{"title":"The static detection analysis technology of Android source codes","authors":"Yanhui Guo, L. Yang, Xiaomeng Gao, Kun Wu","doi":"10.1109/ICNIDC.2016.7974582","DOIUrl":null,"url":null,"abstract":"With the increasingly rampant malicious attacks of Android terminal, this paper proposes a detection technology of Android platform source code security based on static analysis. The technology uses the existing static analysis technology of Java source code, and joins Android implicit methods invocation processing, at last gets the control flow graph and data flow graph, which are based on Android source code and have no breakpoint. The technology analysis the malicious behavior of Android source code depending on the information flow graph, and then get the main loophole and flaw existed in Android project. Using this technology to detect multiple open source Android projects, the experimental results show that this technology can effectively detect the main loophole and flaw existing in Android source code. What's more, the technology can display complete attack path, which is convenient for developers to modify and maintain the project. Therefore, this technology has high practical value.","PeriodicalId":439987,"journal":{"name":"2016 IEEE International Conference on Network Infrastructure and Digital Content (IC-NIDC)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE International Conference on Network Infrastructure and Digital Content (IC-NIDC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICNIDC.2016.7974582","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
With the increasingly rampant malicious attacks of Android terminal, this paper proposes a detection technology of Android platform source code security based on static analysis. The technology uses the existing static analysis technology of Java source code, and joins Android implicit methods invocation processing, at last gets the control flow graph and data flow graph, which are based on Android source code and have no breakpoint. The technology analysis the malicious behavior of Android source code depending on the information flow graph, and then get the main loophole and flaw existed in Android project. Using this technology to detect multiple open source Android projects, the experimental results show that this technology can effectively detect the main loophole and flaw existing in Android source code. What's more, the technology can display complete attack path, which is convenient for developers to modify and maintain the project. Therefore, this technology has high practical value.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
