Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Sensitive point approach method based on intelligent path guidance

A path guidance, sensitive point technology, applied in error detection/correction, instrument, software maintenance/management, etc., can solve the problems of increasing the complexity of technical implementation, huge symbolic expressions, complex path conditions, etc., to alleviate the problem of path explosion , the purpose is strong, the effect of reducing the false alarm rate

Inactive Publication Date: 2018-01-12
ZHENGZHOU ENBEI NETWORK TECH CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This not only increases the complexity of technical implementation, but also makes the symbolic expressions obtained by symbolic execution often very large and redundant, and the resulting path conditions are often quite complicated or difficult to solve

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Sensitive point approach method based on intelligent path guidance
  • Sensitive point approach method based on intelligent path guidance
  • Sensitive point approach method based on intelligent path guidance

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0041] Example 1, see figure 2 As shown, a sensitive point approach method based on intelligent path guidance includes the following steps:

[0042] Step 1. Mark sensitive points, extract different types of vulnerability models, identify suspicious vulnerability locations through static analysis, and mark them as sensitive points;

[0043] Step 2. Take the sensitive point as the starting point, use the path backtracking algorithm to backtrack up, find all path branch points, find the jump instruction address, until backtracking to the path branch point closest to the program entry point, put all path branch points into the available Arrival path set T=(t 1 ,t 2 ...t m );

[0044] Step 3. Perform instruction-level instrumentation on the program under test, input the initial sample, and record the binary instruction sequence related to the stain;

[0045] Step 4. Upgrade the binary instruction sequence to an intermediate language description;

[0046] Step 5. Obtain the path branch poin...

Embodiment 2

[0048] Example two, see Figure 2~3 As shown, a sensitive point approximation method based on intelligent path guidance is used to intelligently guide the path through the following steps, and finally reach the buffer overflow sensitive point, as follows:

[0049] Step 1. Mark sensitive points, extract different types of vulnerability models, identify suspicious vulnerability locations through static analysis, and mark them as sensitive points;

[0050] Step 2. Take the sensitive point as the starting point, use the path backtracking algorithm to backtrack up, find all path branch points, find the jump instruction address, until backtracking to the path branch point closest to the program entry point, put all path branch points into the available Arrival path set T=(t 1 ,t 2 ...t m ), specifically including the following:

[0051] Step 2.1. Mark the position of the sensitive point as A, establish queues L1 and L2, and initialize them to empty;

[0052] Step 2.2. Get A's cross-referen...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a sensitive point approximation method based on intelligent route guidance. The method comprises the steps that vulnerability models of different types are extracted, and the position of a sensitive point is recognized through static analysis; upward backtracking is performed by taking the sensitive point as a starting point and adopting a route backtracking algorithm to look up all route branch points and is performed until the route branch point which is nearest away from a program entry point is found; instruction level instrumentation is performed on a tested program, an original sample is input, and a binary instruction sequence related to dirty points is recorded; the binary instruction sequence is lifted into intermediate language description; route branch points of the intermediate language description are acquired and turned according to whether the branch points are located in a set, and control flow is guided to reach the sensitive point; a constraint normal form is extracted from turned intermediate language description, solving is performed with an STP constraint solver, a new sample is generated, and returning is performed to re-input the sample. According to the method, the control flow is guided to reach the sensitive point position through the sensitive point, the problem of route explosion is effectively solved, and the vulnerability mining efficiency is improved.

Description

Technical field [0001] The invention relates to the technical field of vulnerability mining and information security, and particularly relates to a method for approaching sensitive points based on intelligent path guidance. Background technique [0002] Dynamic data flow analysis is an effective means of researching and discovering software vulnerabilities, and the use of dynamic taint analysis technology is the most prominent. Dynamic taint analysis starts from the nature of software security vulnerability exploitation, marks external input as tainted data, tracks the spread of tainted data in memory, and detects whether the program uses tainted data illegally, such as overwriting the return address in the stack as the value of EIP, etc. . Dynamic stain analysis technology is widely used in software regression testing, software vulnerability analysis, network penetration attack detection analysis and other fields. Because it captures the essence of software security vulnerabil...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/36G06F9/44
CPCG06F8/70G06F11/3688
Inventor 宋建杨刘高坡周泽斌徐晶晶
Owner ZHENGZHOU ENBEI NETWORK TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com