TY - GEN
T1 - GeneDroid Fuzz
T2 - 2024 IEEE Global Communications Conference, GLOBECOM 2024
AU - Lu, Runfeng
AU - Sun, Yuzhu
AU - Sun, Haofeng
AU - Fu, Xiao
AU - Luo, Bin
AU - Du, Xiaojiang
AU - Shi, Jin
AU - Aitsaadi, Nadjib
AU - Guizani, Mohsen
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - With the rapid expansion of mobile internet usage, the prevalence of the Android operating system on smartphones is steadily growing. However, improper utilization of the Intent mechanism within Android applications can result in security vulnerabilities. Presently, the majority of Android security testing methods, which rely heavily on fuzzing, are predominantly focused on UI interactions, lacking sufficient testing capabilities for Intents. The motivation of this paper is to find a more effective testing method to improve the security detection capabilities of Intents. This paper introduces an Intent fuzzing method based on genetic mutation principles. Initially, we establish an Intent seed library using a text classification model, followed by employing Jaccard distance and minimum edit distance to refine high-quality seeds. Subsequently, we augment the seeds through extensive mutation using genetic algorithms, generating numerous test cases that exhibit structural similarity but contain varied content. During testing, we compare the state before and after Intent testing using image similarity to detect anomalies. Experimental results demonstrate that this method effectively enhances test coverage and identifies potential issues in edge cases. This approach offers an efficient means of conducting Intent security testing and enhances Android app robustness and security.
AB - With the rapid expansion of mobile internet usage, the prevalence of the Android operating system on smartphones is steadily growing. However, improper utilization of the Intent mechanism within Android applications can result in security vulnerabilities. Presently, the majority of Android security testing methods, which rely heavily on fuzzing, are predominantly focused on UI interactions, lacking sufficient testing capabilities for Intents. The motivation of this paper is to find a more effective testing method to improve the security detection capabilities of Intents. This paper introduces an Intent fuzzing method based on genetic mutation principles. Initially, we establish an Intent seed library using a text classification model, followed by employing Jaccard distance and minimum edit distance to refine high-quality seeds. Subsequently, we augment the seeds through extensive mutation using genetic algorithms, generating numerous test cases that exhibit structural similarity but contain varied content. During testing, we compare the state before and after Intent testing using image similarity to detect anomalies. Experimental results demonstrate that this method effectively enhances test coverage and identifies potential issues in edge cases. This approach offers an efficient means of conducting Intent security testing and enhances Android app robustness and security.
KW - Android
KW - Fuzzing
KW - Gene Mutation
KW - Intent
UR - https://www.scopus.com/pages/publications/105000832076
UR - https://www.scopus.com/pages/publications/105000832076#tab=citedBy
U2 - 10.1109/GLOBECOM52923.2024.10900990
DO - 10.1109/GLOBECOM52923.2024.10900990
M3 - Conference contribution
AN - SCOPUS:105000832076
T3 - Proceedings - IEEE Global Communications Conference, GLOBECOM
SP - 3733
EP - 3738
BT - GLOBECOM 2024 - 2024 IEEE Global Communications Conference
Y2 - 8 December 2024 through 12 December 2024
ER -