CN110661804A - Stain analysis vulnerability detection method for firewall - Google Patents
Stain analysis vulnerability detection method for firewall Download PDFInfo
- Publication number
- CN110661804A CN110661804A CN201910932056.3A CN201910932056A CN110661804A CN 110661804 A CN110661804 A CN 110661804A CN 201910932056 A CN201910932056 A CN 201910932056A CN 110661804 A CN110661804 A CN 110661804A
- Authority
- CN
- China
- Prior art keywords
- memory
- taint
- access
- instruction
- istaint
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
Abstract
A stain analysis vulnerability detection method for a firewall comprises the following steps: extracting a file system of the firewall firmware; introducing a stain into the target firewall program; defining a taint propagation rule according to the classification of the assembly instructions; and defining a taint detection rule according to the taint propagation rule, thereby detecting whether the target firewall program is attacked or not. The stain analysis vulnerability detection method aims at firewall equipment with an MIPS (microprocessor with interleaved stages architecture) framework in Internet of things equipment, and the prior art has less research on the firewall equipment, so that the technical blank in the field is filled up. The method expresses the taint propagation rule and the taint detection rule by formal description, and has higher accuracy and low false alarm rate.
Description
Technical Field
The invention provides a stain analysis vulnerability detection method for a firewall in Internet of things equipment, which is mainly used for detecting a vulnerability of the firewall equipment and belongs to the field of Internet of things safety.
Background
In the information age of our body, the development of networks is thousands of days, and the networks bring benefits and convenience to our bodies and bring many risks to our bodies. Trojan, virus abuse, webpage tampering, frequent hacking attacks, various rogue software and spyware, and the wind and wave are generated in the internet-surfing equipment. As a strict "gatekeeper" of internet of things devices and networks, the importance of firewalls for security is self-evident. The firewall is responsible for each port of the gatekeeper system, helps us to intercept all suspicious programs or data packets, and further judges whether the programs or the data packets can be released or deleted. But if the firewall is breached, an attacker can obtain critical information using the firewall. The security of firewalls is therefore a central concern throughout the Internet network.
When deeply analyzing the safety principle of the bottom layer of the intelligent equipment, the hardware is inevitably required to be directly contacted. A common internet of things (called internet of things, IOT for short) product is generally developed by using an embedded Linux system, and one of the main purposes of chip research on embedded devices is to obtain firmware of a hardware system. The executable program of the embedded device is called firmware. Firmware is generally stored in ROM, which is a short for Read-Only Memory (Read-Only Memory) and is a solid-state semiconductor Memory capable of reading Only data stored in advance. Firmware is usually written in assembly language and serves as the most basic and bottom-level work for a system. The presence of firmware allows people to use embedded devices conveniently, but also with security risks. According to investigation, since individuals, enterprises and governments rarely update firmware versions after using firewall devices, hackers are more likely to attack old versions of the devices, so that confidential information is leaked and personal property is lost.
The current dynamic taint analysis platform also has the problems of both accuracy and performance. The accuracy rate is represented by false alarm caused by 'over pollution' and missing report problem caused by 'under pollution'.
Disclosure of Invention
With the rapid increase of the internet of things equipment, the increase of network attack means and the slight view of people on network safety, the safety of the internet of things equipment becomes more and more important, and the invention provides a stain analysis vulnerability detection method for a firewall, which is used for solving the safety problem of the firewall. By using the method provided by the invention, the safety of the firewall equipment can be improved, and the information and property safety of a user can be further ensured.
A stain analysis vulnerability detection method for a firewall comprises the following steps:
step 1: extracting a file system of the firewall firmware;
step 2: introducing a stain into the target firewall program;
and step 3: defining a taint propagation rule according to the classification of the assembly instructions;
and 4, step 4: and defining a taint detection rule according to the taint propagation rule, thereby detecting whether the target firewall program is attacked or not.
Further, step 1 comprises:
step 1-1: obtaining firewall firmware;
step 1-2: determining the type of a file system in firewall firmware;
step 1-3: the file system in the firmware is extracted.
Further, step 2 comprises: when the firewall program is started, all variables, memory units, registers and the like are initialized to be non-pollution, then dynamic code instrumentation is carried out through a Dynamori code instrumentation tool, and received or read-in data are marked as a pollution source.
Further, the formalized description of the taint propagation rule defined in step 3 includes a taint propagation rule for a read access memory instruction, a taint propagation rule for a write access memory instruction, and a taint propagation rule for a non-memory access instruction.
Further, the taint propagation rule of the read access memory instruction is as follows:
Pload(Insload)::=Pload(Ra,Rv)::=isTaint(Ra)∨isTaint(Rv);
wherein, Pload(Insload) Taint propagation rules, Ins, representing read access to memory instructionsloadIndicating a read access to memory instruction, Pload(Ra,Rv) Indicating a taint propagation rule with respect to read access memory addresses and the contents of read access memory addresses, RaIndicating a read access memory address, RvMemory address R representing a read accessaWhere isaint () represents the mapping of the set V of registers, memory data, and constants to the taint attribute set T ═ True, False ═ isaint (R)a) Indicating a dirty map, isTaint (R), for read access to a memory addressv) Indicating a memory address R for a read accessaTaint mapping of stored content of (c);
the rule indicates that, for a read access memory instruction, Ins is present if the memory address accessed or the contents of the memory accessed is contaminatedloadThe intermediate destination operand is contaminated.
Further, the taint propagation rule of the write access memory instruction is as follows:
Pstore(Insstore)::=Pstore(Wa,Wv)::=isTaint(Wa)∨isTaint(Wv),
wherein, Pstore(Insstore) Dirty propagation rules, Ins, representing write access to memory instructionsstoreIndicating a write access to memory, Pstore(Wa,Wv) Indicating a memory address for a write access and a dirty propagation rule for the contents of the write memory address, WaMemory address, W, indicating write accessvIndicating that memory address W is to be written toaWhere isaint () represents the mapping of the set of registers, memory data, and constants to the taint attribute set T ═ True, False ═ isTaint (W)a) Indicating a dirty map, isTaint (W), for write-access memory addressesv) Representing a taint map for write access to write memory contents;
the rule indicates, for a write access memory instruction, if the memory address of the write access is orIf the content to be written into the memory is contaminated, InsstoreThe intermediate destination operand is contaminated.
Further, the taint propagation rule of the non-memory access instruction is as follows:
wherein, Pumem(Insumem) Indicating dirty propagation rules, Ins, for non-memory access instructionsumemIndicating a non-memory-access instruction, Pumem(Operandsrc) Indicating a dirty propagation rule for source operands in non-memory access instructions, OperandsrcRepresenting instructions InsumemSet of source operands, isTaint (op)i) Indicates about InsumemA dirty map of source operands in the instruction, isTaint () represents a map of the set of registers, memory data, and constants to a dirty attribute set T ═ True, False ",representing a dirty map, op, that detects source operands in all non-memory access instructionsiRepresentation set OperandsrcN represents an opiThe number of (2);
the rule indicates that for non-memory access instructions, if there is an element opi∈
OperandsrcAt this point, isTaint (op)i) True, denotes InsumemThe intermediate destination operand is contaminated.
Further, the formalized description of the taint detection rule defined in step 4 includes the taint detection rule of the jump instruction and the taint detection rule of the memory access instruction.
Further, the taint detection rule of the jump instruction is as follows:
Pbranch(Insbranch)::=Pbranch(ba,bv)::=isTaint(ba)∨isTaint(bv);
wherein, Pbranch(Insbranch) Taint detection rules, Ins, representing jump instructionsbranchIndicating a jump instruction, Pbranch(ba,bv) Indicating a taint detection rule with respect to the destination address of the jump instruction and the content at the destination address, baIndicating the destination address of the jump instruction, bvAs the jump address baThe instruction content of (c), isTaint () represents the mapping of the set of registers, memory data, and constants to the taint attribute set T ═ { True, False }, isTaint (b)a) Indicating a taint mapping with respect to the jump address, isTaint (b)v) Representing a taint map, isTaint (b), on the content of the instruction at the jump addressa)∨isTaint(bv) Indicating that the jump address is detected or whether the instruction content at the jump address is polluted or not is detected;
the rule indicates that the target program is determined to be likely to be attacked if the jump address is contaminated or the instruction content at the jump address is contaminated.
Further, the taint detection rule of the memory access instruction is as follows:
Pmem(Insmem)::=Pmem(ta,tv)::=isTaint(ta);
wherein, Pmem(Insmem) Taint detection rules, Ins, representing memory access instructionsmemRepresenting memory access instructions, Pmem(ta,tv) Indicating a taint detection rule, t, with respect to memory access addresses and content at which valid memory addresses are accessedaEffective memory address, t, indicating a memory accessvRepresenting the mapping of the set of registers, memory data, and constants to the dirty attribute set T ═ True, False () representing the set of registers, memory data, and constants, isTaint (T) for either the contents at the effective memory address for a read access or the contents of the write memory for a write accessa) A taint map representing valid access addresses for the memory;
the rule indicates that the target program is determined to be likely to be attacked if the valid memory address accessed by the memory access instruction is contaminated.
The invention achieves the following beneficial effects:
(1) aiming at firewall equipment with an MIPS (micro processor with interleaved stepped statelocated architecture) architecture in equipment of the Internet of things, the method for detecting the taint analysis vulnerability provided by the invention has less research on the aspect in the prior art, and fills up the technical blank in the field.
(2) The method expresses the taint propagation rule and the taint detection rule by formal description, and has higher accuracy and low false alarm rate.
Drawings
Fig. 1 is a schematic flow chart of the dynamic taint analysis vulnerability detection method according to the present invention.
Detailed Description
The technical scheme of the invention is further explained in detail by combining the drawings in the specification.
A stain analysis vulnerability detection method for a firewall comprises the following steps:
step 1: and extracting the file system of the firewall firmware.
The step 1 comprises the following steps:
step 1-1: and obtaining firewall firmware.
Step 1-2: the type of file system in the firewall firmware is determined.
Step 1-3: the file system in the firmware is extracted.
Step 2: introducing a smudge to the target firewall program.
The step 2 comprises the following steps: when the firewall program is started, all variables, memory units, registers and the like are initialized to be non-pollution, then dynamic code instrumentation is carried out through a Dynamori code instrumentation tool, and received or read-in data are marked as a pollution source.
And step 3: according to the classification of the assembly instructions, a taint propagation rule is defined.
The formalized description of the taint propagation rule defined in the step 3 comprises a taint propagation rule of a read access memory instruction, a taint propagation rule of a write access memory instruction and a taint propagation rule of a non-memory access instruction.
Read access to memoryThe instruction's taint propagation rules are: pload(Insload)::=Pload(Ra,Rv)::=isTaint(Ra)∨isTaint(Rv). Wherein, Pload(Insload) Taint propagation rules, Ins, representing read access to memory instructionsloadIndicating a read access to memory instruction, Pload(Ra,Rv) Indicating a taint propagation rule with respect to read access memory addresses and the contents of read access memory addresses, RaIndicating a read access memory address, RvMemory address R representing a read accessaWhere isaint () represents the mapping of the set V of registers, memory data, and constants to the taint attribute set T ═ True, False ═ isaint (R)a) Indicating a dirty map, isTaint (R), for read access to a memory addressv) Indicating a memory address R for a read accessaA taint mapping of stored content of (c). The rule indicates that, for a read access memory instruction, Ins is present if the memory address accessed or the contents of the memory accessed is contaminatedloadThe intermediate destination operand is contaminated.
The taint propagation rule of the write access memory instruction is as follows: pstore(Insstore)::=Pstore(Wa,Wv)::=isTaint(Wa)∨isTaint(Wv). Wherein, Pstore(Insstore) Dirty propagation rules, Ins, representing write access to memory instructionsstoreIndicating a write access to memory, Pstore(Wa,Wv) Indicating a memory address for a write access and a dirty propagation rule for the contents of the write memory address, WaMemory address, W, indicating write accessvIndicating that memory address W is to be written toaWhere isaint () represents the mapping of the set of registers, memory data, and constants to the taint attribute set T ═ True, False ═ isTaint (W)a) Indicating a dirty map, isTaint (W), for write-access memory addressesv) Indicating a dirty map for write accesses to write memory contents. The rule indicates that for a write access memory instruction, Ins is used if the memory address of the write access or the contents to be written into the memory are contaminatedstoreThe intermediate destination operand is contaminated.
The taint propagation rule of the non-memory access instruction is as follows: wherein, Pumem(Insumem) Indicating dirty propagation rules, Ins, for non-memory access instructionsumemIndicating a non-memory-access instruction, Pumem(Operandsrc) Indicating a dirty propagation rule for source operands in non-memory access instructions, OperandsrcRepresenting instructions InsumemSet of source operands, isTaint (op)i) Indicates about InsumemA dirty map of source operands in the instruction, isTaint () represents a map of the set of registers, memory data, and constants to a dirty attribute set T ═ True, False ",representing a dirty map, op, that detects source operands in all non-memory access instructionsiRepresentation set OperandsrcN represents an opiThe number of (2). The rule indicates that for non-memory access instructions, if there is an element opi∈OperandsrcAt this point, isTaint (op)i) True, denotes InsumemThe intermediate destination operand is contaminated.
And 4, step 4: and defining a taint detection rule according to the taint propagation rule, thereby detecting whether the target firewall program is attacked or not.
The formalization of the taint detection rule defined in step 4 describes the taint detection rule comprising a jump instruction and the taint detection rule comprising a memory access instruction.
The stain detection rule of the jump instruction is as follows: pbranch(Insbranch)::=Pbranch(ba,bv)::=isTaint(ba)∨isTaint(bv). Wherein, Pbranch(Insbranch) Indicating the dirty of a jump instructionPoint inspection rules, InsbranchIndicating a jump instruction, Pbranch(ba,bv) Indicating a taint detection rule with respect to the destination address of the jump instruction and the content at the destination address, baIndicating the destination address of the jump instruction, bvAs the jump address baThe instruction content of (c), isTaint () represents the mapping of the set of registers, memory data, and constants to the taint attribute set T ═ { True, False }, isTaint (b)a) Indicating a taint mapping with respect to the jump address, isTaint (b)v) Representing a taint map, isTaint (b), on the content of the instruction at the jump addressa)∨isTaint(bv) Indicating that the jump address is detected or that the instruction content at the jump address is tainted. The rule indicates that the target program is determined to be likely to be attacked if the jump address is contaminated or the instruction content at the jump address is contaminated.
The taint detection rule of the memory access instruction is as follows: pmem(Insmem)::=Pmem(ta,tv)::=isTaint(ta). Wherein, Pmem(Insmem) Taint detection rules, Ins, representing memory access instructionsmemRepresenting memory access instructions, Pmem(ta,tv) Indicating a taint detection rule, t, with respect to memory access addresses and content at which valid memory addresses are accessedaEffective memory address, t, indicating a memory accessvRepresenting the mapping of the set of registers, memory data, and constants to the dirty attribute set T ═ True, False () representing the set of registers, memory data, and constants, isTaint (T) for either the contents at the effective memory address for a read access or the contents of the write memory for a write accessa) Representing a dirty map for a valid access address of the memory. The rule indicates that the target program is determined to be likely to be attacked if the valid memory address accessed by the memory access instruction is contaminated.
The above description is only a preferred embodiment of the present invention, and the scope of the present invention is not limited to the above embodiment, but equivalent modifications or changes made by those skilled in the art according to the present disclosure should be included in the scope of the present invention as set forth in the appended claims.
Claims (10)
1. A stain analysis vulnerability detection method for a firewall is characterized by comprising the following steps:
step 1: extracting a file system of the firewall firmware;
step 2: introducing a stain into the target firewall program;
and step 3: defining a taint propagation rule according to the classification of the assembly instructions;
and 4, step 4: and defining a taint detection rule according to the taint propagation rule, thereby detecting whether the target firewall program is attacked or not.
2. The firewall taint analysis vulnerability detection method according to claim 1, characterized in that: the step 1 comprises the following steps:
step 1-1: obtaining firewall firmware;
step 1-2: determining the type of a file system in firewall firmware;
step 1-3: the file system in the firmware is extracted.
3. The firewall taint analysis vulnerability detection method according to claim 1, characterized in that: the step 2 comprises the following steps: when the firewall program is started, all variables, memory units, registers and the like are initialized to be non-pollution, then dynamic code instrumentation is carried out through a Dynamori code instrumentation tool, and received or read-in data are marked as a pollution source.
4. The method of claim 1, wherein the method comprises the following steps: the formalized description of the taint propagation rule defined in the step 3 comprises a taint propagation rule of a read access memory instruction, a taint propagation rule of a write access memory instruction and a taint propagation rule of a non-memory access instruction.
5. The method of claim 4, wherein the method comprises the following steps: the taint propagation rule of the read access memory instruction is as follows:
Pload(Insload)::=Pload(Ra,Rv)::=isTaint(Ra)∨isTaint(Rv);
wherein, Pload(Insload) Taint propagation rules, Ins, representing read access to memory instructionsloadIndicating a read access to memory instruction, Pload(Ra,Rv) Indicating a taint propagation rule with respect to read access memory addresses and the contents of read access memory addresses, RaIndicating a read access memory address, RvMemory address R representing a read accessaWhere isaint () represents the mapping of the set V of registers, memory data, and constants to the taint attribute set T ═ True, False ═ isaint (R)a) Indicating a dirty map, isTaint (R), for read access to a memory addressv) Indicating a memory address R for a read accessaTaint mapping of stored content of (c);
the rule indicates that, for a read access memory instruction, Ins is present if the memory address accessed or the contents of the memory accessed is contaminatedloadThe intermediate destination operand is contaminated.
6. The method of claim 4, wherein the method comprises the following steps: the taint propagation rule of the write access memory instruction is as follows:
Pstore(Insstore)::=Pstore(Wa,Wv)::=isTaint(Wa)∨isTaint(Wv),
wherein, Pstore(Insstore) Dirty propagation rules, Ins, representing write access to memory instructionsstoreIndicating a write access to memory, Pstore(Wa,Wv) Indicating a memory address for a write access and a dirty propagation rule for the contents of the write memory address, WaMemory address, W, indicating write accessvIndicating that memory address W is to be written toaThe content of (a) is (b),isTaint () represents the mapping of the set of registers, memory data, and constants to the taint attribute set T ═ { True, False }, isTaint (W)a) Indicating a dirty map, isTaint (W), for write-access memory addressesv) Representing a taint map for write access to write memory contents;
the rule indicates that for a write access memory instruction, Ins is used if the memory address of the write access or the contents to be written into the memory are contaminatedstoreThe intermediate destination operand is contaminated.
7. The method of claim 4, wherein the method comprises the following steps: the taint propagation rule of the non-memory access instruction is as follows:
wherein, Pumem(Insumem) Indicating dirty propagation rules, Ins, for non-memory access instructionsumemIndicating a non-memory-access instruction, Pumem(Operandsrc) Indicating a dirty propagation rule for source operands in non-memory access instructions, OperandsrcRepresenting instructions InsumemSet of source operands, isTaint (op)i) Indicates about InsumemA dirty map of source operands in the instruction, isTaint () represents a map of the set of registers, memory data, and constants to a dirty attribute set T ═ True, False ",representing a dirty map, op, that detects source operands in all non-memory access instructionsiRepresentation set OperandsrcN represents an opiThe number of (2);
the rule indicates that for non-memory access instructions, if there is an element opi∈OperandsrcAt this point, isTaint (op)i) True, denotes InsumemThe intermediate destination operand is contaminated.
8. The method of claim 1, wherein the method comprises the following steps: the formalization of the taint detection rule defined in step 4 describes the taint detection rule comprising a jump instruction and the taint detection rule comprising a memory access instruction.
9. The method of claim 8, wherein the method comprises: the stain detection rule of the jump instruction is as follows:
Pbranch(Insbranch)::=Pbranch(ba,bv)::=isTaint(ba)∨isTaint(bv);
wherein, Pbranch(Insbranch) Taint detection rules, Ins, representing jump instructionsbranchIndicating a jump instruction, Pbranch(ba,bv) Indicating a taint detection rule with respect to the destination address of the jump instruction and the content at the destination address, baIndicating the destination address of the jump instruction, bvAs the jump address baThe instruction content of (c), isTaint () represents the mapping of the set of registers, memory data, and constants to the taint attribute set T ═ { True, False }, isTaint (b)a) Indicating a taint mapping with respect to the jump address, isTaint (b)v) Representing a taint map, isTaint (b), on the content of the instruction at the jump addressa)∨isTaint(bv) Indicating that the jump address is detected or whether the instruction content at the jump address is polluted or not is detected;
the rule indicates that the target program is determined to be likely to be attacked if the jump address is contaminated or the instruction content at the jump address is contaminated.
10. The method of claim 8, wherein the method comprises: the stain detection rule of the memory access instruction is as follows:
Pmem(Insmem)::=Pmem(ta,tv)::=isTaint(ta);
wherein, Pmem(Insmem) Taint detection rules, Ins, representing memory access instructionsmemRepresenting memory access instructions, Pmem(ta,tv) Indicating a taint detection rule, t, with respect to memory access addresses and content at which valid memory addresses are accessedaEffective memory address, t, indicating a memory accessvRepresenting the mapping of the set of registers, memory data, and constants to the dirty attribute set T ═ True, False () representing the set of registers, memory data, and constants, isTaint (T) for either the contents at the effective memory address for a read access or the contents of the write memory for a write accessa) A taint map representing valid access addresses for the memory;
the rule indicates that the target program is determined to be likely to be attacked if the valid memory address accessed by the memory access instruction is contaminated.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910932056.3A CN110661804B (en) | 2019-09-29 | 2019-09-29 | Stain analysis vulnerability detection method for firewall |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910932056.3A CN110661804B (en) | 2019-09-29 | 2019-09-29 | Stain analysis vulnerability detection method for firewall |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110661804A true CN110661804A (en) | 2020-01-07 |
CN110661804B CN110661804B (en) | 2021-12-31 |
Family
ID=69039765
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910932056.3A Active CN110661804B (en) | 2019-09-29 | 2019-09-29 | Stain analysis vulnerability detection method for firewall |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110661804B (en) |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080235755A1 (en) * | 2007-03-22 | 2008-09-25 | Mocana Corporation | Firewall propagation |
CN101615238A (en) * | 2009-07-28 | 2009-12-30 | 南京大学 | Distort the detection and the leak positioning system of attack based on binary internal memory |
CN101616151A (en) * | 2009-07-31 | 2009-12-30 | 中国科学院软件研究所 | A kind of automated network attack characteristic generation method |
CN102129538A (en) * | 2011-03-04 | 2011-07-20 | 北京邮电大学 | System and method for detecting buffer overflow vulnerability of source code of sensor network |
CN103995782A (en) * | 2014-06-17 | 2014-08-20 | 电子科技大学 | Taint analyzing method based on taint invariable set |
CN104021073A (en) * | 2014-05-06 | 2014-09-03 | 南京大学 | Software vulnerability detection method based on pointer analysis |
CN105808430A (en) * | 2016-03-03 | 2016-07-27 | 中国科学院软件研究所 | Multi-semantic dynamic taint analysis method |
CN107291617A (en) * | 2016-12-26 | 2017-10-24 | 中国科学院软件研究所 | A kind of leak analysis method based on implicit tainting |
CN108259514A (en) * | 2018-03-26 | 2018-07-06 | 平安科技(深圳)有限公司 | Leak detection method, device, computer equipment and storage medium |
CN108520180A (en) * | 2018-03-01 | 2018-09-11 | 中国科学院信息工程研究所 | A kind of firmware Web leak detection methods and system based on various dimensions |
CN109002721A (en) * | 2018-07-12 | 2018-12-14 | 南方电网科学研究院有限责任公司 | Mining analysis method for information security vulnerability |
CN109325353A (en) * | 2018-11-01 | 2019-02-12 | 南京邮电大学 | A kind of cluster leak analysis method for home router |
CN109583200A (en) * | 2017-09-28 | 2019-04-05 | 中国科学院软件研究所 | A kind of program exception analysis method based on dynamic tainting |
CN109753801A (en) * | 2019-01-29 | 2019-05-14 | 重庆邮电大学 | The intelligent terminal Malware dynamic testing method called based on system |
-
2019
- 2019-09-29 CN CN201910932056.3A patent/CN110661804B/en active Active
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080235755A1 (en) * | 2007-03-22 | 2008-09-25 | Mocana Corporation | Firewall propagation |
CN101615238A (en) * | 2009-07-28 | 2009-12-30 | 南京大学 | Distort the detection and the leak positioning system of attack based on binary internal memory |
CN101616151A (en) * | 2009-07-31 | 2009-12-30 | 中国科学院软件研究所 | A kind of automated network attack characteristic generation method |
CN102129538A (en) * | 2011-03-04 | 2011-07-20 | 北京邮电大学 | System and method for detecting buffer overflow vulnerability of source code of sensor network |
CN104021073A (en) * | 2014-05-06 | 2014-09-03 | 南京大学 | Software vulnerability detection method based on pointer analysis |
CN103995782A (en) * | 2014-06-17 | 2014-08-20 | 电子科技大学 | Taint analyzing method based on taint invariable set |
CN105808430A (en) * | 2016-03-03 | 2016-07-27 | 中国科学院软件研究所 | Multi-semantic dynamic taint analysis method |
CN107291617A (en) * | 2016-12-26 | 2017-10-24 | 中国科学院软件研究所 | A kind of leak analysis method based on implicit tainting |
CN109583200A (en) * | 2017-09-28 | 2019-04-05 | 中国科学院软件研究所 | A kind of program exception analysis method based on dynamic tainting |
CN108520180A (en) * | 2018-03-01 | 2018-09-11 | 中国科学院信息工程研究所 | A kind of firmware Web leak detection methods and system based on various dimensions |
CN108259514A (en) * | 2018-03-26 | 2018-07-06 | 平安科技(深圳)有限公司 | Leak detection method, device, computer equipment and storage medium |
CN109002721A (en) * | 2018-07-12 | 2018-12-14 | 南方电网科学研究院有限责任公司 | Mining analysis method for information security vulnerability |
CN109325353A (en) * | 2018-11-01 | 2019-02-12 | 南京邮电大学 | A kind of cluster leak analysis method for home router |
CN109753801A (en) * | 2019-01-29 | 2019-05-14 | 重庆邮电大学 | The intelligent terminal Malware dynamic testing method called based on system |
Non-Patent Citations (1)
Title |
---|
沙乐天等: "《基于多属性决策及污点跟踪的大数据平台敏感信息泄露感知方法》", 《通信学报》 * |
Also Published As
Publication number | Publication date |
---|---|
CN110661804B (en) | 2021-12-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US12069091B2 (en) | Visual detection of phishing websites via headless browser | |
Or-Meir et al. | Dynamic malware analysis in the modern era—A state of the art survey | |
Carmony et al. | Extract Me If You Can: Abusing PDF Parsers in Malware Detectors. | |
US7370360B2 (en) | Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine | |
US8307435B1 (en) | Software object corruption detection | |
JP4741782B2 (en) | Computer immune system and method for detecting undesirable codes in a computer system | |
Wilhelm et al. | A forced sampled execution approach to kernel rootkit identification | |
TWI483137B (en) | Computing device including a port and a guest domain | |
US20080320594A1 (en) | Malware Detector | |
CN102043915B (en) | Method and device for detecting malicious code contained in non-executable file | |
US20110307956A1 (en) | System and method for analyzing malicious code using a static analyzer | |
US20110277033A1 (en) | Identifying Malicious Threads | |
US10452421B2 (en) | Identifying kernel data structures | |
US11916937B2 (en) | System and method for information gain for malware detection | |
US8332941B2 (en) | Exploit nonspecific host intrusion prevention/detection methods and systems and smart filters therefor | |
Case et al. | Hooktracer: Automatic detection and analysis of keystroke loggers using memory forensics | |
Dornhackl et al. | Malicious behavior patterns | |
Quarta et al. | Toward systematically exploring antivirus engines | |
Yin et al. | Automatic malware analysis: an emulator based approach | |
CN110661804B (en) | Stain analysis vulnerability detection method for firewall | |
Li et al. | Understanding security risks of embedded devices through fine-grained firmware fingerprinting | |
Neugschwandtner et al. | d Anubis–Dynamic Device Driver Analysis Based on Virtual Machine Introspection | |
Kim | The impact of platform vulnerabilities in AI systems | |
Rashmitha et al. | Malware analysis and detection using reverse Engineering | |
Jawhar | A Survey on Malware Attacks Analysis and Detected |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |