Android Application Vulnerability Detection System Based On Deep Learning

With the increase of Android Applications,there are more and more security vulnerabilities.Static detection,dynamic detection,taint analysis and machine learning are currently common methods of vulnerability analysis.However,in taint analysis,current research still has some shortcomings in the detection of communication between Android components and the analysis of implicit information flow.At the same time,in the method of using deep learning,there is no research on the extraction and classification of source code.To solve these problems,this thesis proposes an Android Application vulnerability detection model based on deep learning.First,the taint analysis method is used to detect the vulnerability data flow in Android(including the communication data flow between components),then the implicit information flow is detected,and finally a vulnerability detection model is proposed.The main work is as follows:1.A data flow identification scheme between Android components is proposed.We first extract an APK communication link between components through the IC3 tool,and then use code modification to convert the communication data flow between components into a form that FlowDroid can recognize to identify the data flow between components.2.A method to detect Android implicit information flow is proposed.We use information flow control analysis to generate system dependency graphs and program dependency graphs,on this basis,generate inter-process control flow graphs,and find out the implicit information flow from the graphs.3.An Android Application vulnerability detection model based on deep learning is proposed.On the basis of the first two steps,we use natural language processing technology to convert the extracted data stream code into word vectors,and input the neural network for training to obtain our Android Application vulnerability detection model.In addition to detecting communication vulnerabilities and implicit information flows between components that are ignored by other tools,this method also eliminates the feature engineering steps required by other machine learning methods.