基于机器学习的Android应用组件暴露漏洞分析

现阶段已有很多Android应用软件的自动化漏洞检测方法，针对现有漏洞检测方案仍然依赖于先验知识并且误报率较高的问题，本文研究了基于机器学习的Android应用软件组件暴露漏洞的分析方法.在对Android应用软件结构进行全方位分析的基础上，结合组件暴露漏洞模型，建立了相应的机器学习系统，并能够对Android漏洞特征进行提取、数据清理和向量化.结合人工分析与验证，建立了1 000个Android APK样本集，并通过训练实现了组件暴露漏洞的自动化识别，达到了90%以上的精确度. 

Analysis of Android Application Component Exposure Vulnerability Based on Machine Learning

There are many automated vulnerability detection methods for Android applications. However, existing vulnerability detection solutions still rely on prior knowledge and lead to high false positive rates. To improve the existing vulnerability detection methods, a machine learning based method was proposed to identify the component exposure vulnerability of Android applications. Analyzing Android application software structure and component exposure vulnerability model, a new machine learning system was established to perform the Android vulnerability features extraction, data cleaning and vectorized operation. Utilizing manual analysis and verification, 1 000 Android APK sample sets were established. Through a large number of training, the system can detect the component exposure vulnerabilities automatically, achieving the accuracy up to 90%.