Journal of Information Security Reserach ›› 2023, Vol. 9 ›› Issue (10): 940-.

Previous Articles     Next Articles

Machine Learning based Code Injection Attack Vulnerability Detection for Android Hybrid Applications

  

  • Online:2023-10-17 Published:2023-10-27

基于机器学习的Android混合应用代码注入攻击漏洞检测

王旭阳秦玉海任思远   

  1. (中国刑事警察学院公安信息技术与情报学院沈阳110854)
  • 通讯作者: 秦玉海 一级警监,教授,博士生导师.主要研究方向为网络安全执法. 13840392578@163.com
  • 作者简介:王旭阳 硕士研究生.主要研究方向为网络安全执法技术. cipucwxy@163.com 秦玉海 一级警监,教授,博士生导师.主要研究方向为网络安全执法. 13840392578@163.com 任思远 硕士研究生.主要研究方向为网络安全执法技术. rensy0506@163.com

Abstract: The Android hybrid application has good cross platform portability, but the HTML and JavaScript code in the WebView component it uses can call data through internal or external channels to access related resources, resulting in a code injection attack vulnerability. To solve this problem, a machinelearningbased code injection attack vulnerability detection method for Android hybrid applications was proposed. Firstly, decompiled the Android hybrid application and fragmented its code; Then, extracted sensitive permissions and APIs that can trigger malicious code in the data for mixed application applications with Android, and combined them to generate feature vectors; Finally, various machine learning models are constructed for training and classification prediction. From the experimental results, the Random forest model has the highest recognition accuracy, and can improve the accuracy of vulnerability detection for Android hybrid application code injection attacks.

Key words: machine learning, Android hybrid application, Code injection attack, API;vulnerability detection

摘要: Android混合应用具有良好的跨平台移植性,但其使用的WebView组件中的HTML和JavaScript代码能够通过内部或外部通道调用数据来访问相关资源,从而产生代码注入攻击漏洞.针对这个问题,提出一种基于机器学习的Android混合应用代码注入攻击漏洞检测方法.首先,通过反编译Android混合应用,将其进行代码分片;然后,提取出与Android混合应用申请的敏感权限和能够触发数据中恶意代码的API,组合起来生成特征向量;最后,构建多种机器学习模型进行训练和分类预测.实验结果表明,随机森林模型的识别准确率较高,能够提高Android混合应用代码注入攻击漏洞检测的准确性.

关键词: 机器学习, Android混合应用, 代码注入攻击, API, 漏洞检测

CLC Number: