Software vulnerability detection method based on short system call sequences

A detection method and software vulnerability technology, applied in the field of information security, can solve problems such as inability to detect unknown vulnerabilities, and achieve the effect of enhancing detection capabilities

Active Publication Date: 2015-07-08
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF3 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The above methods have high detection accuracy for different malicious attacks, but there is also the problem of being unable to detect unknown vulnerabilities

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] Examples are given below to describe the present invention in detail.

[0030]The basic idea of ​​the present invention is: run the target program in a safe environment, monitor its system call sequence and stack information, "segment" the system call sequence into short sequences according to the STIDE algorithm, and establish a normal behavior feature library. Then expose the target program to the attack, use the same algorithm to obtain short sequences for pattern matching, and calculate the Hamming distance and system call deviation value to determine whether behavior deviation occurs. When the behavior deviates beyond the threshold, a vulnerability is detected, and the vulnerability is located according to the stack information of the current system call.

[0031] The method steps are as follows:

[0032] The first step is to establish the function call chain CS of the system under test. CS is used to record the function name corresponding to the return address in...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a software vulnerability detection method based on short system call sequences. The method is used for detecting and positioning software vulnerability. The method comprises the steps of building the function call chain CS of a tested system, storing the function call chain CS in a function stack table, and denoting the index of the function call chain as CSV; acquiring a system call sequence under the normal behavior, and taking the sequences from each invoke node i to n-1 nodes after the invoke node as normal short sequences; acquiring unknown short sequences under unknown behaviors in the similar way; adding call deviation values of corresponding elements of each unknown short sequence and the corresponding normal short sequence together to obtain sequence deviation, and obtaining the minimal sequence deviation value; taking the number of unmatched elements as Hamming distance, and finding out minimal Hamming distance; finding out the invoke node with the largest call deviation value in the unknown short sequence which does not exceed a threshold value most recently when the largest value of the minimal Hamming distance and the largest value of the minimal sequence deviation both exceed a certain threshold value, and finding out the vulnerability position according to the CSV value. By the adoption of the method, detection efficiency is improved.

Description

technical field [0001] The invention belongs to the technical field of information security, and in particular relates to a software vulnerability detection method based on a system call short sequence. Background technique [0002] Software vulnerabilities are a group of weaknesses or defects existing in a software system, which are exploited by malicious subjects (attackers or attack programs) to access unauthorized information or damage the system. Due to the complexity of its functions and behaviors, software inevitably has some loopholes, which bring great hidden dangers to the entire software system. [0003] Traditional vulnerability detection technologies mostly use static detection technologies such as lexical analysis, rule checking, and type derivation to analyze source code structure, jump conditions, boundary values, etc., and find suspicious factors. However, because there is no general vulnerability description rule, the static detection technology cannot pro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
Inventor 胡昌振薛静锋陈琳陈诗单纯
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap