技术领域technical field
本发明涉及信息安全领域,具体涉及一种电力移动应用软件漏洞的检测方法及系统。The invention relates to the field of information security, in particular to a method and system for detecting loopholes in power mobile application software.
背景技术Background technique
目前,经研究发现一类漏洞:本地拒绝服务漏洞不仅可以导致安全防护等应用的防护功能被绕过或失效,例如:杀毒应用、安全卫士、防盗锁屏等,而且也可被竞争方应用利用来攻击,使得电力移动应用崩溃,造成不同程度的经济利益损失。At present, a class of vulnerabilities has been found through research: local denial of service vulnerabilities can not only cause the protection functions of applications such as security protection to be bypassed or fail, such as: antivirus applications, security guards, anti-theft lock screens, etc., but can also be exploited by competing applications Attacks will cause power mobile applications to collapse, causing varying degrees of economic loss.
但现有的静态检测方法一般都有局限性,很难获取目标站点的源码。在自动化的静态检测方法中很难完全获知源码的执行逻辑,这将导致该检测方法存在较高的误报率和漏报率。除此之外可扩展性相对较差,而且随着漏洞数据库规模的与日俱增,致使测试的漏报率和误报率相对较高。静态检测方法是针对的是程序代码的具体特性,对程序功能的测试相对欠缺。However, the existing static detection methods generally have limitations, and it is difficult to obtain the source code of the target site. It is difficult to fully know the execution logic of the source code in the automated static detection method, which will lead to a high rate of false positives and false negatives in the detection method. In addition, the scalability is relatively poor, and with the increasing size of the vulnerability database, the false negative rate and false negative rate of the test are relatively high. The static detection method is aimed at the specific characteristics of the program code, and the test of the program function is relatively lacking.
而模拟攻击过程的动态检测方法的不足之处在于不当的攻击向量可能造成较高的漏报率,这就要求攻击向量样本的选取既要足够大,以此来降低检测结果的漏报率,但同时过大的样本又会造成检测效率的低下。除此之外根据被测软件的实际表象进行推断的检测方法,如果缺陷位置无法确定的话,检测效率很低。动态检测时需要检测人员对目标程序结构功能相对了解,同时有很高的业务水平和实际操作的阅历。如果进行大规模项目检测时,动态检测技术会受困于人员方面等多方面因素限制,同时这种动态检测实时性较高,资源耗损比较大,容易对用户正常使用手机造成一定影响。因此,如何高效、准确的检测电力移动应用软件漏洞还没有解决方案。The shortcoming of the dynamic detection method that simulates the attack process is that improper attack vectors may cause a high false negative rate, which requires the selection of attack vector samples to be large enough to reduce the false positive rate of detection results. But at the same time, too large samples will cause low detection efficiency. In addition, the detection method based on the actual appearance of the software under test is inferred. If the defect location cannot be determined, the detection efficiency is very low. Dynamic testing requires testing personnel to have a relatively good understanding of the structure and functions of the target program, and at the same time have a high professional level and practical experience. If large-scale project detection is carried out, the dynamic detection technology will be limited by many factors such as personnel. At the same time, this kind of dynamic detection has high real-time performance and relatively large resource consumption, which is likely to have a certain impact on the normal use of mobile phones by users. Therefore, there is no solution for how to efficiently and accurately detect power mobile application software vulnerabilities.
发明内容Contents of the invention
为了解决现有技术中所存在的上述不足,本发明提供一种电力移动应用软件漏洞的检测方法及系统,其通过分析本地拒绝服务漏洞信息将其特征函数API提取到安全规则文件中,然后静态检测匹配特征函数API、动态检测hook特征函数API调用以实现自动化的分析电力应用软件是否存在相关漏洞,从而降低恶意应用软件所造成的危害。In order to solve the above-mentioned deficiencies in the prior art, the present invention provides a detection method and system for power mobile application software vulnerabilities, which extracts its characteristic function API into the security rule file by analyzing the local denial of service vulnerability information, and then statically Detect matching feature function API, and dynamically detect hook feature function API calls to realize automatic analysis of whether there are related vulnerabilities in power application software, thereby reducing the harm caused by malicious application software.
本发明提供的技术方案是:一种电力移动应用软件漏洞的检测方法,包括:The technical solution provided by the present invention is: a detection method for power mobile application software vulnerabilities, including:
基于预先定义的本地拒绝服务漏洞安全规则文件对待检测应用软件的安装包进行静态检测;Static detection of the installation package of the application software to be detected based on the pre-defined local denial of service vulnerability security rule file;
通过自动化测试插件驱动所述待检测应用软件运行,并在所述待检测应用软件运行中通过监测所述本地拒绝服务漏洞安全规则文件中的特征函数API的调用进行动态检测;Drive the operation of the application software to be detected through the automated test plug-in, and perform dynamic detection by monitoring the call of the characteristic function API in the security rule file of the local denial of service vulnerability during the operation of the application software to be detected;
预先定义的本地拒绝服务漏洞安全规则文件为根据本地拒绝服务漏洞编制的本地拒绝服务漏洞的特征函数API和异常处理。The pre-defined local denial of service vulnerability security rule file is the characteristic function API and exception handling of the local denial of service vulnerability compiled according to the local denial of service vulnerability.
优选的,所述基于预先定义的本地拒绝服务漏洞安全规则文件对待检测应用软件的安装包进行静态检测,包括:Preferably, the static detection of the installation package of the application software to be detected based on the predefined local denial of service vulnerability security rule file includes:
对预先定义的本地拒绝服务漏洞安全规则文件进行解析并将所述特征函数API和异常处理保存在规则池中;Parse the predefined local denial of service vulnerability security rule file and save the feature function API and exception handling in the rule pool;
对待检测的应用程序文件反编译得到中间代码;Decompile the application file to be detected to obtain the intermediate code;
将所述中间代码解析生成抽象语法树并对所述抽象语法树进行解析得到当前文件信息;Analyzing the intermediate code to generate an abstract syntax tree and analyzing the abstract syntax tree to obtain current file information;
基于所述当前文件信息和所述规则池进行特征函数API以及异常处理的匹配并将匹配结果写入结果集。Based on the current file information and the rule pool, the feature function API and exception handling are matched and the matching result is written into a result set.
优选的,所述对所述抽象语法树进行解析得到当前文件信息,包括:Preferably, the parsing of the abstract syntax tree to obtain current file information includes:
对抽象语法树按语法树结构进行解析;Parse the abstract syntax tree according to the syntax tree structure;
将特征函数API的调用信息和异常处理信息保存到当前文件信息中。Save the call information and exception handling information of the feature function API to the current file information.
优选的,所述基于所述当前文件信息和所述规则池进行特征函数API以及异常处理的匹配并将匹配结果写入结果集,包括:Preferably, the matching of feature function API and exception handling based on the current file information and the rule pool and writing the matching result into the result set includes:
所述当前文件信息中的特征函数API与所述规则池中的特征函数API进行匹配;The feature function API in the current file information is matched with the feature function API in the rule pool;
匹配成功后,遍历当前文件信息中的异常处理信息,若在匹配到特征函数API处进行了异常处理,则不存在本地拒绝服务漏洞,否则存在本地拒绝服务漏洞;After the matching is successful, traverse the exception handling information in the current file information. If the exception handling is performed at the matching characteristic function API, there is no local denial of service vulnerability, otherwise there is a local denial of service vulnerability;
将匹配结果写入结果集。Write matching results to the result set.
优选的,所述通过自动化测试插件驱动所述待检测应用软件运行,包括:Preferably, the driving of the application software to be detected through the automated test plug-in includes:
通过自动化测试插件获取当前页面的UI信息并传输给动态检测引擎;Obtain the UI information of the current page through the automated test plug-in and transmit it to the dynamic detection engine;
所述动态检测引擎解析所述UI信息,并生成安装、点击、卸载等命令后发送到自动化测试插件,驱动所述待测软件执行所述安装、点击、卸载等命令。The dynamic detection engine parses the UI information, generates commands such as installation, clicking, and uninstallation, and then sends them to the automated test plug-in to drive the software under test to execute the commands such as installation, clicking, and uninstallation.
优选的,所述在所述待检测应用软件运行中通过监测所述本地拒绝服务漏洞安全规则文件中的特征函数API的调用进行动态检测,包括:Preferably, the dynamic detection is performed by monitoring the call of the feature function API in the local denial of service vulnerability security rule file during the operation of the application software to be detected, including:
通过所述动态监测插件监测待检测应用软件的运行中是否调用所述特征函数API,若调用了所述特征函数API,则记录调用信息并发送到动态检测引擎中进行分析,否则继续监测。Whether the feature function API is called during the operation of the application software to be tested is monitored through the dynamic monitoring plug-in, if the feature function API is called, the call information is recorded and sent to the dynamic detection engine for analysis, otherwise, continue monitoring.
优选的,所述动态监测插件为根据Xposed和本地拒绝服务漏洞特征函数API确定的。Preferably, the dynamic monitoring plug-in is determined according to Xposed and local denial of service vulnerability feature function API.
优选的,所述本地拒绝服务漏洞,包括:空指针异常、数据类型转换异常、数组访问越界异常和类未定义的异常。Preferably, the local denial of service vulnerability includes: null pointer exception, data type conversion exception, array access out-of-bounds exception and class undefined exception.
优选的,所述本地拒绝服务漏洞的特征函数API包括:命名空间、类名、方法名以及参数列表。Preferably, the characteristic function API of the local denial of service vulnerability includes: namespace, class name, method name and parameter list.
优选的,检测方法进一步包括:Preferably, the detection method further comprises:
结合所述静态检测得到的静态结果和所述动态检测得到的动态检测结果生成检测报告。A detection report is generated by combining the static result obtained by the static detection and the dynamic detection result obtained by the dynamic detection.
基于同一发明构思,本发明还提供了一种电力移动应用软件漏洞的检测系统,包括:Based on the same inventive concept, the present invention also provides a detection system for power mobile application software vulnerabilities, including:
静态检测模块:用于基于预先定义的本地拒绝服务漏洞安全规则文件对待检测应用软件的安装包进行静态检测;;Static detection module: used for static detection of the installation package of the application software to be detected based on the predefined local denial of service vulnerability security rule file;
动态检测模块:用于通过自动化测试插件驱动所述待检测应用软件运行,并在所述待检测应用软件运行中通过监测所述本地拒绝服务漏洞安全规则文件中的特征函数API的调用进行动态检测;Dynamic detection module: used to drive the operation of the application software to be detected through the automated test plug-in, and perform dynamic detection by monitoring the call of the characteristic function API in the security rule file of the local denial of service vulnerability during the operation of the application software to be detected ;
预处理模块:用于根据本地拒绝服务漏洞编制的本地拒绝服务漏洞的特征函数API和异常处理预先定义本地拒绝服务漏洞安全规则文件。Preprocessing module: it is used to predefine the local denial of service vulnerability security rule file according to the characteristic function API and exception processing of the local denial of service vulnerability compiled according to the local denial of service vulnerability.
优选的,所述静态检测模块,包括:Preferably, the static detection module includes:
规则解析器:用于对预先定义的本地拒绝服务漏洞安全规则文件进行解析并将所述特征函数API和异常处理保存在规则池中;Rule parser: used for parsing the pre-defined local denial of service vulnerability security rule file and storing the feature function API and exception handling in the rule pool;
源代码反编译器:用于对待检测的应用程序文件反编译得到中间代码;Source code decompiler: used to decompile the application file to be detected to obtain intermediate code;
代码解析器:用于将所述中间代码解析生成抽象语法树并对所述抽象语法树进行解析得到当前文件信息;Code parser: for parsing the intermediate code to generate an abstract syntax tree and parsing the abstract syntax tree to obtain current file information;
规则匹配器:用于基于所述当前文件信息和所述规则池进行特征函数API以及异常处理的匹配并将匹配结果写入结果集。Rule matcher: for matching feature function API and exception handling based on the current file information and the rule pool and writing the matching result into a result set.
与最接近的现有技术相比,本发明提供的技术方案具有以下有益效果:Compared with the closest prior art, the technical solution provided by the present invention has the following beneficial effects:
1、本发明提供的技术方案,一方面,基于预先定义的本地拒绝服务漏洞安全规则文件对待检测应用软件的安装包进行静态检测;另一方面,通过自动化测试插件驱动所述待检测应用软件运行,并在所述待检测应用软件运行中通过监测所述本地拒绝服务漏洞安全规则文件中的特征函数API进行动态检测;其中,预先定义的本地拒绝服务漏洞安全规则文件为根据本地拒绝服务漏洞编制的本地拒绝服务漏洞的特征函数API和异常处理,通过动静结合的检测方式,不仅弥补了静态检测方法程序代码的具体特性,对程序功能的测试相对欠缺的不足,而且弥补了动态检测时根据被测软件的实际表象进行推断,检测效率很低的不足,提高了检测结果的准确率。1. The technical solution provided by the present invention, on the one hand, statically detects the installation package of the application software to be detected based on the predefined local denial of service vulnerability security rule file; on the other hand, drives the application software to be detected to run through an automated test plug-in , and perform dynamic detection by monitoring the feature function API in the local denial of service vulnerability security rule file during the operation of the application software to be detected; wherein, the predefined local denial of service vulnerability security rule file is compiled according to the local denial of service vulnerability The characteristic function API and exception handling of the local denial of service vulnerability, through the combination of dynamic and static detection, not only makes up for the specific characteristics of the static detection method program code, the relative lack of program function testing, but also makes up for the dynamic detection method based on the The actual appearance of the test software is used to infer, and the detection efficiency is very low, which improves the accuracy of the test results.
2、本发明提供的技术方案,无需大量的攻击样本,利用动态监测插件hook特征函数API,结合自动化测试从而降低资源消耗,保证检测效率。2. The technical solution provided by the present invention does not require a large number of attack samples, uses the dynamic monitoring plug-in hook feature function API, and combines automated testing to reduce resource consumption and ensure detection efficiency.
3、本发明提供的技术方案,静态检测的输入对象是抽象语法树,相对于传统静态漏洞检测提取应用源码的方法更能保证待检测应用软件信息的完整性。3. In the technical solution provided by the present invention, the input object of the static detection is an abstract syntax tree, which can better ensure the integrity of the application software information to be detected compared with the traditional static vulnerability detection method of extracting the application source code.
4、本发明提供的技术方案,该检测技术中动态检测涉及到自动化测试技术,该自动化测试技术以程序代替人模拟用户日常操作,可以自动地测试待测电力移动应用软件,触发相关的本地拒绝服务漏洞特征函数API调用,使监控程序得以记录调用信息。4. In the technical solution provided by the present invention, the dynamic detection in the detection technology involves automated testing technology. The automated testing technology replaces people with programs to simulate the daily operations of users, and can automatically test the power mobile application software to be tested and trigger relevant local rejections. Service vulnerability characteristic function API call, so that the monitoring program can record the call information.
5、本发明提供的技术方案,通过分析本地拒绝服务漏洞的特征,结合文本信息收集、文本分类、文本特征提取、代码特征提取等一系列技术生成本地拒绝服务漏洞安全规则,并可以根据系统版本以漏洞变化而进行适应性的升级与优化,不断提升检测方法的可用性与时效性。5. The technical solution provided by the present invention, by analyzing the characteristics of local denial of service vulnerabilities, combined with a series of technologies such as text information collection, text classification, text feature extraction, code feature extraction, etc., generates local denial of service vulnerability security rules, and can be based on the system version Adaptive upgrades and optimizations are carried out based on changes in vulnerabilities, and the usability and timeliness of detection methods are continuously improved.
附图说明Description of drawings
图1为本发明电力移动应用软件漏洞的检测方法流程图;Fig. 1 is a flow chart of the detection method of the power mobile application software vulnerability of the present invention;
图2为本发明实施例中规则解析流程图;Fig. 2 is a flow chart of rule parsing in the embodiment of the present invention;
图3为本发明实施例中代码解析流程图;Fig. 3 is the flow chart of code parsing in the embodiment of the present invention;
图4为本发明实施例中规则匹配流程图;FIG. 4 is a flow chart of rule matching in an embodiment of the present invention;
图5为本发明实施例中动态检测流程图;Fig. 5 is a flow chart of dynamic detection in the embodiment of the present invention;
图6为本发明实施例中通过静态检测和动态检测得到检测报告的流程图。FIG. 6 is a flow chart of obtaining a detection report through static detection and dynamic detection in an embodiment of the present invention.
具体实施方式Detailed ways
为了更好地理解本发明,下面结合说明书附图和实例对本发明的内容做进一步的说明。In order to better understand the present invention, the content of the present invention will be further described below in conjunction with the accompanying drawings and examples.
本实施例中主要目标是提出一种电力移动应用软件漏洞的检测方法,此方法通过静态检测与动态检测相结合的方式对特征函数API进行匹配,从而发现电力移动应用软件中存在的本地拒绝服务漏洞。The main goal of this embodiment is to propose a detection method for power mobile application software vulnerabilities. This method matches the characteristic function API through the combination of static detection and dynamic detection, so as to find the local denial of service in the power mobile application software. loophole.
如图1所示的电力移动应用软件漏洞的检测方法,包括:The detection method for the power mobile application software vulnerability as shown in Figure 1 includes:
步骤S101:基于预先定义的本地拒绝服务漏洞安全规则文件对待检测应用软件的安装包进行静态检测;Step S101: statically detect the installation package of the application software to be detected based on the predefined local denial of service vulnerability security rule file;
步骤S102:通过自动化测试插件驱动所述待检测应用软件运行,并在所述待检测应用软件运行中通过监测所述本地拒绝服务漏洞安全规则文件中的特征函数API的调用进行动态检测;Step S102: Drive the application software to be detected to run through the automated test plug-in, and perform dynamic detection by monitoring the call of the characteristic function API in the security rule file of the local denial of service vulnerability during the operation of the application software to be detected;
步骤S103:预先定义的本地拒绝服务漏洞安全规则文件为根据本地拒绝服务漏洞编制的本地拒绝服务漏洞的特征函数API和异常处理。Step S103: The predefined local denial of service vulnerability security rule file is the characteristic function API and exception handling of the local denial of service vulnerability compiled according to the local denial of service vulnerability.
本实施例中提供的静态检测,具体的步骤如下:The static detection provided in this embodiment, the specific steps are as follows:
1)源代码反编译器:Android应用程序以APK文件的形式发布,其中包含应用清单文件、应用资源和被编译的代码文件等内容。静态分析的输入一般是程序源代码或中间码(如Java字节码),由于很难得到Android应用的源码,本文选取中间代码smali抽象语法树作为中间的表示形式。中间代码是源程序的不同表示形式,或称中间语言,中间表示。中间代码表示形式有不同层次,目的之分。APK反编译是静态分析的基础性工作,利用Google发布的工具apktool工具反编译apk文件得到smali代码文件。1) Source code decompiler: Android applications are released in the form of APK files, which include application manifest files, application resources, and compiled code files. The input of static analysis is generally program source code or intermediate code (such as Java bytecode). Since it is difficult to obtain the source code of Android application, this paper selects the intermediate code smali abstract syntax tree as the intermediate representation. Intermediate code is a different representation of the source program, or intermediate language, intermediate representation. Intermediate code representations have different levels and purposes. APK decompilation is the basic work of static analysis. Use the tool apktool released by Google to decompile the apk file to get the smali code file.
2)规则解析器:本地拒绝服务漏洞安全规则文件是通过提取该漏洞文本信息并将其以节点的形式保存在一个xml文件,其中本地拒绝服务漏洞的典型代码特征如下:2) Rule parser: the local denial of service vulnerability security rule file extracts the vulnerability text information and saves it in an xml file in the form of a node, where the typical code characteristics of the local denial of service vulnerability are as follows:
NullPointerException异常导致的拒绝服务,源于程序没有对getAction()等获取到的数据进行空指针判断,从而导致空指针异常而导致应用崩溃。The denial of service caused by NullPointerException is because the program does not perform null pointer judgment on the data obtained by getAction(), etc., resulting in a null pointer exception and causing the application to crash.
ClassCastException异常导致的拒绝服务,源于程序没有对getSerializableExtra()等获取到的数据进行类型判断而进行强制类型转换,从而导致类型转换异常而导致应用崩溃。The denial of service caused by ClassCastException is due to the fact that the program does not perform type judgment on the data obtained by getSerializableExtra() and performs mandatory type conversion, which leads to type conversion exceptions and application crashes.
IndexOutOfBoundsException异常导致的拒绝服务,源于程序没有对getIntegerArrayListExtra()等获取到的数据数组元素大小的判断,从而导致数组访问越界而导致应用崩溃。The denial of service caused by the IndexOutOfBoundsException is that the program does not judge the size of the data array elements obtained by getIntegerArrayListExtra(), etc., which leads to the array accessing out of bounds and causing the application to crash.
ClassNotFoundException异常导致的拒绝服务,源于程序没有无法找到从getSerializableExtra()获取到的序列化类对象的类定义,因此发生类未定义的异常而导致应用崩溃。The denial of service caused by ClassNotFoundException is that the program cannot find the class definition of the serialized class object obtained from getSerializableExtra(), so a class undefined exception occurs and the application crashes.
由此可以总结出本地拒绝服务漏洞的特征函数API是:(命名空间.类名.方法名(参数列表))From this, it can be concluded that the characteristic function API of the local denial of service vulnerability is: (namespace. class name. method name (parameter list))
android.content.Intent.get...Extra(String name)android.content.Intent.get...Extra(String name)
触发条件:检测处理get...Extra()获取的数据时是否进行异常捕获,如果没有则存在安全风险。Trigger condition: Detect whether exception capture is performed when processing the data obtained by get...Extra(). If not, there is a security risk.
本程序通过调用ExceptionAnalyzer解析器将该规则文件中的特征函数API信息解析出来并保存的相应的规则池中。This program parses out the feature function API information in the rule file by calling the ExceptionAnalyzer parser and saves it in the corresponding rule pool.
如图2所示:规则解析的具体流程如下:As shown in Figure 2: The specific process of rule analysis is as follows:
步骤S201:生成本地拒绝服务安全规则文件。根据本地拒绝服务漏洞的特征,结合文本信息收集、文本分类、文本特征提取和代码特征提取生成本地拒绝服务漏洞安全规则。即通过查询官方API文档将特征函数API的命名空间、类名、参数等查询出来,再查资料得到的该漏洞的检测规则,将特征函数API和检测规则编制生成本地拒绝服务安全规则文件。通过提取本地拒绝服务漏洞文本信息并将本地拒绝服务漏洞文本信息以节点的形式保存在xml文件;Step S201: Generate a local denial of service security rule file. According to the characteristics of local denial of service vulnerabilities, combined with text information collection, text classification, text feature extraction and code feature extraction, local denial of service vulnerability security rules are generated. That is, query the namespace, class name, and parameters of the feature function API by querying the official API documentation, and then check the data to obtain the detection rules of the vulnerability, and compile the feature function API and detection rules to generate a local denial of service security rule file. By extracting the local denial of service vulnerability text information and saving the local denial of service vulnerability text information in the form of nodes in the xml file;
步骤S202:读取规则内容;Step S202: read the rule content;
步骤S203:调用ExceptionAnalyzer解析器将xml文件中的特征函数API信息以及检测规则解析出来;Step S203: calling the ExceptionAnalyzer parser to parse out the feature function API information and detection rules in the xml file;
步骤S204:根据解析得到的特征函数API信息以及漏洞处理信息保存在规则池中。Step S204: Save the feature function API information and vulnerability handling information obtained according to the analysis in the rule pool.
3)代码解析器:本实施例中选择AST(抽象语法树)作为中间表示。从中间代码中生成其相应的AST形式是后续的程序分析的基础。AST的具体形式的选择,即AST中包含的信息的多少,影响程序分析的效率。3) Code parser: AST (Abstract Syntax Tree) is selected as the intermediate representation in this embodiment. Generating its corresponding AST form from the intermediate code is the basis of subsequent program analysis. The choice of the specific form of the AST, that is, the amount of information contained in the AST, affects the efficiency of program analysis.
AST中包含的信息在满足程序分析需要的同时,包含的其他信息越少,分析的时空效率越高。AST能否正确地生成决定后续的程序分析的成败。While the information contained in AST meets the needs of program analysis, the less other information it contains, the higher the time and space efficiency of analysis. Whether the AST can be generated correctly determines the success or failure of the subsequent program analysis.
很多流行的编译器都将AST作为其中间表示,编译器的AST需要包含足够详细的信息以便完成代码生成,在代码生成前编译器需要通过数据流分析来完成代码优化。因为程序切片中的数据流分析算法借鉴编译器代码优化领域中的数据流分析算法,只是粒度较粗而已(基于语句),所以本实施例中选择编译器前端来生成AST。Many popular compilers use AST as their intermediate representation. The compiler's AST needs to contain enough detailed information to complete code generation. Before code generation, the compiler needs to complete code optimization through data flow analysis. Because the data flow analysis algorithm in program slicing refers to the data flow analysis algorithm in the field of compiler code optimization, but the granularity is relatively coarse (based on statements), so in this embodiment, the front end of the compiler is selected to generate AST.
生成的AST包含着中间代码文件的全部信息,解析AST,将其中的漏洞信息和异常处理信息存储到当前文件信息中,作为之后安全规则匹配的基础。The generated AST contains all the information of the intermediate code file, parses the AST, and stores the vulnerability information and exception handling information in the current file information as the basis for subsequent security rule matching.
本地拒绝服务漏洞主要是因为没有对特征函数API进行异常处理,所以要记录文件中的异常处理信息。The local denial of service vulnerability is mainly because there is no exception handling for the characteristic function API, so the exception handling information in the file should be recorded.
如图3所示:代码解析的具体流程如下:As shown in Figure 3: the specific process of code analysis is as follows:
步骤S301:对源代码依次进行头文件处理、宏处理、语法分析和词法分析,生成AST;Step S301: sequentially perform header file processing, macro processing, syntax analysis and lexical analysis on the source code to generate AST;
步骤S302:按抽象语法树的结构进行解析AST,将其中的特征函数API的调用信息和异常处理信息存储到当前文件信息中。Step S302: Parse the AST according to the structure of the abstract syntax tree, and store the call information and exception handling information of the feature function API in the current file information.
4)规则匹配器4) Rule Matcher
规则共分为单个api匹配规则、异常处理判断规则、复杂api匹配规则、AndroidManifest.xml文件匹配规则四大类。所有的规则都是针对应用中的每个方法,用方法中的所有函数调用以及寄存器信息去匹配不同的规则池,将匹配到的规则写入结果集。The rules are divided into four categories: single api matching rules, exception handling judgment rules, complex api matching rules, and AndroidManifest.xml file matching rules. All rules are for each method in the application, use all function calls and register information in the method to match different rule pools, and write the matched rules into the result set.
本实施例中的本地拒绝服务漏洞安全规则属于异常处理判断规则。The local denial of service vulnerability security rule in this embodiment belongs to the exception handling judgment rule.
如图4所示:本实施例中的规则匹配的流程如下:As shown in Figure 4: the flow process of the rule matching in this embodiment is as follows:
步骤S401:基于当前文件信息与预先生成的待检测规则进行特征函数API匹配;Step S401: Perform feature function API matching based on current file information and pre-generated rules to be detected;
步骤S402:遍历当前文件信息中的异常处理信息,若在匹配到的特征函数API处进行了异常处理,则不存在本地拒绝服务漏洞,否则存在本地拒绝服务漏洞。Step S402: Traversing the exception handling information in the current file information, if exception handling is performed at the matched feature function API, then there is no local denial of service vulnerability, otherwise there is a local denial of service vulnerability.
本实施例中提供的动态检测方法,具体步骤如下:The dynamic detection method provided in this embodiment, the specific steps are as follows:
首先在测试机上安装Xposed框架,然后安装基于本地拒绝服务漏洞特征函数API开发的动态监测插件,在本实施例中动态监测插件就是钩子函数hook,监测应用软件的运行状态下是否调用特征函数API,此外监测系统的键盘,获取用户的输入,作为敏感数据源。插件在获取信息的同时,会用过socket回传给动态检测引擎进行应用漏洞分析。First install the Xposed framework on the test machine, and then install the dynamic monitoring plug-in developed based on the local denial of service vulnerability feature function API. In this embodiment, the dynamic monitoring plug-in is the hook function hook, and monitors whether the feature function API is called under the running state of the application software. In addition, the keyboard of the system is monitored to obtain user input as a source of sensitive data. When the plug-in obtains the information, it will use the socket to send it back to the dynamic detection engine for application vulnerability analysis.
动态检测使待测软件运行于封闭环境中,缺乏测试的为驱动力,所以该动态检测方法利用自动化测试技术。自动化测试技术以程序代替人模拟用户日常操作,可以自动地测试待测电力移动应用软件,触发相关的恶意代码,使监控程序得以记录调用信息。Dynamic detection makes the software under test run in a closed environment, lacking the driving force of testing, so the dynamic detection method uses automated testing technology. The automated testing technology uses programs instead of humans to simulate the daily operations of users, which can automatically test the power mobile application software to be tested, trigger relevant malicious codes, and enable the monitoring program to record call information.
本程序中通过一个自己编写的辅助工具不断与动态检测引擎交互以此实现自动化测试,该辅助工具不断向动态检测引擎传送当前页面的UI信息,动态检测引擎分析UI,利用遍历算法向当前页面传送命令,主要包含安装、点击、卸载等命令,使待测软件自动化执行。In this program, an auxiliary tool written by myself continuously interacts with the dynamic detection engine to realize automated testing. The auxiliary tool continuously transmits the UI information of the current page to the dynamic detection engine. The dynamic detection engine analyzes the UI and uses the traversal algorithm to transmit the information to the current page Commands mainly include commands such as installation, clicking, and uninstallation, so that the software to be tested can be executed automatically.
如图5所示:实施例中动态检测流程如下:As shown in Figure 5: the dynamic detection process in the embodiment is as follows:
步骤S501:将待检测的APK安装在移动端;Step S501: installing the APK to be detected on the mobile terminal;
步骤S502:基于Xposed的动态监测插件监测移动端是否调用特征函数API;还通过自动化测试插件将移动端的UI界面传给动态检测引擎,动态检测引擎分析UI界面信息后向自动化测试插件发送命令,包括:安装、点击、卸载。Step S502: The Xposed dynamic monitoring plug-in monitors whether the mobile terminal calls the characteristic function API; the UI interface of the mobile terminal is also passed to the dynamic detection engine through the automated test plug-in, and the dynamic detection engine analyzes the UI interface information and then sends commands to the automated test plug-in, including : Install, click, uninstall.
步骤S503:自动化测试插件在获取到信息的同时通过socket回传给动态检测引擎进行应用漏洞分析。Step S503: The automated test plug-in obtains the information and sends it back to the dynamic detection engine through the socket to analyze the application vulnerability.
本实施例中提供的电力移动应用软件中本地拒绝服务漏洞的检测方法主要基于特征函数API进行检测,静态检测匹配特征函数API,然后进行异常处理判断;动态检测hook特征函数API调用。The detection method for the local denial of service vulnerability in the power mobile application software provided in this embodiment is mainly based on the feature function API for detection, static detection and matching feature function API, and then abnormal processing judgment; dynamic detection hook feature function API call.
如图6所示:通过静态检测和动态检测得到检测报告的步骤如下:As shown in Figure 6: the steps to obtain a detection report through static detection and dynamic detection are as follows:
获取需要检测的APK文件;Obtain the APK file that needs to be detected;
分别进行静态检测和动态检测;Perform static detection and dynamic detection respectively;
静态检测环节主要包含:源代码反编译器、规则解析器、代码解析器、规则匹配器。The static detection link mainly includes: source code decompiler, rule parser, code parser, and rule matcher.
1)源代码反编译器,主要通过反编译工具从可执行的APK应用程序中,得到Android Smali源码,并且得到Android可执行应用程序的一些重要文件,如AndroidManifest.xml文件。1) The source code decompiler mainly obtains the Android Smali source code from the executable APK application program through the decompilation tool, and obtains some important files of the Android executable application program, such as the AndroidManifest.xml file.
2)规则解析器,将电力移动应用本地拒绝服务漏洞安全规则文件读取到程序中,并对规则文件中的特征函数API节点信息解析并保存到相应的规则池中。2) The rule parser reads the local denial-of-service vulnerability security rule file of the power mobile application into the program, and parses and saves the characteristic function API node information in the rule file into the corresponding rule pool.
3)代码解析器,负责对源程序进行词法、语法分析,抽象出足够多的信息并转换成中间表示,根据需要生成特定的语法树结构,为后继分析提供便利。3) The code parser is responsible for lexical and grammatical analysis of the source program, abstracts enough information and converts it into an intermediate representation, and generates a specific grammatical tree structure as needed to facilitate subsequent analysis.
4)规则匹配器,根据控制流分析结果,遍历每个文件信息,匹配本地拒绝服务漏洞安全规则文件中的特征函数API信息,将匹配成功的调用信息以及规则写入对应的结果集。4) The rule matcher, according to the control flow analysis results, traverses each file information, matches the feature function API information in the local denial of service vulnerability security rule file, and writes the successfully matched call information and rules into the corresponding result set.
动态检测包括:动态检测环节是基于Xposed框架安装在手机上的动态监测插件监测应用运行时的行为以及用户的输入行为,该插件通过hook特征函数API并将具体的信息回传给动态检测引擎进行分析,判断应用程序是否存在本地拒绝服务漏洞缺陷。Dynamic detection includes: the dynamic detection link is based on the dynamic monitoring plug-in installed on the mobile phone based on the Xposed framework to monitor the running behavior of the application and the user's input behavior. The plug-in uses the hook feature function API and sends the specific information back to the dynamic detection engine. Analyze to determine whether the application has a local denial of service vulnerability defect.
结合静态检测中规则匹配器得到的检测结果和动态检测中动态检测引擎得到的检测结果生成检测报告。Combine the detection results obtained by the rule matcher in the static detection and the detection results obtained by the dynamic detection engine in the dynamic detection to generate a detection report.
基于同一发明构思,本实施例还提供了一种电力移动应用软件漏洞的检测系统,包括:Based on the same inventive concept, this embodiment also provides a detection system for power mobile application software vulnerabilities, including:
静态检测模块:用于基于预先定义的本地拒绝服务漏洞安全规则文件对待检测应用软件的安装包进行静态检测;;Static detection module: used for static detection of the installation package of the application software to be detected based on the predefined local denial of service vulnerability security rule file;
动态检测模块:用于通过自动化测试插件驱动所述待检测应用软件运行,并在所述待检测应用软件运行中通过监测所述本地拒绝服务漏洞安全规则文件中的特征函数API的调用进行动态检测;Dynamic detection module: used to drive the operation of the application software to be detected through the automated test plug-in, and perform dynamic detection by monitoring the call of the characteristic function API in the security rule file of the local denial of service vulnerability during the operation of the application software to be detected ;
预处理模块:用于根据本地拒绝服务漏洞编制的本地拒绝服务漏洞的特征函数API和异常处理预先定义本地拒绝服务漏洞安全规则文件。Preprocessing module: it is used to predefine the local denial of service vulnerability security rule file according to the characteristic function API and exception processing of the local denial of service vulnerability compiled according to the local denial of service vulnerability.
优选的,所述静态检测模块,包括:Preferably, the static detection module includes:
规则解析器:用于对预先定义的本地拒绝服务漏洞安全规则文件进行解析并将所述特征函数API和异常处理保存在规则池中;Rule parser: used for parsing the pre-defined local denial of service vulnerability security rule file and storing the feature function API and exception handling in the rule pool;
源代码反编译器:用于对待检测的应用程序文件反编译得到中间代码;Source code decompiler: used to decompile the application file to be detected to obtain intermediate code;
代码解析器:用于将所述中间代码解析生成抽象语法树并对所述抽象语法树进行解析得到当前文件信息;Code parser: for parsing the intermediate code to generate an abstract syntax tree and parsing the abstract syntax tree to obtain current file information;
规则匹配器:用于基于所述当前文件信息和所述规则池进行特征函数API以及异常处理的匹配并将匹配结果写入结果集。Rule matcher: for matching feature function API and exception handling based on the current file information and the rule pool and writing the matching result into a result set.
本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
本申请是参照根据本申请实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowcharts and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the present application. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.
以上仅为本发明的实施例而已,并不用于限制本发明,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均包含在申请待批的本发明的权利要求范围之内。The above are only embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention are included in the pending application of the present invention. within the scope of the claims.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810276201.2ACN108595952A (en) | 2018-03-30 | 2018-03-30 | A kind of detection method and system of electric power mobile application software loophole |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810276201.2ACN108595952A (en) | 2018-03-30 | 2018-03-30 | A kind of detection method and system of electric power mobile application software loophole |
| Publication Number | Publication Date |
|---|---|
| CN108595952Atrue CN108595952A (en) | 2018-09-28 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810276201.2APendingCN108595952A (en) | 2018-03-30 | 2018-03-30 | A kind of detection method and system of electric power mobile application software loophole |
| Country | Link |
|---|---|
| CN (1) | CN108595952A (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109582564A (en)* | 2018-10-29 | 2019-04-05 | 中国电力科学研究院有限公司 | A kind of test method of mobile application software |
| CN109634596A (en)* | 2018-12-11 | 2019-04-16 | 清华大学 | Visual programming tools based on flow chart |
| CN110297776A (en)* | 2019-07-03 | 2019-10-01 | 深圳市腾讯网域计算机网络有限公司 | Examining report generation, method of reseptance, device, equipment and storage medium |
| CN110532165A (en)* | 2019-07-05 | 2019-12-03 | 中国平安财产保险股份有限公司 | Application program installation kit characteristic detecting method, device, equipment and storage medium |
| CN110968874A (en)* | 2019-11-28 | 2020-04-07 | 腾讯科技(深圳)有限公司 | Vulnerability detection method, device, server and storage medium |
| CN111026631A (en)* | 2018-10-09 | 2020-04-17 | 顺丰科技有限公司 | Automatic interface detection method and device and server |
| CN111177715A (en)* | 2018-11-12 | 2020-05-19 | 中移(杭州)信息技术有限公司 | A mobile App vulnerability detection method and device |
| CN112395603A (en)* | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Vulnerability attack identification method and device based on instruction execution sequence characteristics and computer equipment |
| CN113157576A (en)* | 2021-04-26 | 2021-07-23 | 云账户技术(天津)有限公司 | Application program safety detection method and device and electronic equipment |
| CN113391815A (en)* | 2021-06-09 | 2021-09-14 | 上海创景信息科技有限公司 | Source code analysis result testing method and system based on multiple development languages |
| CN113591079A (en)* | 2020-04-30 | 2021-11-02 | 中移互联网有限公司 | Method and device for acquiring abnormal application installation package and electronic equipment |
| CN114896606A (en)* | 2022-07-13 | 2022-08-12 | 苏州知微安全科技有限公司 | Vulnerability data dynamic processing method and device based on static expression |
| CN115688115A (en)* | 2022-10-26 | 2023-02-03 | 国网智能电网研究院有限公司 | Mobile power application vulnerability detection method and device and electronic equipment |
| CN116501531A (en)* | 2023-06-19 | 2023-07-28 | 成都移信通科技有限公司 | Software plug-in configuration method and system for monitoring software operation data security |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101017458A (en)* | 2007-03-02 | 2007-08-15 | 北京邮电大学 | Software safety code analyzer based on static analysis of source code and testing method therefor |
| KR100939020B1 (en)* | 2009-06-09 | 2010-01-27 | 주식회사 이븐스타 | Web source analysis system and method |
| CN104537309A (en)* | 2015-01-23 | 2015-04-22 | 北京奇虎科技有限公司 | Application program bug detection method, application program bug detection device and server |
| US9454659B1 (en)* | 2014-08-15 | 2016-09-27 | Securisea, Inc. | Software vulnerabilities detection system and methods |
| CN106650452A (en)* | 2016-12-30 | 2017-05-10 | 北京工业大学 | Mining method for built-in application vulnerability of Android system |
| CN107748716A (en)* | 2017-09-15 | 2018-03-02 | 深圳英飞拓科技股份有限公司 | The lookup method and terminal device of a kind of bug |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101017458A (en)* | 2007-03-02 | 2007-08-15 | 北京邮电大学 | Software safety code analyzer based on static analysis of source code and testing method therefor |
| KR100939020B1 (en)* | 2009-06-09 | 2010-01-27 | 주식회사 이븐스타 | Web source analysis system and method |
| US9454659B1 (en)* | 2014-08-15 | 2016-09-27 | Securisea, Inc. | Software vulnerabilities detection system and methods |
| CN104537309A (en)* | 2015-01-23 | 2015-04-22 | 北京奇虎科技有限公司 | Application program bug detection method, application program bug detection device and server |
| CN106650452A (en)* | 2016-12-30 | 2017-05-10 | 北京工业大学 | Mining method for built-in application vulnerability of Android system |
| CN107748716A (en)* | 2017-09-15 | 2018-03-02 | 深圳英飞拓科技股份有限公司 | The lookup method and terminal device of a kind of bug |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111026631B (en)* | 2018-10-09 | 2024-03-26 | 顺丰科技有限公司 | Automatic interface detection method, device and server |
| CN111026631A (en)* | 2018-10-09 | 2020-04-17 | 顺丰科技有限公司 | Automatic interface detection method and device and server |
| CN109582564A (en)* | 2018-10-29 | 2019-04-05 | 中国电力科学研究院有限公司 | A kind of test method of mobile application software |
| CN111177715A (en)* | 2018-11-12 | 2020-05-19 | 中移(杭州)信息技术有限公司 | A mobile App vulnerability detection method and device |
| CN109634596B (en)* | 2018-12-11 | 2021-10-22 | 清华大学 | Flowchart-based visual programming tool |
| CN109634596A (en)* | 2018-12-11 | 2019-04-16 | 清华大学 | Visual programming tools based on flow chart |
| CN110297776A (en)* | 2019-07-03 | 2019-10-01 | 深圳市腾讯网域计算机网络有限公司 | Examining report generation, method of reseptance, device, equipment and storage medium |
| CN110532165A (en)* | 2019-07-05 | 2019-12-03 | 中国平安财产保险股份有限公司 | Application program installation kit characteristic detecting method, device, equipment and storage medium |
| CN112395603B (en)* | 2019-08-15 | 2023-09-05 | 奇安信安全技术(珠海)有限公司 | Vulnerability attack identification method, device and computer equipment based on instruction execution sequence characteristics |
| CN112395603A (en)* | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Vulnerability attack identification method and device based on instruction execution sequence characteristics and computer equipment |
| CN110968874B (en)* | 2019-11-28 | 2023-04-14 | 腾讯科技(深圳)有限公司 | Vulnerability detection method, device, server and storage medium |
| CN110968874A (en)* | 2019-11-28 | 2020-04-07 | 腾讯科技(深圳)有限公司 | Vulnerability detection method, device, server and storage medium |
| CN113591079B (en)* | 2020-04-30 | 2023-08-15 | 中移互联网有限公司 | Method and device for acquiring abnormal application installation package and electronic equipment |
| CN113591079A (en)* | 2020-04-30 | 2021-11-02 | 中移互联网有限公司 | Method and device for acquiring abnormal application installation package and electronic equipment |
| CN113157576B (en)* | 2021-04-26 | 2024-11-29 | 云账户技术(天津)有限公司 | Application program security detection method and device and electronic equipment |
| CN113157576A (en)* | 2021-04-26 | 2021-07-23 | 云账户技术(天津)有限公司 | Application program safety detection method and device and electronic equipment |
| CN113391815B (en)* | 2021-06-09 | 2023-11-21 | 上海创景信息科技有限公司 | Source code analysis result testing method and system based on multiple development languages |
| CN113391815A (en)* | 2021-06-09 | 2021-09-14 | 上海创景信息科技有限公司 | Source code analysis result testing method and system based on multiple development languages |
| CN114896606B (en)* | 2022-07-13 | 2022-11-01 | 苏州知微安全科技有限公司 | Vulnerability data dynamic processing method and device based on static expression |
| CN114896606A (en)* | 2022-07-13 | 2022-08-12 | 苏州知微安全科技有限公司 | Vulnerability data dynamic processing method and device based on static expression |
| CN115688115A (en)* | 2022-10-26 | 2023-02-03 | 国网智能电网研究院有限公司 | Mobile power application vulnerability detection method and device and electronic equipment |
| CN115688115B (en)* | 2022-10-26 | 2025-08-29 | 国网智能电网研究院有限公司 | Power mobile application vulnerability detection method, device and electronic equipment |
| CN116501531A (en)* | 2023-06-19 | 2023-07-28 | 成都移信通科技有限公司 | Software plug-in configuration method and system for monitoring software operation data security |
| CN116501531B (en)* | 2023-06-19 | 2023-09-08 | 成都移信通科技有限公司 | Software plug-in configuration method and system for monitoring software operation data security |
| Publication | Publication Date | Title |
|---|---|---|
| CN108595952A (en) | A kind of detection method and system of electric power mobile application software loophole | |
| Liao et al. | SmartDagger: a bytecode-based static analysis approach for detecting cross-contract vulnerability | |
| Lu et al. | DeepAutoD: Research on distributed machine learning oriented scalable mobile communication security unpacking system | |
| Xia et al. | Effective real-time android application auditing | |
| CN113497809B (en) | MIPS framework vulnerability mining method based on control flow and data flow analysis | |
| Ou et al. | S3Feature: A static sensitive subgraph-based feature for android malware detection | |
| US8117660B2 (en) | Secure control flows by monitoring control transfers | |
| CN100461132C (en) | Software security code analyzer and detection method based on source code static analysis | |
| CN104834859B (en) | The dynamic testing method of malicious act in a kind of Android applications | |
| Tang et al. | A novel hybrid method to analyze security vulnerabilities in android applications | |
| WO2017049800A1 (en) | Method and apparatus for detecting loophole code in application | |
| CN110225029B (en) | Injection attack detection method, device, server and storage medium | |
| Wognsen et al. | Formalisation and analysis of Dalvik bytecode | |
| CN104834858A (en) | Method for statically detecting malicious code in android APP (Application) | |
| CN113312618B (en) | Program vulnerability detection method, device, electronic device and medium | |
| CN101154257A (en) | A Method of Dynamically Executing Patches Based on Vulnerability Characteristics | |
| CN106611122A (en) | Virtual execution-based unknown malicious program offline detection system | |
| Kang et al. | Scaling javascript abstract interpretation to detect and exploit node. js taint-style vulnerability | |
| CN115270131A (en) | A Java deserialization vulnerability detection method and system | |
| CN114996126A (en) | A vulnerability detection method and system for EOSIO smart contracts | |
| CN117610001A (en) | Automatic analysis method for fine-grained malicious behaviors in Internet of things malicious software | |
| CN114676051A (en) | Program testing method and device based on fuzzy test | |
| CN110717181A (en) | Non-control data attack detection method and device based on novel program dependency graph | |
| CN112163218B (en) | Anti-vulnerability mining method and device based on code injection | |
| Li et al. | {SDFuzz}: Target States Driven Directed Fuzzing |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date:20180928 |