| Nowadays,the popularity of smart phones has led to the development of mobile application software,making it a part of our daily life.The diversity of mobile applications enables them to provide great convenience for every aspect of users'lives.As an operating system based on Linux,Android system has occupied the vast majority of the market share for many years,and has become the dominant force in the field of mobile operating system.However,Android applications are facing security threats from vulnerabilities.Common privilege escalation vulnerabilities enable an attacker to obtain sensitive information or perform dangerous operations without the user's knowledge,which puts the user's privacy and data security at risk at all times.Based on this background,this paper has done relevant research,the contents and results are as follows:(1)The common privilege escalation vulnerabilities in Android applications are studied,the vulnerability principle and attack scenarios are analyzed,and the vulnerability formation factor expression(EMPC)is summarized.Based on this expression,the features with high correlation with the cause of vulnerabilities are selected for subsequent model training from basic features of Android application.(2)According to the above selected features,this paper proposes an Android application privilege escalation vulnerability detection scheme based on machine learning.According to the characteristics of the selected samples and the collected samples,the corresponding preprocessing strategies are formulated in the scheme.Because of the high dimensionality of the initial selected features based on expression,the work done in the feature preprocessing in this paper includes dimensionality reduction and so on.Because the number of samples collected is not balanced,in the training stage,this paper adopts two ideas:one is to train the binary classifier to predict vulnerability samples and benign samples;the other is to train the one-class classification model to complete the anomaly detection of vulnerability samples.In the process of training the binary classifier,we balance the samples,including the random down-sampling of benign samples and the generation of vulnerability samples.The paper proposes a method of calculating the importance of samples based on the feature importance in random forests,and a method of SMOTE samples generating based on these important samples.Then we use the idea of ensemble learning to merge the base classifier.The experimental results show that the detection framework designed and implemented in this paper can effectively detect vulnerability components in Android applications. |
PDF Full Text Request