【摘要】 关注协议的异常行为,将协议传递的原始消息和实现协议的程序二进制代码均作为分析对象,采用动态污点分析和静态分析相结合的方法,先在自行设计的虚拟分析平台Abnormal Disc原型系统上监控和分析协议程序解析消息的过程,记录协议的公开行为,再利用提出的异常行为感知和挖掘算法,静态分析协议的异常行为触发条件和异常行为指令序列,最后根据异常行为触发条件生成带有敏感信息的协议新消息,动态触发异常行为的执行。Abnormal Disc原型系统可以感知并触发协议的异常行为,根据统计分析的结果,提出了协议运行安全性的评估方法。实验结果表明,利用所提供的方法可以比较准确地挖掘协议的异常行为,并能够对协议运行的安全性进行评估。更多还原

【Abstract】 Pay close attention to the protocol’s abnormal behavior, and takes the message raw data and the protocol binary code both as the analysis objects. The proposed method uses dynamic taint analysis combined with static analysis, firstly monitor and analyze the process of protocol program parses the message in our developed virtual platform Abnormal Disc prototype system, and record the protocol’s public behavior; then based on the proposed abnormal behavior perception and mining algorithm, static analyze the protocol’s abnormal behavior trigger conditions and abnormal behavior instruction sequences. Finally, generate the new protocol messages with the sensitive information according to the abnormal behavior trigger conditions, and dynamic trigger the abnormal behaviors execute. Abnormal Disc prototype system can perceive, trigger and analyze the protocol’s abnormal behaviors. According to the statistical analysis results, the evaluation method of protocol execution security was proposed. The experimental results show that the method can accurately mine the protocol’s abnormal behavior, and evaluate the protocol’s execution security.更多还原