摘要
网络空间安全斗争形式日趋复杂,针对软件安全的攻防博弈愈演愈烈。软件漏洞挖掘与利用的复杂性及专业性,使得大量工作仅能依靠安全专家完成。近年来,漏洞数量激增,仅依靠安全专家已无法有效应对。自动化漏洞利用应运而生,该方法在提升工作效率的同时降低人力成本,并一定程度上满足了自动化攻防的迫切需求。介绍自动化漏洞利用相关概念,对关键技术进行归纳与总结,梳理国内外主流的自动化漏洞利用系统。
The situation of cyberspace security is becoming more and more complex,and the offensive and defensive game against software security is intensifying.The complexity and technical of software vulnerability mining and exploitation make a lot of work only rely on security experts to complete.In recent years,the number of vulnerabilities has soared,and it has been impossible to respond effectively by means of manual means.Automated exploitation have emerged.This method reduces labor costs while improving work efficiency and meets the urgent need for automated attack and defense.Introduces the concept of automated exploitation;generalizes and summarizes the key technologies;sorts out the mainstream automated exploit systems at home and abroad.
作者
靳宪龙
黄雅娟
JIN Xian-long;HUANG Ya-juan(College of Computer Science,Sichuan University,Chengdu 610065;School of Graduate,National University of Defense Technology,Nanjing 210012)
出处
《现代计算机》
2019年第31期15-20,共6页
Modern Computer
