Automated network attack characteristic generation method

A network attack and tainted data technology, applied in the field of network security, can solve the problems of manual analysis, application situation limitation, and a large amount of manual analysis time, etc., and achieve the effect of accurate attack features, conducive to extraction, and automatic and fast attack feature generation process.

Active Publication Date: 2009-12-30
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF0 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, most of the existing white-box feature generation methods face the limitations of relying on program source code and requiring manual analysis by experienced analysts, resulting in limited application scenarios and a large amount of manual analysis time.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automated network attack characteristic generation method
  • Automated network attack characteristic generation method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] The present invention utilizes dynamic taint analysis technology to taint the input of untrusted sources of the analysis target program, and then record the use of taint data in the entire code execution process, and according to the data between parameters in the operation containing taint data The dependency propagates the tainted state to the related data, and monitors whether the tainted data is used unsafely according to the pre-set rules, so as to detect the attack behavior.

[0033] The specific embodiment of the present invention is described in detail below in conjunction with accompanying drawing: as figure 1 As shown, the implementation process of the automatic network attack feature generation method of the present invention is as follows:

[0034] 1. Construct a retroactive dynamic stain analysis system based on hardware simulator

[0035] The invention realizes the dynamic stain analysis at the instruction level by intercepting the single-step running int...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an automated network attack characteristic generation method, comprising the following steps: 1) a virtual operating system is installed in a virtual host, an operation environment coincident with the real application of a brittle program is configured, and a taint data operation rule is configured; 2) the brittle program is started, all network input thereof is marked as the taint data to be monitored, the state of the taint data is recorded, and relative operation command of the taint data is recorded to form a taint transmission flow graph; 3) when the abnormal operation of the taint data is detected, a command sequence operated and handled by the brittle the taint data starting from the input data pack is obtained from the taint transmission flow graph; 4) the command sequence is processed to be a compiling performing command, and a judging output sentence is added to generate Turing-type attack characteristics. The method of the invention is favourable for finding unknown bug attack behaviour and extracting the attack flow and has no need of obtaining brittle program source code, the generated attack characteristics are more accurate, and the attack characteristic generation process is automatic and quick.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a method for generating network attack features. Background technique [0002] With the rapid development of network applications, attackers' attack targets and attack methods have greatly increased, and the attack speed is faster and more destructive. The manual feature generation that relies on the analysis experience of professionals is time-consuming and laborious, and the quality of the generated features is also low. It is difficult to guarantee and cannot meet the application requirements. Automatic attack signature generation has become a research hotspot in the field of attack signature generation. The essence of the attack signature is the representation method for identifying and filtering the same type of attack input. Inspecting and filtering input using attack signatures in various network and host intrusion prevention systems is a common meth...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26G06F9/44
Inventor 刘豫杨轶苏璞睿
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap