关键词: 动态事件序列, 自动化UI触发, 制导验证, Android

Abstract: At present, Android application vulnerability detection methods have static analysis and dynamic analysis. The static analysis has high rate of false positive. Although dynamic analysis reduces the rate of false positive, its operating efficiency and coverage are low. In order to solve the problem of dynamic analysis, this paper proposes the dynamic event sequence guidance for Android application vulnerability verification technology. This technology generates the activity jump graph by using the method of automated UI trigger. Then precisely guiding the suspicious path of vulnerability. Finally, verifying the suspicious path of vulnerability is whether executing. Automatically analyzing 10, 122 applications, the recall rate is 96.12% and false positive rate is 2.66%. The results show that the dynamic event sequence guidance for Android application vulnerability verification technology has good effective on automatically analyzing application.

Key words: dynamic event sequence, automated UI trigger, guidance verification, Android