Hidden Markov model based method for detecting assembler instruction level vulnerability

A technology of hidden Markov and assembly instructions, applied in the field of information security

Inactive Publication Date: 2010-12-22
中国航天科技集团公司第七一0研究所 +1
View PDF3 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In this way, from the perspective of the observer, only the observation value can be seen, unlike the one-to-one correspondence between the observation value and the state in the Markov chain model

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Hidden Markov model based method for detecting assembler instruction level vulnerability
  • Hidden Markov model based method for detecting assembler instruction level vulnerability
  • Hidden Markov model based method for detecting assembler instruction level vulnerability

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0093] The technical solutions of the present invention will be described in detail below in conjunction with specific embodiments.

[0094] In this embodiment, the method of the present invention is used to perform vulnerability detection on 30 executable programs whose size is between 50KB and 100KB. Proceed as follows:

[0095] Step 1. Use 30 executable programs with a size of about 10KB to construct a vulnerability instruction library. The vulnerability instruction library contains 3 vulnerabilities, specifically:

[0096] Step 1.1: Disassemble 10 executable programs containing a software vulnerability using a static disassembly analysis tool to obtain a function structure diagram of all functions in the executable program; each function structure diagram is called an assembly instruction fragment.

[0097] Each function graph corresponds to a function, and each function graph includes but not limited to the following information: function name, function parameters, return ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a hidden Markov model based method for detecting assembler instruction level vulnerabilities, belonging to the technical field of information security. The method comprises the following steps of: (1) constructing a vulnerability instruction library (VIL); (2) respectively selecting a plurality of executable programs with the vulnerability as training data of the vulnerability for each vulnerability in the vulnerability instruction library by aiming at all the vulnerabilities in the vulnerability instruction library constructed in the step (1); (3) obtaining assembler instruction segments of the training data of each vulnerability in the vulnerability instruction library; (4) obtaining a numerical code sequence of the training data; (5) sequentially obtaining a parameter lambda r=(Ar, Br, pi r) of the corresponding hidden Markov model of each vulnerability in the vulnerability instruction library; and (6) recognizing the vulnerability of an executable program to be detected. Compared with the prior art, the hidden Markov model based method for detecting the assembler instruction level vulnerability has the following advantages of establishing a model for the assembler instruction with context correlation and recognizing vulnerability characteristics by using the HMM (Hidden Markov Model) for the first time, increasing vulnerability detection efficiency and reducing error report rate and missing report rate.

Description

technical field [0001] The invention relates to a method for detecting a leak at the assembly instruction level, in particular to a method for detecting the leak at the assembly instruction level based on a hidden Markov model, and belongs to the technical field of information security. Background technique [0002] With the rapid development of computer technology, the degree of informatization of human society is getting higher and higher, and the political, economic, military, cultural and other fields of the whole society rely more and more on computer information systems. In this case, the security of computer system has been paid more and more attention by people. However, the writing of large-scale software and systems requires many programmers to work together. They divide a software or system into several sections, divide the work into writing, then summarize and test; finally patch and release, so there are almost no security holes in the software. It is inevitabl...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F21/50
Inventor 王崑声李宁胡昌振白昊
Owner 中国航天科技集团公司第七一0研究所
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap