Research Of Android Third-party SDK Vulnerability Detection Technology Based On Machine Learning

With the rapid development of the Android application market,Android third-party SDKs are more widely used,a large number of applications use third-party SDKs to improve development efficiency.The third-party SDK has implemented a variety of functions and provides them for applications through simple interfaces.This provides great convenience for the development of applications,but it also puts forward high requirements for the security of third-party SDKs.However,in practice,third-party SDKs usually represent the interests of their developers,and there is no uniform development specification and security management,so they tend to have various kinds of potential security issues,which will affect the security of a large number of Android applications.It can be seen that the research on Android third-party SDK vulnerability detection technology is of great significance.This paper designs and implements an Android third-party SDK vulnerability detection system based on machine learning,aiming at detecting two common vulnerabilities in Android third-party SDK.The specific research contents and results of this paper are as follows:1,By deeply studying the security of Android third-party SDK,we summarized two kinds of frequent vulnerabilities.Then,by studying the generation principle,code characteristics and attack methods of these two vulnerabilities,we summarized the necessary conditions for the formation of vulnerabilities,and selected the feature set which is highly relevant to vulnerabilities.2,Through the comprehensive analysis of Android third-party SDKs,we summarized the security-related features of SDK and classified them.Then we designed a reasonable feature storage strategy to implement the normalized storage of feature data.Finally,the SDK basic feature library for vulnerability detection is established.3,The machine learning and deep learning vulnerability detection models of SDKs are trained.Firstly,according to the research of feature processing technology,we developed the methods of feature quantization,feature selection and feature transformation,and formed the standard feature data suitable for machine learning model input.Then,we built a variety of classification models,and completed the optimization and combination of the models in the training process.Finally,the optimal detection model for each type of vulnerabilities is formed,and a vulnerability detection system is implemented.