Research on context-aware Android application vulnerability detection

Research on context-aware Android application vulnerability detection

The vulnerability detection model of Android application based on learning lacks semantic features.The extracted features contain noise data unrelated to vulnerabilities, which leads to the false positive of vulnerability detection model.A feature extraction method based on code information slice (C...

Full description

Saved in:
Bibliographic Details
Main Authors: Jiawei QIN, Hua ZHANG, Hanbing YAN, Nengqiang HE, Tengfei TU
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2021-11-01
Series:Tongxin xuebao
Subjects:
Android vulnerability detection
deep learning
CIS
semantic characteristics of vulnerabilities
Online Access:http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2021198/
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1841539229872553984
author Jiawei QIN
Hua ZHANG
Hanbing YAN
Nengqiang HE
Tengfei TU
author_facet Jiawei QIN
Hua ZHANG
Hanbing YAN
Nengqiang HE
Tengfei TU
author_sort Jiawei QIN
collection DOAJ
description The vulnerability detection model of Android application based on learning lacks semantic features.The extracted features contain noise data unrelated to vulnerabilities, which leads to the false positive of vulnerability detection model.A feature extraction method based on code information slice (CIS) was proposed.Compared with the abstract syntax tree (AST) feature method, the proposed method could extract the variable information directly related to vulnerabilities more accurately and avoid containing too much noise data.It contained semantic information of vulnerabilities.Based on CIS and BI-LSTM with attention mechanism, a context-aware Android application vulnerability detection model VulDGArcher was proposed.For the problem that the Android vulnerability data set was not easy to obtain, a data set containing 41 812 code fragments including the implicit Intent security vulnerability and the bypass PendingIntent permission audit vulnerability was built.There were 16 218 code fragments of vulnerability.On this data set, VulDGArcher’s detection accuracy can reach 96%, which is higher than the deep learning vulnerability detection model based on AST features and APP source code features.
format Article
id doaj-art-c2e81252eff742c4b67d792033994fa4
institution Kabale University
issn 1000-436X
language zho
publishDate 2021-11-01
publisher Editorial Department of Journal on Communications
record_format Article
series Tongxin xuebao
spelling doaj-art-c2e81252eff742c4b67d792033994fa42025-01-14T07:23:03ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2021-11-0142132759745803Research on context-aware Android application vulnerability detectionJiawei QINHua ZHANGHanbing YANNengqiang HETengfei TUThe vulnerability detection model of Android application based on learning lacks semantic features.The extracted features contain noise data unrelated to vulnerabilities, which leads to the false positive of vulnerability detection model.A feature extraction method based on code information slice (CIS) was proposed.Compared with the abstract syntax tree (AST) feature method, the proposed method could extract the variable information directly related to vulnerabilities more accurately and avoid containing too much noise data.It contained semantic information of vulnerabilities.Based on CIS and BI-LSTM with attention mechanism, a context-aware Android application vulnerability detection model VulDGArcher was proposed.For the problem that the Android vulnerability data set was not easy to obtain, a data set containing 41 812 code fragments including the implicit Intent security vulnerability and the bypass PendingIntent permission audit vulnerability was built.There were 16 218 code fragments of vulnerability.On this data set, VulDGArcher’s detection accuracy can reach 96%, which is higher than the deep learning vulnerability detection model based on AST features and APP source code features.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2021198/Android vulnerability detectiondeep learningCISsemantic characteristics of vulnerabilities
spellingShingle Jiawei QIN
Hua ZHANG
Hanbing YAN
Nengqiang HE
Tengfei TU
Research on context-aware Android application vulnerability detection
Tongxin xuebao
Android vulnerability detection
deep learning
CIS
semantic characteristics of vulnerabilities
title Research on context-aware Android application vulnerability detection
title_full Research on context-aware Android application vulnerability detection
title_fullStr Research on context-aware Android application vulnerability detection
title_full_unstemmed Research on context-aware Android application vulnerability detection
title_short Research on context-aware Android application vulnerability detection
title_sort research on context aware android application vulnerability detection
topic Android vulnerability detection
deep learning
CIS
semantic characteristics of vulnerabilities
url http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2021198/
work_keys_str_mv AT jiaweiqin researchoncontextawareandroidapplicationvulnerabilitydetection
AT huazhang researchoncontextawareandroidapplicationvulnerabilitydetection
AT hanbingyan researchoncontextawareandroidapplicationvulnerabilitydetection
AT nengqianghe researchoncontextawareandroidapplicationvulnerabilitydetection
AT tengfeitu researchoncontextawareandroidapplicationvulnerabilitydetection

Similar Items