基于关联规则的Android驱动未知安全漏洞挖掘

传统漏洞挖掘方法无法研究Android设备驱动与内核间的交互,且需使相关硬件处于工作状态,很难实现Android驱动未知漏洞挖掘。为此,提出基于关联规则的Android驱动未知安全漏洞挖掘方法。对关联规则漏洞挖掘问题进行形式化描述。依据Apriori法对频繁项集进行初寻找。采用RDARF规则筛选器对规则进行进一步筛选,获取强规则。建立待挖掘驱动样本库,对Android驱动进行自动化分析,考虑Android设备驱动与内核间的交互;针对各Android驱动对各自申请的权限信息进行提取,建立权限特征集合,完成格式化操作;挖掘出所有Android驱动漏洞数据的极大频繁项集,建立权限关系特征库,获取关联规则无需执行驱动;针对待挖掘驱动匹配权限关系特征库,实现未知Android驱动安全漏洞的挖掘。实验结果表明,所提方法挖掘准确性高,CPU占用少。

Mining of Android driven unknown security vulnerabilities based on association rules

Traditional vulnerability mining methods can not study the interaction between Android device drivers and cores, and make the relevant hardware in working state. It is difficult to achieve Android driving unknown vulnerabilities mining. To this end, a Android driven unknown security vulnerability mining method based on association rules is proposed. The problem of mining association rules is described in a formal way. The frequent itemsets are first searched according to the Apriori method. The rules are screened by RDARF rule filter, and strong rules are obtained. To set up mining driven sample database, the Android driver automatic analysis, consider the Android device driver interacts with the kernel; for the Android drive to access their information for the extraction, establish permissions feature set to complete the formatting operation; to find all Android driver maximum frequent itemsets of vulnerability data, establish the authority relation feature library and the acquisition of association rules without the need to perform driving; for driving, the relationship between the characteristics of mining rights library, mining unknown security vulnerabilities in Android driver. The experimental results show that the accuracy of the proposed method is high and the CPU is less occupied.