《电子技术应用》
您所在的位置:首页 > 通信与网络 > 设计应用 > 基于补丁特性的漏洞扫描研究
基于补丁特性的漏洞扫描研究
信息技术与网络安全
刘思琦,王一鸣
(北京交通大学 计算机与信息技术学院,北京100044)
摘要: 为抵御漏洞引发的黑客攻击和漏洞自身产生的威胁,1day漏洞应用修复的通用办法是使用代码匹配检测。但目前源代码匹配误报率高,二进制代码匹配不精确且不通用。基于此,提出了一种由源代码到二进制的基于补丁特性的漏洞扫描模型——BinScan。它先形成已知漏洞数据库并对源代码进行已知漏洞扫描得出漏洞检测结果;然后利用源代码检测信息对打补丁前后源代码编译生成二进制文件,形成二进制漏洞库;最后比较目标二进制文件相似性,利用源代码结果进行检验。最终生成Linux Kernel的2 700条漏洞数据,15 496个patch文件,实现了利用源代码检测限制二进制文件的漏洞检测范围,然后基于CFG和二进制代码相似性检测补丁存在以检测漏洞。检测结果表明,此方法与其他二进制漏洞检测工具相比,可以将源代码级的漏洞扫描能力应用于二进制,是有效的。
中图分类号: TP309
文献标识码: A
DOI: 10.19358/j.issn.2096-5133.2021.07.009
引用格式: 刘思琦,王一鸣. 基于补丁特性的漏洞扫描研究[J].信息技术与网络安全,2021,40(7):52-58.
Research on vulnerability scanning based on patch characteristics
Liu Siqi,Wang Yiming
(School of Computer and Information Technology,Beijing Jiaotong University,Beijing 100044,China)
Abstract: In order to resist the hacker attack caused by the vulnerability and the threat generated by the vulnerability itself, the general method of 1day vulnerability application repair is to use code matching to detect. But at present, the false alarm rate of source code matching is high, and the binary code similarity matching is not accurate and universal. Based on this, this paper proposes a vulnerability scanning model from source code to binary code, BinScan, which is based on patch features. Firstly, it forms a known vulnerability database and scans the source code for known vulnerabilities to obtain the vulnerability detection results; then it uses the source code detection information to compile the source code before and after the patch to generate a binary file and to form a binary vulnerability library; finally it compares the target binary files for similarity performance, using the source code results for verification. In the end, this paper generates 2 700 vulnerability data and 15 496 patch files of Linux Kernel. It has been realized to use source code detection to limit the vulnerability detection range of binary files, and to detect the existence of patches based on the similarity of CFG and binary code to detect vulnerabilities. The detection results show that compared with other binary vulnerability detection tools, this method can apply source code level vulnerability scanning capabilities to binary and is effective.
Key words : patch characteristics;vulnerability scanning;binary;source code;security

0 引言

 在时间维度上,漏洞都会经历产生、发现、公开和消亡等过程,不同的时间段,漏洞有不同的名称和表现形式。1day漏洞是指在厂商发布安全补丁之后,大部分用户还未打补丁的漏洞,此类漏洞依然具有可利用性。在各类型软件中,许多漏洞的寿命超过12个月,针对此类漏洞的通用应用修复办法是使用代码匹配[1],但是往往通过补丁做出的修补都是一些细微的变化,这会导致许多代码匹配的方法不精确且不通用,造成结果高误报。




本文详细内容请下载:http://www.chinaaet.com/resource/share/2000003678




作者信息:

刘思琦,王一鸣

(北京交通大学 计算机与信息技术学院,北京100044)


此内容为AET网站原创,未经授权禁止转载。