| With the rapid spread of mobile Internet and mobile terminals,personal privacy information in Android systems and applications has attracted more and more hackers’ attention.Mobile security has become a problem that cannot be ignored.Application is the most direct layer of interaction with the user in the Android system framework.A more comprehensive and effective security detection of the application can explore potential security risks.The existing detection method can only detect a certain part of the application,either the detection accuracy is not high,or unable to fully and effectively detect application security risks.It is of great theoretical significance and practical value to conduct a more comprehensive inspection of the potential safety issues in the application,evaluate the comprehensive safety level of the application,and provide repair suggestions for corresponding safety hazards.Aiming at the problem that the existing Android application security detection method has low code path coverage and low detection accuracy,a security rule detection method based on feature set is proposed.The method comprehensively analyzes the AndroidManifest.xml configuration file,Dex executable file,signature file,etc.,uses a variety of judgment conditions and considers the source code to compose different formats,and at the same time adds more detection judgment filter rules to build a feature rule set to perform security detection on the application..The experimental results show that this method can fully exploit the security risks in the application and provide suggestions for the security issues.Aiming at the problem that the accuracy of the existing Android application permission leak detection method custom rules is not comprehensive,a method of permission leak detection based on RF(Random Forest)algorithm is proposed.This method is based on information such as component exposures and permission requests extracted from static analysis,combined with information such as permission calls and permission checks collected during the dynamic running process.It extracts relevant features and builds feature vector sets based on the analysis of permission leakage features,and a random forest algorithm is used to build a permission leak detection model,and it is determined whether the application to be detected has the risk of leaking the permission.Experimental results show that the method has high accuracy and recall rate,and can effectively detect the problem of leaking of permission in applications.Design and implement an Android application security detection system.The main functions of the system include the detection of application safety hazards,the application of safety scores based on the results of the test,the assessment of the application of the security rating based on the overall score,generate a test report with results and recommendations.The system detection process occupies less computing resources and has good compatibility.It has high practical value. |
PDF Full Text Request