ParaIntentFuzz：Android applications parallel fuzzing system

doi:10.3778/j.issn.1002-8331.1609-0195

Computer Engineering and Applications ›› 2018, Vol. 54 ›› Issue (4): 110-116.DOI: 10.3778/j.issn.1002-8331.1609-0195

Previous Articles Next Articles

ParaIntentFuzz：Android applications parallel fuzzing system

LI Chuan1, LIU Baoxu2

1.School of Mathematics and Computer Science, Fuzhou University, Fuzhou 350000, China
2.Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China

Online:2018-02-15 Published:2018-03-07

ParaIntentFuzz：安卓应用漏洞的并行化模糊测试方法

李川1，刘宝旭2

1.福州大学数学与计算机科学学院，福州 350000
2.中国科学院信息工程研究所，北京 100093

Abstract

Abstract: Permission leakage is a common kind of vulnerability among Android applications. This kind of vulnerability can lead to serious security problem. Fuzzing the Intent to discover the expose of components and find the permission leakage from the exposed components is an efficient method to mine permission leakage. However, existing works based on Intent Fuzz to test this kind of vulnerability are only running on single machine, which leads to low availability. A parallel fuzzing system based on dynamic task distribution, named ParaIntentFuzz, is implemented. It first extracts extra information from application by static analysis and then constructs Intent commands. After sending commands to target application via Drozer, ParaIntentFuzz can effectively fuzz the target application. The system is deployed on four computers. With ParaIntentFuzz, it analyzes 10 064 Android applications and finds 7 367 of them having permission leakage problem.

Key words: permission leakage, vulnerability mining, parallel, Android

摘要： 权限泄露是安卓应用中较为普遍存在的一类漏洞，可导致较为严重的安全问题，例如“串谋提权”等。通过Intent模糊测试技术发现暴露的组件，是挖掘权限泄露漏洞的有效方法。但是现有Intent模糊测试技术仅限于单机运行，效率低下。提出一种基于动态任务分配的并行模糊测试方法ParaIntentFuzz。该方法通过静态分析提取出安卓应用的extra信息并构造Intent命令，通过Drozer工具给目标应用发送命令，实现了独立的模糊测试，并部署到4台机器上。使用它分析了10 064个Android应用，最后发现有7 367个应用存在权限泄露的问题。

关键词: 权限泄露, 漏洞挖掘, 并行, Android

LI Chuan1, LIU Baoxu2. ParaIntentFuzz：Android applications parallel fuzzing system[J]. Computer Engineering and Applications, 2018, 54(4): 110-116.

李川1，刘宝旭2. ParaIntentFuzz：安卓应用漏洞的并行化模糊测试方法[J]. 计算机工程与应用, 2018, 54(4): 110-116.

[1]	LI Junli. Parallel Mutual-Information Computation of Categorical Data Based on Spark [J]. Computer Engineering and Applications, 2021, 57(7): 95-100.
[2]	SHI Jieyuan, YUAN Zhiyong, LIAO Xiangyun, ZHAO Jianhui. Multirate Systematic Framework for Magnetic Levitation Visuo-Haptic Interaction [J]. Computer Engineering and Applications, 2021, 57(5): 197-203.
[3]	TANG Rui, JIAO Jiye, XU Huahao. Design of Hardware Accelerator for Embedded Convolutional Neural Network [J]. Computer Engineering and Applications, 2021, 57(4): 252-257.
[4]	XIONG Jian, QIN Renchao, HE Mengyi, LIU Jianlan, TANG Fengyang. Application of Improved Random Forest Algorithm in Android Malware Detection [J]. Computer Engineering and Applications, 2021, 57(3): 130-136.
[5]	YANG Luyue, ZHANG Shumei, ZHAO Junli. Dynamic Expression Recognition with Partial Occlusion Based on Parallel Gan [J]. Computer Engineering and Applications, 2021, 57(24): 168-178.
[6]	WANG Yulian, LU Mingming. Interpretable Automatic Detection of Android Malware Based on Graph Embedding [J]. Computer Engineering and Applications, 2021, 57(23): 122-128.
[7]	ZHU Meng, MIN Weidong, ZHANG Yu, DUAN Jingwen. Parallel Selective Kernel Attention Based on HardSoftmax [J]. Computer Engineering and Applications, 2021, 57(21): 95-101.
[8]	FENG Kai, LI Jing. Subnetwork Reliability of k-Ary n-Cube Networks [J]. Computer Engineering and Applications, 2021, 57(16): 83-89.
[9]	SU Qing, LIN Huazhi, HUANG Jianfeng, LIN Zhiyi. Malicious Android Application Detection Combining CNN and Catboost Algorithm [J]. Computer Engineering and Applications, 2021, 57(15): 140-146.
[10]	LI Jian, ZHANG Dawei, JIANG Xiaoming, XIANG Liyun. Review on Parallelized Flood Inundation Models [J]. Computer Engineering and Applications, 2021, 57(13): 1-7.
[11]	SUN Ming, CHEN Xin. Design Method of Convolutional Neural Network Accelerator [J]. Computer Engineering and Applications, 2021, 57(13): 77-84.
[12]	CHEN Yuanwen. Application of MapReduce Technology in Problem of Material Transportation and Stowage [J]. Computer Engineering and Applications, 2021, 57(12): 273-278.
[13]	GUO Zhihan, LUO Senlin, KE Dongxiang, QIN Xiaonan. Hierarchical Acquisition Method of Android System Service Information [J]. Computer Engineering and Applications, 2021, 57(12): 99-104.
[14]	YANG Jie, WU Suping. Parallel Algorithm for Point Cloud Reconstruction [J]. Computer Engineering and Applications, 2020, 56(6): 213-219.
[15]	YE Yingshi, WEI Fuyi, CAI Xianzi. Research on Fast Dijkstra Algorithm Based on Parallel Computing [J]. Computer Engineering and Applications, 2020, 56(6): 58-65.

ParaIntentFuzz：Android applications parallel fuzzing system

ParaIntentFuzz：安卓应用漏洞的并行化模糊测试方法

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics