Abstract
Android system versions update and iterate frequently with severe fragmentation. The distribution of the various Android versions’ market share is scattered, making system-level vulnerabilities’ risk extensive and serious. For the limitations of the present research, we design and implement a new comprehensive system-level vulnerability detection system VScanner. For the first time VScanner is based on Lua script engine as the core. It gives priority to dynamic detection by exploiting, and static detection by feature matching is complementary. Vulnerability trigger is developed by the form of plugins, and it bases on vulnerability taxonomy by POCAS, which shows good scalability. For system-level vulnerabilities, we have implemented 18 plugins, which all are system-level vulnerabilities in high risk. By experimental evaluation, VScanner has high efficiency, low false alarm rate, and good effects on vulnerability detection.
Author supplied keywords
Cite
CITATION STYLE
Zhang, J., Yao, Y., Li, X., Xie, J., & Wu, G. (2017). An android vulnerability detection system. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10394 LNCS, pp. 169–183). Springer Verlag. https://doi.org/10.1007/978-3-319-64701-2_13
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
