Open Access  Subscription Access

在這個研究裡，我們提出一個以系統化的方式量測Android軟體檢測覆蓋率的方法。測量軟體檢測覆蓋率是用來理解一個動態分析工具能力的基礎。過去研究人員通常使用動態插入指令來測量軟體檢測覆蓋率。然而，這種方法只有在可以本機端完全受控的環境中才適用，同時常常也需要搭配原始碼進行檢測。我們主要透過產生靜態Android軟體修補的方法來進行檢測覆蓋率的量測。經過我們所修補的軟體可以同時用來測量本機和遠端的軟體檢測覆蓋率工具。我們的測量結果顯示目前市面上現有的軟體檢測覆蓋率大多介於10%到50%，表示這些工具仍有很大的空間可以改善。這些結果可以提供詳細的資訊給研究人員和開發人員，使他們對相關技術的能力有更徹底的了解以並提供可能的改善方向。In this study, we propose a systematic approach that measures the code coverage of Android dynamic analysis tools. Code coverage measurement is a fundamental step in understanding the capabilities of such tools. Previously, researchers often measured code coverage by using dynamic instrumentations. However, dynamic it is effective only in certain controlled environments and, therefore, are only applicable to local applications having source codes. Our approach resolves the aforementioned problems by generating statically patched Android packages for profiling dynamic analysis tools. The generated packages can be used to measure the code coverage rate of both local and remote tools. The measurement results reveal that the code coverage rate for the evaluated tools is between 10%-50%, indicating that these tools still require improvement. The results provide detailed information for researchers and developers to thoroughly understand and improve dynamic analysis techniques.

Android; 軟體檢測覆蓋率; 動態分析; 軟體測試; Android; code coverage measurement; dynamic analysis; software testing