Machine Learning based Code Injection Attack Vulnerability Detection for Android Hybrid Applications

Abstract

Abstract: The Android hybrid application has good cross platform portability, but the HTML and JavaScript code in the WebView component it uses can call data through internal or external channels to access related resources, resulting in a code injection attack vulnerability. To solve this problem, a machinelearningbased code injection attack vulnerability detection method for Android hybrid applications was proposed. Firstly, decompiled the Android hybrid application and fragmented its code; Then, extracted sensitive permissions and APIs that can trigger malicious code in the data for mixed application applications with Android, and combined them to generate feature vectors; Finally, various machine learning models are constructed for training and classification prediction. From the experimental results, the Random forest model has the highest recognition accuracy, and can improve the accuracy of vulnerability detection for Android hybrid application code injection attacks.

Key words: machine learning, Android hybrid application, Code injection attack, API;vulnerability detection

摘要： Android混合应用具有良好的跨平台移植性，但其使用的WebView组件中的HTML和JavaScript代码能够通过内部或外部通道调用数据来访问相关资源，从而产生代码注入攻击漏洞.针对这个问题，提出一种基于机器学习的Android混合应用代码注入攻击漏洞检测方法.首先，通过反编译Android混合应用，将其进行代码分片；然后，提取出与Android混合应用申请的敏感权限和能够触发数据中恶意代码的API，组合起来生成特征向量；最后，构建多种机器学习模型进行训练和分类预测.实验结果表明，随机森林模型的识别准确率较高，能够提高Android混合应用代码注入攻击漏洞检测的准确性.

关键词: 机器学习, Android混合应用, 代码注入攻击, API, 漏洞检测

CLC Number:

王旭阳, 秦玉海, 任思远, . 基于机器学习的Android混合应用代码注入攻击漏洞检测[J]. 信息安全研究, 2023, 9(10): 940-.

References

［1］孙才俊, 白冰, 王伟忠, 等. 基于指令序列嵌入的安卓恶意应用检测框架［J］. 信息安全研究, 2022, 8(8): 777785［2］陈镭, 杨章静, 黄璞, 等. 基于机器学习的Android恶意软件检测实验［J］. 实验技术与管理, 2020, 37(12): 9497［3］李占魁. 基于内存转储分析的代码注入攻击检测方法［D］. 西安: 西安电子科技大学, 2020［4］马宝强, 何俊江, 王运鹏, 等. 对抗机器学习攻击下的SQL注入检测方法［J］. 网络安全技术与应用, 2022 (4): 3839［5］杨成刚. 基于机器学习的Web应用入侵威胁检测［J］. 通信技术, 2021, 54(4): 967975［6］姜鑫. 基于机器学习的Android应用漏洞检测技术研究［D］. 北京: 北京邮电大学, 2019［7］田明会. 基于机器学习的安卓恶意应用检测方法研究［D］. 北京: 北京交通大学, 2017［8］邵帅, 王眉林, 陈冬青, 等. 基于机器学习的Android应用组件暴露漏洞分析［J］. 北京理工大学学报, 2019, 39(9): 974977［9］张家旺, 李燕伟. 基于机器学习算法的Android恶意程序检测系统［J］. 计算机应用研究, 2017, 34(6): 17741777［10］陈文波. 基于机器学习的Android应用软件权限管理技术研究［D］. 北京: 北京邮电大学, 2017［11］丘惠军, 连耿雄, 刘则君. 基于组合机器学习算法的Android恶意软件检测［J］. 信息技术, 2019, 43(7): 5964［12］王庆飞, 王长波, 鲍娟. 基于机器学习技术的Android恶意软件检测［J］. 科技资讯, 2020, 18(27): 810［13］赵梦雪. 基于深度学习的安卓恶意应用检测方法研究［D］. 北京: 北京交通大学, 2018［14］李剑, 朱月俊. 基于权限的安卓恶意软件检测方法［J］. 信息安全研究, 2017, 3(9): 817822［15］Jin X, Hu X, Ying K, et al. Code injection attacks on html5based mobile apps: Characterization, detection and mitigation［C］ Proc of the 2014 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2014: 6677［16］Chen Y L, Lee H M, Jeng A B, et al. DroidCIA: A novel detection method of code injection attacks on HTML5based mobile apps［EBOL］. ［20230703］. https:ieeexplore.ieee.orgabstractdocument7435482［17］Xiao X, Yan R, Ye R, et al. Detection and prevention of code injection attacks on HTML5based apps［C］ Proc of the 3rd Int Conf on Advanced Cloud and Big Data. Piscataway, NJ: IEEE, 2015: 254261

[1]	. Comparison Research on Intrusion Detection Model Based on Machine Learning [J]. Journal of Information Security Reserach, 2023, 9(8): 739-.
[2]	. Research on the Trusted Identity Scheme of Internet of Vehicles Based on Blockchain Oracle [J]. Journal of Information Security Reserach, 2023, 9(2): 120-.
[3]	. A CNN-LSTM Method Based on Attention Mechanism for In vehicle CAN Bus Intrusion Detection [J]. Journal of Information Security Reserach, 2023, 9(10): 961-.
[4]	. Challenges and Countermeasures of Artificial Intelligence Security Governance [J]. Journal of Information Security Reserach, 2022, 8(4): 318-.
[5]	. Research of Identification Method for LoRa devices Based on Physical Layer [J]. Journal of Information Security Reserach, 2022, 8(1): 19-.
[6]	. Research and Application of SSL Encryption Threat Detection Technology Based on Machine Learning Multi-Model [J]. Journal of Information Security Reserach, 2021, 7(E1): 151-.
[7]	. XGBoost Based DDoS Detection in Software-Defined Networking（SDN） [J]. Journal of Information Security Reserach, 2021, 7(11): 1031-.
[8]	. The Research of Discerning XSS Attack Based on FP-growth Optimized SVM Classifier [J]. Journal of Information Security Research, 2020, 6(9): 0-0.
[9]	. Flow Anomaly Detection Based on Hierarchical Clustering Method [J]. Journal of Information Security Research, 2020, 6(6): 0-0.
[10]	. Survey of Security Situation Prediction Technology Based on Artificial Intelligence [J]. Journal of Information Security Research, 2020, 6(6): 0-0.
[11]	. A Framework for Proactive Acquisition of Threat Intelligence Based on Darknet [J]. Journal of Information Security Research, 2020, 6(2): 131-138.
[12]	. Research on Webshell Detection Method Based on Logistic Regression Algorithm [J]. Journal of Information Security Research, 2019, 5(4): 298-302.
[13]	. Research on Anti-Scanning Technology Based on Machine Learning [J]. Journal of Information Security Research, 2019, 5(4): 303-308.
[14]	. Payment Risk Recognition Model Based on Stable Risk Feature Selection [J]. Journal of Information Security Research, 2019, 5(10): 858-864.
[15]	. A Static Tagging Method of Malicious Code Family Based on Multi-Feature [J]. Journal of Information Security Research, 2018, 4(4): 322-328.

Machine Learning based Code Injection Attack Vulnerability Detection for Android Hybrid Applications

基于机器学习的Android混合应用代码注入攻击漏洞检测

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics