摘要
软件受到攻击后将在所执行的系统调用状况中有所体现,因此可将基于系统调用的入侵检测技术应用于软件漏洞的检测。本文针对无源码的可执行程序,引入系统调用节点和系统调用上下文信息的概念来刻画软件行为的动态特性和漏洞的位置信息,利用改进的STIDE算法构造软件正常行为特征库来检测并定位漏洞。实验结果表明该方法能够准确获取软件行为信息,且具有较强的漏洞检测能力。
After the software is attacked,the influence will be reflected in the status of the executed system call. Therefore,the intrusion detection technology based on system calls can be applied into the detection of software vulnerabilities.In order to analyze the executable program without source code,the concept of the system call node and the context information are introduced to depict the dynamic behavior characteristics of the software and the localization information of the vulnerabilities in this paper.Furthermore,the vulnerabilities can be detected and located by building the normal behavior characteristics library based on the improved STIDE algorithm.The experiment results show that the behavior information of the software can be obtained and the vulnerabilities can be detected accurately by applying the above method.
出处
《软件工程》
2017年第2期12-15,共4页
Software Engineering
关键词
漏洞检测
行为建模
系统调用短序列
STIDE算法
函数调用链
vulnerability detection
behavior modeling
the short sequence of system calls
STIDE algorithm
function call chain
