摘要
网络攻击流量对于网络安全研究和网络防护设备测试具有重要意义。Metasploit是目前最流行的攻击框架,自带面向各种平台和漏洞的攻击脚本,支持新攻击脚本的快速开发。攻击框架的出现加快了漏洞利用的编写,降低了发起网络攻击的门槛,给网络安全提出了新的挑战。因此,研究了一种基于符号执行的Metasploit框架攻击流量提取方法。该方法无需搭建靶机环境,可以快速分析Metasploit框架中的攻击脚本,获取其对应的攻击流量,并且标记攻击流量中不同部分的属性,记录攻击状态的转移过程。
Network attack traffic is of great significance for network security research and network protection equipment testing.Metasploit is currently the most popular attack framework.It has attack scripts for various platforms and vulnerabilities,supporting rapid development of new attack scripts.The emergence of the attack framework speeds up the writing of exploits,lowers the threshold for launching network attacks,and poses new challenges for network security.Therefore,a Metasploit framework attack traffic extraction method based on symbolic execution is studied.This method does not need to set up the target machine environment,and can quickly analyze the attack script in the Metasploit framework to obtain the corresponding attack traffic.At the same time,it can mark the attributes of different parts of the attack traffic and record the transfer process of the attack state.
作者
刘焕伟
王轶骏
薛质
LIU Huan-wei;WANG Yi-jun;XUE Zhi(School of Cyber Security,Shanghai Jiao Tong University,Shanghai 200240,China)
出处
《通信技术》
2018年第12期2939-2945,共7页
Communications Technology
基金
国家重点研发计划项目"网络空间安全"重点专项(No.2017YFB0803203)~~
