Mining denial of service vulnerability in Android applications automatically

doi:10.11772/j.issn.1001-9081.2017.11.3288

Journal of Computer Applications ›› 2017, Vol. 37 ›› Issue (11): 3288-3293.DOI: 10.11772/j.issn.1001-9081.2017.11.3288

Previous Articles Next Articles

Mining denial of service vulnerability in Android applications automatically

ZHOU Min, ZHOU Anmin, LIU Liang, JIA Peng, TAN Cuijiang

College of Electronics and Information, Sichuan University, Chengdu Sichuan 610065, China

Received:2017-05-12 Revised:2017-06-08 Online:2017-11-10 Published:2017-11-11

组件拒绝服务漏洞自动挖掘技术

周敏, 周安民, 刘亮, 贾鹏, 谭翠江

四川大学电子信息学院, 成都 610065

通讯作者: 周安民
作者简介:周敏(1994-),女,陕西汉中人,硕士研究生,主要研究方向:移动安全、恶意代码分析、漏洞挖掘;周安民(1963-),男,四川成都人,研究员,主要研究方向:安全防御管理、移动互联网安全、云计算安全;刘亮(1982-),男,四川成都人,讲师,硕士,主要研究方向:漏洞挖掘、恶意代码分析;贾鹏(1988-),男,四川成都人,博士研究生,主要研究方向:病毒传播动力学、二进制安全、恶意代码分析;谭翠江(1991-),男,四川成都人,硕士研究生,主要研究方向:移动安全、恶意代码分析、漏洞挖掘。

Abstract

Abstract: Concerning the fact that when the receiver of an Intent does not validate empty data and abnormal data, the process will crash and cause denial of service, an automated Android component vulnerability mining framework based on static analysis techniques and fuzzing test techniques was proposed. In this framework, reverse analysis techniques and static data flow analysis techniques were used to extract package name, component, Intent with the data of a traffic and data flow paths from exported component to private component to assist fuzzing test. In addition, more mutation strategy on the attributes of Intent (such as Action, Category, Data and Extra) were added while generating Intent tests and the Accessibility technology was adopted to close the crash windows in order to realize automation. Finally, a tool named DroidRVMS was implemented, and a comparative experiment with Intent Fuzzer was designed to verify the validity of the framework. The experimental results show that DroidRVMS can find denial of service vulnerability resulting from dynamic broadcast receiver and most types of exceptions.

Key words: component communication, denial of service, static analysis, dynamic analysis, vulnerability mining

摘要： 针对Android应用对获取到的数据没有进行空数据和异常数据的安全验证，会发生崩溃导致组件拒绝服务的问题，提出了一种组件拒绝服务漏洞自动化挖掘框架。通过逆向分析和静态数据流分析技术获取安卓应用的包名和组件信息，同时跟踪应用对Intent对象的数据访问，提取Intent对象携带的数据信息，并且识别公开组件启动私有组件的路径信息，辅助动态模糊测试挖掘漏洞。为了增大测试用例的覆盖范围和实现自动化，该框架增加了对Intent的Action、Category、Data和Extra属性的畸变，并且采用Accessibility技术自动关闭应用崩溃弹窗，大幅提高了检测效率。为了验证框架的有效性和实用性，利用所提的框架设计实现了工具——DroidRVMS，并与Intent Fuzzer工具进行了对比。实验结果表明，DroidRVMS能够有效地发现动态广播组件的拒绝服务漏洞和大部分类型异常导致的拒绝服务攻击。

关键词: 组件通信, 拒绝服务, 静态分析, 动态分析, 漏洞挖掘

CLC Number:

TP311

ZHOU Min, ZHOU Anmin, LIU Liang, JIA Peng, TAN Cuijiang. Mining denial of service vulnerability in Android applications automatically[J]. Journal of Computer Applications, 2017, 37(11): 3288-3293.

周敏, 周安民, 刘亮, 贾鹏, 谭翠江. 组件拒绝服务漏洞自动挖掘技术[J]. 计算机应用, 2017, 37(11): 3288-3293.

References

[1] 肖卫, 张源, 杨珉. 安卓应用软件中Intent数据验证漏洞的检测方法[J]. 小型微型计算机系统, 2017, 38(4):813-819.(XIAO W, ZHANG Y, YANG M. Find Intent data validation vulnerability in Android application automatically and efficiently[J]. Journal of Chinese Computer Systems, 2017, 38(4):813-819.)
[2] LU L, LI Z, WU Z, et al. CHEX:statically vetting Android apps for component hijacking vulnerabilities[C]//Proceedings of the 2012ACM Conference on Computer and Communications Security. New York:ACM, 2012:229-240.
[3] GIBLER C, CRUSSELL J, ERICKSON J, et al. AndroidLeaks:automatically detecting potential privacy leaks in Android applications on a large scale[C]//Proceedings of the 5th International Conference on Trust and Trustworthy Computing. Berlin:Springer-Verlag, 2012:291-307.
[4] VALL, E-RAI R, CO P, et al. Soot:a Java bytecode optimization framework[C]//Proceedings of CASCON 1st Decade High Impact Papers. Riverton, NJ:IBM, 2010:214-224.
[5] ARZT S, RASTHOFER S, FRITZ C, et al. FlowDroid:precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps[J]. ACM SIGPLAN Notices, 2014, 49(6):259-269.
[6] 王允超, 魏强, 武泽慧. 基于静态污点分析的Android应用Intent注入漏洞检测方法[J]. 计算机科学, 2016, 43(9):192-196.(WANG Y C, WEI Q, WU Z H. Approach of Android applications Intent injection vulnerability detection based on static taint analysis[J]. Computer Science, 2016, 43(9):192-196.)
[7] 李红辉, 齐佳, 刘峰,等. 模糊测试技术研究[J]. 中国科学:信息科学, 2014, 44(10):1305-1322.(LI H H, QI J, LIU F, et al. The research progress of fuzz testing technology[J]. Science China:Information Sciences, 2014, 44(10):1305-1322.)
[8] YANG K, ZHUGE J, WANG Y, et al. Intent Fuzzer:detecting capability leaks of Android applications[C]//Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. New York:ACM, 2014:531-536.
[9] MULLINER C, MILLER C. Fuzzing the phone in your phone[EB/OL].[2015-01-08].http://mulliner.org/security/sms/feed/smsfuzz_26c3.pdf.
[10] The analysis report on generic denial of service vulnerability in Android APP[EB/OL].[2015-01-08].http://www.secpulse.com/archives/3859.html.
[11] iSEC Partners. Intent Fuzzer[EB/OL].[2016-12-23].https://www.isecpartners.com/tools/mobile-security/intentfuzzer.aspx.
[12] MAJI A K, ARSHAD F A, BAGCHI S, et al. An empirical study of the robustness of Inter-component communication in Android[C]//Proceedings of the 2012 IEEE/IFIP International Conference on Dependable Systems and Networks. Piscataway, NJ:IEEE, 2012:1-12.
[13] 汤杨, 曾凡平, 王健康,等. 基于静态分析的Android GUI遍历方法[J]. 计算机应用, 2016, 36(10):2811-2815. (TANG Y, ZENG F P, WANG J K, et al. Android GUI traversal method based on static analysis[J]. Journal of Computer Applications, 2016, 36(10):2811-2815.)
[14] 王敏, 陈少敏, 陈亚光. 基本路径测试用例设计算法[J]. 计算机应用, 2013, 33(11):3262-3266.(WANG M, CHEN S M, CHEN Y G. Test case design algorithm for basic path test[J]. Journal of Computer Applications, 2013, 33(11):3262-3266.)
[15] 张密, 杨力, 张俊伟. FuzzerAPP:Android应用程序组件通信鲁棒性测试[J]. 计算机研究与发展, 2017, 54(2):338-347.(ZHANG M, YANG L, ZHANG J W. FuzzerAPP:the robustness test of application component communication in Android[J]. Journal of Computer Research and Development, 2017, 54(2):338-347.)
[16] Intent class overview[EB/OL].[2016-11-09].https://developer.android.com/reference/android/content/Intent.html.
[17] 李晓洲. Android应用程序组件漏洞测试方法研究[D]. 太原:太原理工大学, 2015:38-47. (LI X Z. Study of Android application component vulnerability testing method[D]. Taiyuan:Taiyuan University of Technology, 2015:38-47.)

Mining denial of service vulnerability in Android applications automatically

组件拒绝服务漏洞自动挖掘技术

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

[1]	LIU Xiangju, LIU Pengcheng, XU Hui, ZHU Xiaojuan. Distributed denial of service attack detection method based on software defined Internet of things [J]. Journal of Computer Applications, 2020, 40(3): 753-759.
[2]	CHEN Yi, ZHANG Meijing, XU Fajian. Slow HTTP DoS attack detection method based on one-dimensional convolutional neural network [J]. Journal of Computer Applications, 2020, 40(10): 2973-2979.
[3]	LANG Dapeng, DING Wei, JIANG Haocheng, CHEN Zhiyuang. Malicious code classification algorithm based on multi-feature fusion [J]. Journal of Computer Applications, 2019, 39(8): 2333-2338.
[4]	MA Lan, CUI Bohua, LIU Xuan, YUE Meng, WU Zhijun. Hidden semi-Markov model-based approach to detect DDoS attacks in application layer of SWIM system [J]. Journal of Computer Applications, 2019, 39(7): 1973-1978.
[5]	FU Menglin, WU Lifa, HONG Zheng, FENG Wenbo. Research on vulnerability mining technique for smart contracts [J]. Journal of Computer Applications, 2019, 39(7): 1959-1966.
[6]	ZHANG Hanfang, ZHOU Anmin, JIA Peng, LIU Luping, LIU Liang. Directed fuzzing method for binary programs [J]. Journal of Computer Applications, 2019, 39(5): 1389-1393.
[7]	BU Tongtong, CAO Tianjie. Risk assessment method of Android application based on permission [J]. Journal of Computer Applications, 2019, 39(1): 131-135.
[8]	KONG Yazhou, ZHANG Liancheng, WANG Zhenxing. Address hopping proactive defense model in IPv6 based on sliding time window [J]. Journal of Computer Applications, 2018, 38(7): 1936-1940.
[9]	WU Ruohao, DONG Ping, ZHENG Tao. Malicious scanning protection technology based on OpenDayLight [J]. Journal of Computer Applications, 2018, 38(1): 188-193.
[10]	MA Linjin, WAN Liang, MA Shaoju, YANG Ting, YI Huifan. Distributed denial of service attack recognition based on bag of words model [J]. Journal of Computer Applications, 2017, 37(6): 1644-1649.
[11]	HAN Dezhi, CHEN Xuguang, LEI Yuxin, DAI Yongtao, ZHANG Xiao. Real-time data analysis system based on Spark Streaming and its application [J]. Journal of Computer Applications, 2017, 37(5): 1263-1269.
[12]	LIU Zeyu, XIA Yang, ZHANG Yilong, REN Yuan. Application-layer DDoS defense model based on Web behavior trajectory [J]. Journal of Computer Applications, 2017, 37(1): 128-133.
[13]	TANG Yang, ZENG Fanping, WANG Jiankang, HUANG Xinyi. Android GUI traversal method based on static analysis [J]. Journal of Computer Applications, 2016, 36(10): 2811-2815.
[14]	LI Fangwei, ZHANG Xinyue, ZHU Jiang, ZHANG Haibo. Network security situational awareness model based on information fusion [J]. Journal of Computer Applications, 2015, 35(7): 1882-1887.
[15]	SHEN Xueli, SHEN Jie. Optimization method of tracing distributed denial of service attacks based on autonomous system and dynamic probabilistic packet-marking [J]. Journal of Computer Applications, 2015, 35(6): 1705-1709.