Journal on Communications ›› 2021, Vol. 42 ›› Issue (11): 13-27.doi: 10.11959/j.issn.1000-436x.2021198
• Topics: New Technology of Computer Communication and Network System Security • Previous Articles Next Articles
Jiawei QIN1,2, Hua ZHANG1, Hanbing YAN2, Nengqiang HE2, Tengfei TU1
Revised:
2021-09-27
Online:
2021-11-25
Published:
2021-11-01
Supported by:
CLC Number:
Jiawei QIN, Hua ZHANG, Hanbing YAN, Nengqiang HE, Tengfei TU. Research on context-aware Android application vulnerability detection[J]. Journal on Communications, 2021, 42(11): 13-27.
"
方法名 | 描述 |
onCreate (Bundle savedInstanceState) | 初始化activity 组件 |
onClick (View v) | 用户点击操作调用 |
onStart () | 当用户将activity 隐藏到后台调用 |
onCreate () | 初始化service 组件 |
onStart (Intent intent) | 开启service 组件调用 |
onBind (Intent intent) | 开始连接service 组件 |
onUnbind (Intent intent) | 停止与service 组件连接 |
onRebind (Intent intent) | 绑定服务时调用 |
onReceive (Context curContext, Intent broadcastMsg) | 当接收来自其他APP的广播时调用 |
[1] | CHOWDHURY I , ZULKERNINE M . Using complexity,coupling,and cohesion metrics as early indicators of vulnerabilities[J]. Journal of Systems Architecture, 2011,57(3): 294-313. |
[2] | YAMAGUCHI F , WRESSNEGGER C , GASCON H ,et al. Chucky:exposing missing checks in source code for vulnerability discovery[C]// Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. New York:ACM Press, 2013: 499-510. |
[3] | 赵尚儒, 李学俊, 方越 ,等. 安全漏洞自动利用综述[J]. 计算机研究与发展, 2019,56(10): 73-87. |
ZHANG S R , LI X J , FANG Y et al . An overview of automatic exploitation of security vulnerabilities[J]. Computer Research and Development, 2019,56(10): 73-87. | |
[4] | GRO S , TIWARI A , HAMMER C . PIAnalyzer:a precise approach for PendingIntent vulnerability analysis[C]// Computer Security. Berlin:Springer, 2018: 41-59. |
[5] | 过辰楷, 许静, 司冠南 ,等. 面向移动应用软件信息泄露的模型检测研究[J]. 计算机学报, 2016,39(11): 2324-2343. |
GUO C K , XU J , SI G N ,et al. Model checking for software information leakage in mobile application[J]. Chinese Journal of Computers, 2016,39(11): 2324-2343. | |
[6] | WEI F G , ROY S , OU X M ,et al. Amandroid:a precise and general inter-component data flow analysis framework for security vetting of Android apps[C]// Proceedings of the ACM Conference on Computer and Communications Security. New York:ACM Press, 2014: 1329-1341. |
[7] | KLIEBER W , FLYNN L , BHOSALE A ,et al. Android taint flow analysis for app sets[C]// Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis. New York:ACM Press, 2014: 1-6. |
[8] | BAGHERI H , SADEGHI A , GARCIA J ,et al. COVERT:compositional analysis of android inter-app permission leakage[J]. IEEE Transactions on Software Engineering, 2015,41(9): 866-886. |
[9] | LI L , BARTEL A , BISSYANDé T F ,et al. IccTA:detecting inter-component privacy leaks in android apps[C]// Proceedings of 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering. Piscataway:IEEE Press, 2015: 280-291. |
[10] | OCTEAU D , MCDANIEL P , JHA S ,et al. Effective inter-component communication mapping in Android with Epicc:an essential step towards holistic security analysis[C]// Proceedings of the 22nd USENIX Conference on Security. Berkeley:USENIX Association, 2013: 543-558. |
[11] | OCTEAU D , LUCHAUP D , DERING M ,et al. Composite constant propagation:application to android inter-component communication analysis[C]// Proceedings of 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering. Piscataway:IEEE Press, 2015: 77-88. |
[12] | LEE Y K , BANG J Y , SAFI G ,et al. A SEALANT for inter-app security holes in android[C]// Proceedings of 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE). Piscataway:IEEE Press, 2017: 312-323. |
[13] | 王持恒, 陈晶, 苏涵 ,等. 基于宿主权限的移动广告漏洞攻击技术[J]. 软件学报, 2018,29(5): 1392-1409. |
WANG C H , CHEN J , SU H ,et al. Mobile advertising loophole attack technology based on host APP’s permissions[J]. Journal of Software, 2018,29(5): 1392-1409. | |
[14] | DAM H K , TRAN T , PHAM T ,et al. Automatic feature learning for predicting vulnerable software components[J]. IEEE Transactions on Software Engineering, 2021,47(1): 67-85. |
[15] | ZOU D Q , WANG S J , XU S H ,et al. $\mu$μVulDeePecker:a deep learning-based system for multiclass vulnerability detection[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(5): 2224-2236. |
[16] | PERL H , DECHAND S , SMITH M ,et al. VCCFinder:finding potential vulnerabilities in open-source projects to assist code audits[C]// Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2015: 426-437. |
[17] | SCANDARIATO R , WALDEN J , HOVSEPYAN A ,et al. Predicting vulnerable software components via text mining[J]. IEEE Transactions on Software Engineering, 2014,40(10): 993-1006. |
[18] | BAN X B , LIU S G , CHEN C ,et al. A performance evaluation of deep-learnt features for software vulnerability detection[J]. Concurrency and Computation:Practice and Experience, 2019,31(19): e5103. |
[19] | LIN G J , ZHANG J , LUO W ,et al. Cross-project transfer representation learning for vulnerable function discovery[J]. IEEE Transactions on Industrial Informatics, 2018,14(7): 3289-3297. |
[20] | WU F , WANG J G , LIU J Q ,et al. Vulnerability detection with deep learning[C]// Proceedings of 2017 3rd IEEE International Conference on Computer and Communications. Piscataway:IEEE Press, 2017: 1298-1302. |
[21] | HOVSEPYAN A , SCANDARIATO R , JOOSEN W ,et al. Software vulnerability prediction using text analysis techniques[C]// Proceedings of the 4th International Workshop on Security Measurements and Metrics.[S.l.:s.n.], 2012: 7-10. |
[22] | MA S Q , THUNG F , LO D ,et al. VuRLE:automatic vulnerability detection and repair by learning from examples[C]// Computer Security– ESORICS 2017. Berlin:Springer, 2017: 229-246. |
[23] | 乐洪舟, 张玉清 . 网络直播平台主播地理位置泄露漏洞的分析与利用[J]. 计算机学报, 2019,42(5): 1095-1111. |
YUE H Z , ZHANG Y Q . Vulnerability analysis and exploitation of location privacy leakage in webcasting platforms[J]. Chinese Journal of Computers, 2019,42(5): 1095-1111. | |
[24] | AVERSANO L , CERULO L , DEL GROSSO C . Learning from bug-introducing changes to prevent fault prone code[C]// Proceedings of Ninth International Workshop on Principles of Software Evolution in Conjunction with the 6th ESEC/FSE Joint Meeting.[S.l.:s.n.], 2007: 19-26. |
[25] | GARG S , BALIYAN N . A novel parallel classifier scheme for vulnerability detection in Android[J]. Computers & Electrical Engineering, 2019,77: 12-26. |
[26] | CURTSINGER C , LIVSHITS B , ZORN B ,et al. ZOZZLE:fast and precise in-browser JavaScript malware detection[C]// Proceedings of the 20th USENIX Conference on Security. Berkeley:USENIX Association, 2011:3. |
[27] | RIECK K , KRUEGER T , DEWALD A . Cujo:efficient detection and prevention of drive-by-download attacks[C]// Proceedings of Proceedings of the 26th Annual Computer Security Applications Conference. New York:ACM Press, 2010: 31-39. |
[28] | FASS A , KRAWCZYK R P , BACKES M ,et al. JaSt:fully syntactic detection of malicious (obfuscated) JavaScript[C]// Detection of Intrusions and Malware,and Vulnerability Assessment. Berlin:Springer, 2018: 303-325. |
[29] | GENCER K , BA??IFT?I F , . Time series forecast modeling of vulnerabilities in the android operating system using ARIMA and deep learning methods[J]. Sustainable Computing:Informatics and Systems, 2021,30: 100515. |
[30] | GRUSKA N , WASYLKOWSKI A , ZELLER A . Learning from 6,000 projects:lightweight cross-project anomaly detection[C]// Proceedings of the 19th International Symposium on Software Testing and Analysis. New York:ACM Press, 2010: 119-130. |
[1] | Li WANG, Aiguo FEI, Ping ZHANG, Lianming XU. Research on new frameworks and key technologies for intelligent emergency command communication networks [J]. Journal on Communications, 2023, 44(6): 1-11. |
[2] | Dongyu CHEN, Hua CHEN, Limin FAN, Yifang FU, Jian WANG. Research on test strategy for randomness based on deep learning [J]. Journal on Communications, 2023, 44(6): 23-33. |
[3] | Rongpeng LI, Bingyan WANG, Honggang ZHANG, Zhifeng ZHAO. Design of knowledge enhanced semantic communication receiver [J]. Journal on Communications, 2023, 44(6): 70-76. |
[4] | Shuai MA, Ke PEI, Huayan QI, Hang LI, Wen CAO, Hongmei WANG, Hailiang XIONG, Shiyin LI. Research on geomagnetic indoor high-precision positioning algorithm based on generative model [J]. Journal on Communications, 2023, 44(6): 211-222. |
[5] | Jie YANG, Biao DONG, Xue FU, Yu WANG, Guan GUI. Lightweight decentralized learning-based automatic modulation classification method [J]. Journal on Communications, 2022, 43(7): 134-142. |
[6] | Jianxin LIAO, Xiaoyuan FU, Qi QI, Jingyu WANG, Haifeng SUN. 6G-ADM: knowledge based 6G network management and control architecture [J]. Journal on Communications, 2022, 43(6): 3-15. |
[7] | Xiuzhang YANG, Guojun PENG, Zichuan LI, Yangqi LYU, Side LIU, Chenguang LI. Research on entity recognition and alignment of APT attack based on Bert and BiLSTM-CRF [J]. Journal on Communications, 2022, 43(6): 58-70. |
[8] | Peiliang ZUO, Shaolong HOU, Chao GUO, Hua JIANG, Wenbo WANG. Security decision method for the edge of multi-layer satellite network based on reinforcement learning [J]. Journal on Communications, 2022, 43(6): 189-199. |
[9] | Sifeng ZHU, Jianghao CAI, Zhengyi CHAI, Enlin SUN. Multi-objective optimal offloading decision for cloud-edge collaborative computing scenario in Internet of vehicles [J]. Journal on Communications, 2022, 43(6): 223-234. |
[10] | Yong LIAO, Shiyi WANG. CSI feedback algorithm based on RM-Net for massive MIMO systems in high-speed mobile environment [J]. Journal on Communications, 2022, 43(5): 166-176. |
[11] | Yurong LIAO, Haining WANG, Cunbao LIN, Yang LI, Yuqiang FANG, Shuyan NI. Research progress of deep learning-based object detection of optical remote sensing image [J]. Journal on Communications, 2022, 43(5): 190-203. |
[12] | Zenghua ZHAO, Yuefan TONG, Jiayang CUI. Device-independent Wi-Fi fingerprinting indoor localization model based on domain adaptation [J]. Journal on Communications, 2022, 43(4): 143-153. |
[13] | Yong LIAO, Gang CHENG, Yujie LI. CSI feedback algorithm based on deep unfolding for massive MIMO systems [J]. Journal on Communications, 2022, 43(12): 77-88. |
[14] | Xueyuan DUAN, Yu FU, Kun WANG, Bin LI. LDoS attack detection method based on simple statistical features [J]. Journal on Communications, 2022, 43(11): 53-64. |
[15] | Junyan HUO, Ruipeng QIU, Yanzhuo MA, Fuzheng YANG. Reference frame list optimization algorithm in video coding by quality enhancement of the nearest picture [J]. Journal on Communications, 2022, 43(11): 136-147. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|