计算机与现代化 ›› 2020, Vol. 0 ›› Issue (08): 114-121.doi: 10.3969/j.issn.1006-2475.2020.08.019

• 信息安全 • 上一篇    下一篇

基于遗传算法的Android系统服务漏洞挖掘

  

  1. (成都信息工程大学网络空间安全学院,四川成都610225)
  • 收稿日期:2020-01-03 出版日期:2020-08-17 发布日期:2020-08-18
  • 作者简介:张志威(1994-),男,河南舞钢人,硕士研究生,研究方向:移动安全,软件逆向分析,E-mail: 1042811368@qq.com; 甘刚(1974-),男,教授,硕士,研究方向:网络对抗理论与技术,移动互联网及应用,E-mail: test_me@cuit.edu.cn。
  • 基金资助:
    “十三五”国家密码发展基金资助项目(MMJJ20180224)

Service Vulnerability Mining of Android System Based on Genetic Algorithm

  1. (School of Cybersecurity, Chengdu University of Information Technology, Chengdu 610225, China)
  • Received:2020-01-03 Online:2020-08-17 Published:2020-08-18

摘要: 针对常规模糊测试挖掘Android系统服务漏洞效率低的问题,提出并实现基于遗传算法的Anddroid系统服务漏洞挖掘框架ASFuzzer。该框架利用Binder驱动与系统服务的交互向目标发送测试用例。测试过程中根据结果的反馈,引导遗传算法对测试参数不断变异,并提出一种高效的基于概率排序与组合的遗传选择算子模型,从而提高样本覆盖率和模糊测试效率。通过框架在不同系统版本手机上的测试,挖掘到多个系统服务漏洞。与传统模糊测试方法相比,实验结果表明本文方案在漏洞挖掘效率方面更具有优势。

关键词: 系统服务, 漏洞挖掘, Binder, 模糊测试, 遗传算法, 概率排序

Abstract: In order to solve the problem of low efficiency in mining service vulnerabilities in Android system by conventional fuzzy testing, this paper proposes and implements a framework for mining service vulnerabilities in Android system based on genetic algorithm, named ASFuzzer. The framework uses Binder driver to interact with system services to send test cases to the target. According to the feedback of the test results, the genetic algorithm is guided to continuously change the test parameters, and an efficient genetic selection operator model based on probability sorting and combination is proposed to improve the sample coverage and fuzzy test efficiency. Through the testing of the framework on mobile phones of different system versions, multiple system service vulnerabilities are discovered. Compared with the traditional fuzzy testing method, the experimental results show that the scheme has more advantages in the efficiency of vulnerability mining.

Key words: system service, vulnerability mining, Binder, fuzzy testing, genetic algorithm, probability ranking

中图分类号: