancy in recent years.Meanwhile,the emerging vulnerabilities in Android draw in a lot of security researchers.Different from the vulnerability of Android apps,the vulnerability in Android binary files such as executable program or system library is more aggressive and can affect different version of Android system and devices.Therefore,research on the vulnerability discovery of the Android is of great significance for protecting users' privacy data and property security.Fuzzing technique is the most popular vulnerability mining technology for the Android platform,but the current works utilize the random mutations to generate testcases to fuzz Android apps and the ioctl system call.Therefore,to address the weaknesses of traditional fuzzing technique,we study the vulnerability discovery method based on the fuzzing technology for the Android platform system libraries,executable programs and other binary files,and proposes a testcase generation techniques which is based on deep learning and genetic algorithm.Our innovation points and major work are as follows.1.We improve the existing fuzzing technology based on genetic algorithm and defines a concept of the validity degree of a testcase to identify the number of a testcase to execute new path.Through the analysis of the coverage information obtained by the instrumentation technology,the validity of a testcase is determined and it is used as the fitness value in the genetic algorithm.The testcase which has the highest degree of fitness and is easier to find a new path is selected preferentially.The specific mutation generation operation makes the coverage rate in the fuzzing continuously improve.2.We propose a testcase generation method based on deep learning.We construct a testcase generation model utilizing LSTM as a basic unit,then designs and implements a testcase generation module based on deep learning technology.In the process of generating testcases using the model,a random-algorithm is used to generate testcases with a basically correct format to increase the initial coverage of Fuzzing.3.Since the dynamic instrumentation technology on Andorid has a heavy influence on the execution efficiency,we utilize the LLVM(Low Level Virtual Machine)and Clang source code instrumentation technology to achieve fuzzing based on the open source of Android and system compilation environment.The acquisition of coverage information during the execution process avoids the compilation of assembly code and the time consumed during program execution.4.Based on deep learning technology,instrumentation technology,genetic algorithms and Android system specific tombstone mechanism,we design and implement a vulnerability discovery prototype tool Andro Fuzz utilizing fuzzing technology for Android platform binary files.5.We conduct experiments on multiple Android system versions of devices or emulators,and then analyzed the security problems discovered by Andro Fuzz.The experimental results show that the testcase generation scheme based on deep learning technology can effectively improve the initial coverage of fuzzing.Andro Fuzz can effectively find vulnerabilities in Android binary file,including two undiscovered vulnerabilities,and four vulnerabilities have been found,which prove the feasibility and effectiveness. |
PDF Full Text Request