摘要
软件升级过程中,缺乏对升级信息或升级包的认证可能会导致基于中间人攻击的远程代码执行漏洞。为此,提出一种升级漏洞自动检测方法。该方法通过提取升级过程中的网络流量,对升级机制自动画像,将其与漏洞特征向量匹配,预判升级漏洞;在模拟验证环境中,利用画像信息实施中间人攻击,验证检测结果。基于该方法设计了升级漏洞自动分析与验证系统,对184个Windows应用软件样本进行测试,检测出117个样本的升级漏洞,证明了本方法的有效性。
During the software upgrade process,the lack of authentication for upgrade information or packages can lead to remote code execution vulnerabilities based on man-in-the-middle attack.An automatic detection method for upgrading vulnerabilities was proposed.The method described the upgrade mechanism by extracting the network traffic during the upgrade process,then matched it with the vulnerability feature vector to anticipate upgrading vulnerabilities.In a validation environment,the man-in-the-middle attack using the portrait information was carried out to verify the detection results.In addition,an automatic vulnerability analysis and verification system based on this method was designed.184 Windows applications samples was test and 117 upgrade vulnerabilities were detected in these samples,which proved validity of the method.
作者
腾金辉
光焱
舒辉
张冰
TENG Jinhui;GUANG Yan;SHU Hui;ZHANG Bing(Strategic Support Force Information Engineering University,Zhengzhou 450001,China)
出处
《网络与信息安全学报》
2020年第1期94-108,共15页
Chinese Journal of Network and Information Security
基金
国家重点研发计划基金资助项目(No.2018YFB08011601)。
关键词
软件升级
流量分析
漏洞检测
自动化分析与验证
software upgrade
network traffic analysis
vulnerability detection
automated analysis and validation
