摘要
如今网络攻击活动越来越复杂,为更好地实现防御与溯源等目标,需对攻击代码进行深度分析。同时攻击影响也从桌面终端扩大到路由器、智能家居等物联网设备,新场景需要有轻量化和易部署的程序分析方法。为应对攻击活动分析新形势,提出一种系统内核驱动的轻量级二进制程序分析框架,通过合理利用操作系统实现机制对程序进行动态拦截,从而对目标程序进行细粒度动态分析。在此基础上结合内核特性提出一种优化的动态数据流分析方法,可进一步提升程序细粒度分析能力。通过采用基准程序和实际程序进行大量实验,验证了所提出方法的有效性和较好的分析性能,实验表明分析框架具有较好的可部署性和应用价值。
Nowadays cyber-attacks have become increasingly complicated. Researchers need to analyze the payload involved in the attacks in depth to better achieve the goals such as intelligent threat extraction and attack traceability. In addition, the attack targets have been extended from traditional terminals to small devices such as routers and intelligent homes. New analysis scenarios require the binary program analysis method to be lightweight and easier to deploy. In order to meet the new requirement of cyber-attack analysis, this paper proposes a lightweight dynamic analysis framework for binary program analysis. It is driven by the operating system kernel. It can dynamically intercept the program execution and perform efficient fine-grained analysis by reasonably integrating the implementation of the operating system. Then, this paper designs an optimized dynamic data flow analysis method combined with the kernel features. It can further improve the fine-grained analysis performance. Considerable experiments are conducted by using benchmark programs and real applications, and the results demonstrate that the framework can achieve a high analytical performance, an easy deployment and good practical applications.
作者
潘家晔
赵学健
PAN Jiaye;ZHAO Xuejian(School of Modern Posts,Nanjing University of Posts and Telecommunications,Nanjing 210003,China)
出处
《南京邮电大学学报(自然科学版)》
北大核心
2023年第1期52-61,共10页
Journal of Nanjing University of Posts and Telecommunications:Natural Science Edition
基金
国家自然科学基金(61672299)
南京邮电大学引进人才科研启动基金(NY221036)资助项目。
