欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2018, Vol. 35 ›› Issue (3): 409-416.DOI: 10.7523/j.issn.2095-6134.2018.03.016

• 计算机科学 • 上一篇    下一篇

一种自动化的Android应用定向行为测试方法

叶延玲1,2, 傅晓彤1, 张玉清2, 乐洪舟2   

  1. 1 西安电子科技大学网络与信息安全学院, 西安 710071;
    2 中国科学院大学国家计算机网络入侵防范中心, 北京 101408
  • 收稿日期:2017-01-13 修回日期:2017-04-21 发布日期:2018-05-15
  • 通讯作者: 叶延玲
  • 基金资助:
    国家重点研发计划(2016YFB0800700)、国家自然科学基金(61572460,61272481)、国家发展和改革委员会国家信息安全专项((2012)1424)和信息安全国家重点实验室开放基金(2017-ZD-01)资助

An automated and directed testing technique for target behavior of Android application

YE Yanling1,2, FU Xiaotong1, ZHANG Yuqing2, YUE Hongzhou2   

  1. 1 School of Cyber Engineering, Xidian University, Xi'an 710071, China;
    2 National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408, China
  • Received:2017-01-13 Revised:2017-04-21 Published:2018-05-15

摘要: Android应用特定行为的定向测试通常被用来测试应用是否存在隐私泄漏、远程控制等恶意行为。为解决已有定向测试方法存在的失败率高和耗时多等问题,提出一种以目标API调用代表程序特定行为的自动化测试方法。首先,用静态分析得出到达目标API调用位置的路径;然后在动态测试过程中,排除无关组件和控件,使应用沿路径自动运行至目标API调用的位置,触发特定行为。实验证明,本方法完成Android应用定向行为测试的效率较高。

关键词: Android, 定向测试, 目标API, 静态分析, 动态测试

Abstract: Directed testing of specific behaviors for Android applications is usually used to detect privacy leak, remote control, or other malicious behaviors. In order to solve the problems of the high failure-rate and large time-consuming of the present approaches, an automated testing method that uses target API invocation to represent the application's behavior is proposed. First, the method gets the invocation paths to the target API by using static analysis. Then dynamic testing is adopted to exclude extraneous components and GUI elements, and the application is driven to automatically run along the specific paths to reach the target API invocations and the specific behavior is triggered. Experimental results show that the method achieves a high efficiency.

Key words: Android, directed test, target API, static analysis, dynamic testing

中图分类号: