基于动态二进制平台的漏洞样本分析

2021 IEEE 3rd International Conference on Civil Aviation Safety and Information Technology (ICCASIT) Pub Date : 2021-12-18 DOI:10.1145/3510858.3511010

Wenjuan Bu, Fei Kang, Yuntian Zhao, Jianbo Xu

{"title":"基于动态二进制平台的漏洞样本分析","authors":"Wenjuan Bu, Fei Kang, Yuntian Zhao, Jianbo Xu","doi":"10.1145/3510858.3511010","DOIUrl":null,"url":null,"abstract":"Based on the existing vulnerability exploitation detection technology, this paper analyzes the buffer overflow vulnerability exploitation process, and detects vulnerability triggering, protection mechanism bypassing and shellcode execution by dynamic binary instrumentation (DBI) monitoring program execution process; According to the analysis of vulnerability sample shellcode behavior, the method of recording instruction information and key API function information is designed based on instrumentation API function; A prototype platform of vulnerability sample transplantation and utilization based on dynamic binary is designed and implemented, and test analysis of 40 typical vulnerability samples is carried out to verify the effectiveness and feasibility of the system.","PeriodicalId":6757,"journal":{"name":"2021 IEEE 3rd International Conference on Civil Aviation Safety and Information Technology (ICCASIT)","volume":"1 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2021-12-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Vulnerability Sample Analysis Based on Dynamic Binary Platform\",\"authors\":\"Wenjuan Bu, Fei Kang, Yuntian Zhao, Jianbo Xu\",\"doi\":\"10.1145/3510858.3511010\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Based on the existing vulnerability exploitation detection technology, this paper analyzes the buffer overflow vulnerability exploitation process, and detects vulnerability triggering, protection mechanism bypassing and shellcode execution by dynamic binary instrumentation (DBI) monitoring program execution process; According to the analysis of vulnerability sample shellcode behavior, the method of recording instruction information and key API function information is designed based on instrumentation API function; A prototype platform of vulnerability sample transplantation and utilization based on dynamic binary is designed and implemented, and test analysis of 40 typical vulnerability samples is carried out to verify the effectiveness and feasibility of the system.\",\"PeriodicalId\":6757,\"journal\":{\"name\":\"2021 IEEE 3rd International Conference on Civil Aviation Safety and Information Technology (ICCASIT)\",\"volume\":\"1 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-12-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE 3rd International Conference on Civil Aviation Safety and Information Technology (ICCASIT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3510858.3511010\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE 3rd International Conference on Civil Aviation Safety and Information Technology (ICCASIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3510858.3511010","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

在现有漏洞利用检测技术的基础上，分析了缓冲区溢出漏洞利用过程，通过动态二进制检测(DBI)监控程序执行过程，检测漏洞触发、绕过保护机制和shellcode执行;在分析漏洞样本shellcode行为的基础上，设计了基于仪表API函数的指令信息和关键API函数信息的记录方法;设计并实现了基于动态二进制的漏洞样本移植利用原型平台，并对40个典型漏洞样本进行了测试分析，验证了系统的有效性和可行性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Vulnerability Sample Analysis Based on Dynamic Binary Platform

Based on the existing vulnerability exploitation detection technology, this paper analyzes the buffer overflow vulnerability exploitation process, and detects vulnerability triggering, protection mechanism bypassing and shellcode execution by dynamic binary instrumentation (DBI) monitoring program execution process; According to the analysis of vulnerability sample shellcode behavior, the method of recording instruction information and key API function information is designed based on instrumentation API function; A prototype platform of vulnerability sample transplantation and utilization based on dynamic binary is designed and implemented, and test analysis of 40 typical vulnerability samples is carried out to verify the effectiveness and feasibility of the system.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 IEEE 3rd International Conference on Civil Aviation Safety and Information Technology (ICCASIT)

自引率

0.00%

发文量