Service Vulnerability Mining of Android System Based on Genetic Algorithm

doi:10.3969/j.issn.1006-2475.2020.08.019

Abstract

Abstract: In order to solve the problem of low efficiency in mining service vulnerabilities in Android system by conventional fuzzy testing, this paper proposes and implements a framework for mining service vulnerabilities in Android system based on genetic algorithm, named ASFuzzer. The framework uses Binder driver to interact with system services to send test cases to the target. According to the feedback of the test results, the genetic algorithm is guided to continuously change the test parameters, and an efficient genetic selection operator model based on probability sorting and combination is proposed to improve the sample coverage and fuzzy test efficiency. Through the testing of the framework on mobile phones of different system versions, multiple system service vulnerabilities are discovered. Compared with the traditional fuzzy testing method, the experimental results show that the scheme has more advantages in the efficiency of vulnerability mining.

Key words: system service, vulnerability mining, Binder, fuzzy testing, genetic algorithm, probability ranking

CLC Number:

TP311

ZHANG Zhi-wei, GAN Gang. Service Vulnerability Mining of Android System Based on Genetic Algorithm[J]. Computer and Modernization, 2020, 0(08): 114-121.

References ［23］

［1］	邵帅,王眉林,陈冬青,等. 基于机器学习的Android应用组件暴露漏洞分析［J］. 北京理工大学学报, 2019,39(9):974-977.
［2］	吴兴茹,何永忠. 基于函数调用图的Android重打包应用检测［J］. 计算机工程, 2017,43(11):122-127.
［3］	邹圳,周安民. Android系统服务漏洞挖掘技术研究［J］. 现代计算机, 2019(13):90-95.
［4］	刘朋. 基于Fuzzing的Android漏洞挖掘技术［D］. 西安:西安电子科技大学, 2017.
［5］	吴志勇,夏建军,孙乐昌,等. 多维Fuzzing技术综述［J］. 计算机应用研究, 2010,27(8):2810-2813.
［6］	金泰延. Android框架揭密［M］. 北京:人民邮电出版社, 2012.
［7］	SINGH R. An overview of Android operating system and its security, features［J］. International Journal of Engineering Research & Applications, 2014,4(2):519-521.
［8］	PETERS T W. STAB Fuzzing: A Study of Android’s Binder IPC and Linux/Android Fuzzing［EB/OL］. (2016-03-16)［2020-01-10］. https://pdfs.semanticscholar.org/9ed4/1192e02e10b5367c9d143f447f7036b2aao.pdf.
［9］	BACKESM, BUGIELS, GERLING S. Scippa: System-centric IPC Provenance on Android［C］// Proceedings of the 30th Annual Computer Security applications Conference. 2014:36-45.
［10］	ROSA T. Android Binder Security Note: On Passing Binder Through Another Binder ［EB/OL］.(2011-11-16)［2020-01-10］. http://citeseerx.ist.psv.edu/viewdoc/download?doi=10.1.1.365.2174&rep=rep1&type=pdf.
［11］	张玉清,方喆君,王凯,等. Android安全漏洞挖掘技术综述［J］. 计算机研究与发展, 2015,52(10):2167-2177.
［12］	SHARMA C, SABHARWAL S, SIBAL R. A survey on software testing techniques using genetic algorithm［J］. International Journal of Computer Science Issues, 2014,10(1):381-393.
［13］	何远,张玉清,张光华. 基于黑盒遗传算法的Android驱动漏洞挖掘［J］. 计算机学报, 2017,40(5):1031-1043.
［14］	程志超. Android应用中反射函数的解析［D］. 合肥:中国科学技术大学, 2017.
［15］	刘渊,杨永辉,张春瑞,等. 一种基于遗传算法的Fuzzing测试用例生成新方法［J］. 电子学报, 2017,45(3):552-556.
［16］	DEMPSEY M, ISHIMOTO G K, KAM W H, et al. Location-independent service for monitoring and alerting on an event log: U.S. Patent 6507852［P］. 2003-01-14.
［17］	朱春媚,莫鸿强. 一类适应度函数的遗传算法编码［J］. 计算机应用, 2017,37(7):1972-1976.
［18］	廖子贞,罗可,周飞红,等. 一种自适应惯性权重的并行粒子群聚类算法［J］. 计算机工程与应用, 2007(28):166-168.
［19］	BARESEL A, STHAMER H, SCHMIDT M. Fitness function design to improve evolutionary structural testing［C］// Proceedings of the Genetic and Evolutionary Computation Conference. 2002:1329-1336.
［20］	张琛,詹志辉. 遗传算法选择策略比较［J］. 计算机工程与设计, 2009,30(23):5471-5474.
［21］	LATA S, YADAV S L, SOHAL A. Comparative study of different selection techniques in genetic algorithm［J］. International Journal of Engineering Science, 2017,6(3):174-180.
［22］	HONG T P, WANG H S, CHEN W C. Simultaneously applying multiple mutation operators in genetic algorithms［J］. Journal of Heuristics, 2000,6(4):439-455.
［23］	KRAMER O. Genetic Algorithm Essentials［M］. Springer, 2017:85.

[1]	LIU Xian-zhuo, DENG Wei-si, XIE En-yan. Adaptive Protection System for Distribution Network Considering Grid Connection of Distributed Generation [J]. Computer and Modernization, 2023, 0(09): 120-126.
[2]	ZHANG Zhi-xia, XIE Bao-qiang. Natural Gas Load Forecasting Based on FCGA-LSTM and Transfer Learning [J]. Computer and Modernization, 2023, 0(07): 7-12.
[3]	WANG Min, XU Ying-hao, ZHU Xi-jun. Prediction Model of Diabetic Complications Based on BP Neural Network Optimized by Improved Genetic Algorithm#br# [J]. Computer and Modernization, 2022, 0(11): 69-74.
[4]	WANG Yang, CHEN Mei, LI Hui. FOCoR: A Course Recommendation Approach Based on Feature Selection Optimization [J]. Computer and Modernization, 2022, 0(10): 1-7.
[5]	RAN Hao-jie, WANG Hong-zhi. Distribution Center Site Selection of Fresh Agricultural Products Based on Improved Simulated Annealing Algorithm [J]. Computer and Modernization, 2022, 0(10): 36-40.
[6]	ZHAN Jun-wei, ZHUANG Yi. Mobile Edge Computing Task Offloading Model and Algorithm Based on Energy Consumption and Delay Optimization [J]. Computer and Modernization, 2022, 0(08): 86-93.
[7]	WU Dai-yang, ZHAO Jie, LIANG Jia-ming, DONG Zhen-ning, LIANG Zhou-yang. Host Matching for C2C Online Short-term Rentals [J]. Computer and Modernization, 2022, 0(06): 43-48.
[8]	XU Sheng-chao, XIONG Mao-hua. Optimization of Container Cloud Resource Allocation Based on Genetic Algorithm [J]. Computer and Modernization, 2022, 0(01): 108-112.
[9]	XU Ming, ZHANG Jian-ming, CHEN Song-hang, CHEN Hao. Multi-objective Optimization Algorithm for Flexible Job Shop Scheduling Problem [J]. Computer and Modernization, 2021, 0(12): 1-6.
[10]	ZHANG Lin-peng, WANG Xi-yuan, LI Qiang. Image Classification Based on Double-pooling Feature Weighted Convolutional Neural Network [J]. Computer and Modernization, 2021, 0(11): 67-71.
[11]	YANG Xiao-dong. Risk Assessment Model of Accounting Resource Sharing Management Based on Genetic Algorithm [J]. Computer and Modernization, 2021, 0(06): 24-28.
[12]	LIU Jun, PENG Hui-xian, HUANG Bin, Tony SHAY. Breast Cancer Diagnosis Model Based on BP-GamysBoost [J]. Computer and Modernization, 2021, 0(04): 8-14.
[13]	XU Sheng-chao. Using Genetic Algorithm for Virtual Machine Placement Optimization [J]. Computer and Modernization, 2020, 0(12): 25-31.
[14]	WU Hai-wei, WANG Xiao-zhong, ZHU Fa-shun, . A Scheduling Method of Smart Grid Based on Genetic Algorithm [J]. Computer and Modernization, 2020, 0(09): 122-126.
[15]	XU Xiao-yao, ZHANG Peng-fei, JIANG Jian. Dam Deformation Prediction Based on EMD-GAELM-ARIMA Algorithm [J]. Computer and Modernization, 2020, 0(07): 1-5.