摘要
传统的静态分析方法大多不能准确处理脚本与网络交互的过程,且会引入不可达路径,动态分析则需要搭建实验环境和手工分析。针对上述问题,提出一种基于符号执行的Python攻击脚本分析平台Py Ex Z3+。通过对Python脚本的动态符号执行及路径探索,可以获得触发攻击的输入流量及相应的输出攻击载荷,以此实现对Python攻击脚本的自动化分析。采用循环识别及运行时解析等优化策略,使程序更快进入目标代码。实验结果表明,Py Ex Z3+相比CHEF,Py Ex Z3等符号执行工具,具有更高的路径覆盖率和执行效率,同时Py Ex Z3+能够对目标脚本程序进行动态检测,实现高效、可行的自动化分析。
The traditional static analysis method cannot handle the interaction between the script and the network,and it introduces inaccessible path.The dynamic analysis needs to set up the experimental environment and needs manual analysis.To solve these problems,this paper proposes a Python attack script analysis platform called PyExZ3 +based on symbolic execution.Through the dynamic symbol execution and path exploration of Python script,it can get the input traffic and the corresponding output attack payload,which can realize the automatic analysis of Python attack script. PyExZ3 + uses loop identification and run time solver optimization strategy to improve the path coverage and the efficiency of symbolic execution.Experimental results show that PyExZ3 +has a higher path coverage and execution efficiency compared with the existing symbolic execution tools,such as CHEF and PyExZ3.Besides,PyExZ3 +can dynamically detect the target script’s payload and perform feasible automated analysis efficiently.
出处
《计算机工程》
CAS
CSCD
北大核心
2016年第11期139-146,共8页
Computer Engineering
基金
中国信息安全评测中心科研项目(CNITSEC-KY-2013-009/2)
