基于静态分析的Android应用事件输入生成方法

doi:10.11959/j.issn.2096-109x.2017.00169

Abstract

Abstract:

A static-analysis-based event input generation approach for Android applications was proposed.Based on the inter-component call graph and the system dependence graph of single component,the event inputs that security-related callbacks depend on were extracted.Furthermore,an event input algorithm was designed to automatically generate event inputs according to Android application runtime.The experimental results show that the proposed method can achieve higher coverage of permission methods and basic components,which can cover more security-related execution paths and help to collect more security-related runtime behaviors during the process of dynamic analysis.

Key words: Android, event input, dynamic analysis, system dependence graph

CLC Number:

TP393

Yi-lin YE,Zhen-ji ZHOU,Zheng HONG,Hui-ying YAN,Li-fa WU. Static-analysis-based event input generation approach for Android application[J]. Chinese Journal of Network and Information Security, 2017, 3(6): 21-32.

Figures/Tables 9

References 24

[1]	XIA M , GONG L , LYU Y ,et al. Effective real-time android application auditing[C]// IEEE Symposium on Security and Privacy. 2015: 899-914.
[2]	BIANCHI A , FRATANTONIO Y , KRUEGEL C ,et al. NJAS:sandboxing unmodified applications in non-rooted devices running stock Android[C]// ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices. 2015: 27-38.
[3]	BACKES M , BUGIEL S , HAMMER C ,et al. Boxify:full-fledged app sandboxing for stock android[C]// Usenix Conference on Security Symposium. 2015: 691-706.
[4]	AFONSO V M , AMORIM M F D , GRéGIO A R A ,et al. Identifying Android malware using dynamically obtained features[J]. Journal of Computer Virology and Hacking Techniques, 2015,11(1): 9-17.
[5]	QIU L , ZHANG Z , SHEN Z ,et al. AppTrace:dynamic trace on Android devices[C]// IEEE International Conference on Communications. 2015: 7145-7150.
[6]	Monkey[EB/OL]. .
[7]	MonkeyRunner[EB/OL]. .
[8]	李必信, 李宣东, 郑国梁 . 一种系统依赖图的面向对象扩充方案[J]. 软件学报, 2001,12(2): 241-248.
	LI B X , LI X D , ZHENG G L . An object-oriented extension ap-proach for system dependent graph[J]. Journal of Software, 2001,12(2): 241-248.
[9]	杜林, 江海燕 . 计算面向对象程序切片技术研究[J]. 山东大学学报(工学版), 2008,38(6): 41-47.
	DU L , JIANG H Y . Research on slicing technology of object oriented program[J]. Journal of Shandong University(Engineering Science), 2008,38(6): 41-47.
[10]	AU K W Y , ZHOU Y F , HUANG Z ,et al. PScout:analyzing the Android permission specification[C]// The ACM Conference on Computer and Communications Security. 2012: 217-228.
[11]	MOURA L D , BJORNER N . Z3:an efficient SMT solver[J]. Lecture Notes in Computer Science, 2008,4963: 337-340.
[12]	Apktool[EB/OL]. .
[13]	Androguard[EB/OL]. .
[14]	CHOI S , BIJOU M , SUN K ,et al. API tracing tool for Android-based mobile devices[J]. International Journal of Information and Education Technology, 2015,5(6): 460-465.
[15]	MACHIRY A , TAHILIANI R , NAIK M . Dynodroid:an input generation system for Android apps[C]// Joint Meeting on Foundations of Software Engineering. 2013: 422-434.
[16]	HU C , NEAMTIU I . Automating GUI testing for Android applications[C]// The International Workshop on Automation of Software Test. 2011: 77-83.
[17]	AMALFITANO D , FASOLINO A R , TRAMONTANA P ,et al. Using GUI ripping for automated testing of Android applications[C]// The 27th IEEE/ACM International Conference on Automated Software Engineering,IEEE Computer Society. 2012: 258-261.
[18]	YANG W , PRASAD M R , XIE T . A grey-box approach for automated GUI-model generation of mobile applications[C]// The International Conference on Fundamental Approaches To Software Engineering. 2013: 250-265.
[19]	Robotium[EB/OL]. .
[20]	CHOI W , NECULA G , SEN K . Guided GUI testing of Android Apps with minimal restart and approximate learning[J]. ACM Sigplan Notices, 2013,48(10): 623-640.
[21]	AZIM T , NEAMTIU I . Targeted and depth-first exploration for systematic testing of Android Apps[J]. ACM Sigplan Notices, 2013,48(10): 641-660.
[22]	RASTOGI V , CHEN Y , ENCK W . Appsplayground:automatic security analysis of smartphone applications[C]// ACM Conference on Data and Application Security and Privacy. 2013: 209-220.
[23]	VEEN V V D . Dynamic analysis of Android malware[J]. Internet ＆Web Technology Master thesis,VU University Amsterdam, 2013.
[24]	LINDORFER M , NEUGSCHWANDTNER M , WEICHSELBAUM L ,et al. ANDRUBIS- -1,000,000 apps later:a view on current Android malware behaviors[C]// The 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security,IEEE Computer Society. 2014: 3-17.

Metrics

Recommended 0

No Suggested Reading articles found!

方法	描述
startActivity	启动一个Activity，由参数Intent指定
startActivityForResult	启动一个Activity，由参数Intent指定。新Activity结束后，返回
sendBroadcast	发送一个广播，广播接收者由Intent内封装的数据指定
sendOrderBroadcast	发送一个按序事件广播，具有权限的接收者按优先级高低接收广播
sendStickyBroadcast	发送一个留存广播，接收者处于活跃状态时，便能接收到广播
startService	启动一个服务，服务对象由Intent指定
bindService	绑定一个服务，服务对象由Intent指定

回调方法	注册方式
	匿名内部类实现
UI事件回调方法	内部类实现
	接口实现
	属性方法
	系统事件监听器
系统事件回调方法	系统事件广播接收者
	系统内容提供者回调方法

事件监听器	注册方式	回调方法	事件类型
OnAttachStateChangeListener	setOnAttachStateChangeListener	onAttachStateChange	关联状态改变事件
OnClickListener	setOnclickListener	onClick	单击事件
OnCreateContextMenuListener	setOnCreateContextMenuListener	onCreateContextMenu	菜单创建事件
OnDragListner	setOnDragListener	startDrag	拖拽事件
OnFocusChangeListener	setOnFocusChangeListener	onFocusChange	焦点改变
OnGenericMotionListener	setOnGenericMotionListener	onGenericMotionEvent	普通移动事件
OnHoverListener	setOnHoverListener	onHover	悬停事件
OnKeyListener	setOnKeyListener	onKey	键盘事件
OnLayoutChangeListener	setOnLayoutChangeListener	onLayoutChange	布局改变
OnLongClickListner	setOnLongClickListener	onLongClick	长按事件
OnTouchListner	setOnTouchListener	onTouch	触摸事件

参数	说明
--ignore-security-exceptions	忽略安全异常
-s SEED	随机种子，与事件序列秩序相关
--throttle	事件间隔时间

实验测试工具	整体方法覆盖率			权限方法覆盖率			组件覆盖率
实验测试工具	180 s	240 s	300 s	180 s	240 s	300 s	180 s	240 s	300 s
Monkey	19.54%	27.12%	32.30%	10.09%	15.67%	19.37%	29.91%	35.63%	40.33%
MonkeyRunner	22.76%	29.58%	34.29%	16.72%	23.61%	28.92%	31.62%	42.56%	48.15%
本文方法	17.23%	24.75%	30.66%	50.13%	61.56%	71.22%	49.24%	60.87%	67.36%

Static-analysis-based event input generation approach for Android application

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 24

Related Articles 15

Metrics

Recommended 0

相关工作	普通应用代码覆盖率	恶意应用代码覆盖率	整体代码覆盖率
Andrubis	27.74%	27.80%	—
AppsplayGround	—	—	33%
Tracedroid	38.49%	27.61%	—
本文方法	30.66%	32.52%	—

[1]	Zhanhui YUAN, Zhi YANG, Hongqi ZHANG, Shuyuan JIN, Xuehui DU. Android complex information flow analysis method based on communicating sequential process [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 156-168.
[2]	Fan CHAO, Zhi YANG, Xuehui DU, Bing HAN. Classified risk assessment method of Android application based on multi-factor clustering selection [J]. Chinese Journal of Network and Information Security, 2021, 7(2): 161-173.
[3]	Xin ZHANG,Weizhong QIANG,Yueming WU,Deqing ZOU,Hai JIN. Mining behavior pattern of mobile malware with convolutional neural network [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 35-44.
[4]	Fan CHAO,Zhi YANG,Xuehui DU,Yan SUN. Android malware detection method based on deep neural network [J]. Chinese Journal of Network and Information Security, 2020, 6(5): 67-79.
[5]	Ning FANG,Weibing CAO,Donghe NI,Guandong DI. Accelerating cryptographic computation with parallel computing mechanisms in Android platform [J]. Chinese Journal of Network and Information Security, 2019, 5(1): 50-55.
[6]	Da XIAO,Bohan LIU,Baojiang CUI,Xiaochen WANG,Suoxing ZHANG. Malware prediction technique based on program gene [J]. Chinese Journal of Network and Information Security, 2018, 4(8): 21-30.
[7]	Futian SHI,Jian MAO,Jianwei LIU. Review of side-channel privacy inference of Android mobile devices [J]. Chinese Journal of Network and Information Security, 2018, 4(4): 12-21.
[8]	Xiaoyan ZHU,Hui ZHANG,Jianfeng MA. Privacy protection system based on Hook for Android [J]. Chinese Journal of Network and Information Security, 2018, 4(4): 38-47.
[9]	Jieming GU,Bowen SUN,Peng WU,Qi LI,Yanhui GUO. Anti-obfuscation Android application similarity detection method based on API call [J]. Chinese Journal of Network and Information Security, 2018, 4(1): 63-68.
[10]	Dong ZHANG,Yao ZHANG,Gang LIU,Gui-xiang SONG. Research on host malcode detection using machine learning [J]. Chinese Journal of Network and Information Security, 2017, 3(7): 25-32.
[11]	Hui-ying YAN,Zhen-ji ZHOU,Li-fa WU,Zheng HONG,He SUN. Symbolic execution based control flow graph extraction method for Android native codes [J]. Chinese Journal of Network and Information Security, 2017, 3(7): 33-46.
[12]	Ya-wei WANG,Chang-gen PENG,Hong-fa DING,Kai ZHOU. Identity authentication scheme of Android client based on identifiers [J]. Chinese Journal of Network and Information Security, 2017, 3(4): 32-38.
[13]	Xiao-min ZHANG,Jing LUI,Jun-xi ZHUANG,Ying-xu LAI. Research on Android malware detection based on permission and behavior [J]. Chinese Journal of Network and Information Security, 2017, 3(3): 51-57.
[14]	Yi-min YANG,Tie-ming CHEN. Android malware family classification method based on the image of bytecodeConstruction of MDS matrices [J]. Chinese Journal of Network and Information Security, 2016, 2(6): 38-43.
[15]	Yue-xiu XING,Ai-qun HU,Yong-jian WANG,Ran ZHAO. Research on multi-dimensional iOS privacy disclosure evaluation model [J]. Chinese Journal of Network and Information Security, 2016, 2(4): 73-79.

实验测试工具	整体方法覆盖率			权限方法覆盖率			组件覆盖率
实验测试工具	180 s	240 s	300 s	180 s	240 s	300 s	180 s	240 s	300 s
Monkey	20.68%	29.35%	33.12%	12.61%	17.53%	20.95%	31.27%	37.83%	42.19%
MonkeyRunner	24.56%	30.96%	36.18%	19.24%	26.37%	30.41%	34.29%	45.22%	50.71%
本文方法	18.97%	26.41%	32.52%	52.13%	63.56%	75.16%	53.24%	63.09%	70.67%