| 基于遗传算法的Android系统服务漏洞挖掘 |
| |
| 引用本文: | 张志威,甘刚.基于遗传算法的Android系统服务漏洞挖掘[J].计算机与现代化,2020,0(8):114-121. |
| |
| 作者姓名: | 张志威 甘刚 |
| |
| 作者单位: | 成都信息工程大学网络空间安全学院,四川 成都 610225;成都信息工程大学网络空间安全学院,四川 成都 610225 |
| |
| 基金项目: | "十三五"国家密码发展基金资助项目 |
| |
| 摘 要: | 针对常规模糊测试挖掘Android系统服务漏洞效率低的问题,提出并实现基于遗传算法的Anddroid系统服务漏洞挖掘框架ASFuzzer。该框架利用Binder驱动与系统服务的交互向目标发送测试用例。测试过程中根据结果的反馈,引导遗传算法对测试参数不断变异,并提出一种高效的基于概率排序与组合的遗传选择算子模型,从而提高样本覆盖率和模糊测试效率。通过框架在不同系统版本手机上的测试,挖掘到多个系统服务漏洞。与传统模糊测试方法相比,实验结果表明本文方案在漏洞挖掘效率方面更具有优势。
|
| 关 键 词: | 系统服务 漏洞挖掘 Binder 模糊测试 遗传算法 概率排序 |
| 收稿时间: | 2020-08-18 |
Service Vulnerability Mining of Android System Based on Genetic Algorithm |
| |
| Abstract: | In order to solve the problem of low efficiency in mining service vulnerabilities in Android system by conventional fuzzy testing, this paper proposes and implements a framework for mining service vulnerabilities in Android system based on genetic algorithm, named ASFuzzer. The framework uses Binder driver to interact with system services to send test cases to the target. According to the feedback of the test results, the genetic algorithm is guided to continuously change the test parameters, and an efficient genetic selection operator model based on probability sorting and combination is proposed to improve the sample coverage and fuzzy test efficiency. Through the testing of the framework on mobile phones of different system versions, multiple system service vulnerabilities are discovered. Compared with the traditional fuzzy testing method, the experimental results show that the scheme has more advantages in the efficiency of vulnerability mining. |
| |
| Keywords: | system service vulnerability mining Binder fuzzy testing genetic algorithm probability ranking |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机与现代化》浏览原始摘要信息 |
|
点击此处可从《计算机与现代化》下载全文 |
