摘要
现有黑盒或白盒的攻击特征生成方法面临样本采集困难、自动化程度较低、依赖源代码等问题。为此提出了一种基于可回溯动态污点分析的攻击特征生成方法,通过监控进程动态执行流程,提取与攻击输入相关的操作序列和约束条件,重建特征执行环境并添加判定语句,生成图灵机式的攻击特征。构造原型系统并进行测试的结果表明该方法能快速生成简洁高效的攻击特征。
Most of known attack signature generation systems took either black-box method or white-box method, both of which were limited in several aspects, such as costing a long time to capture sufficient samples, demanding arduous manual analysis and requiring source code of the vulnerable program. An attack signature generation method based on an innovative traceable dynamic taint analysis framework was proposed. By monitoring the vulnerable process execution, the executing trace and the constrain conditions exactly related to input data exploiting the vulnerability was extracted. Finally, by restoring the execution context and supplementing the determinant statements an executable Turing machine signature was attained. A prototype system was implemented and evaluated with different attack samples, which proved that the proposed method was able to generate accurate attack signature fast.
出处
《通信学报》
EI
CSCD
北大核心
2012年第5期21-28,共8页
Journal on Communications
基金
国家自然科学基金资助项目(61073179
60703076)
中国科学院知识创新工程基金资助项目~~
