Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Password misuse vulnerability detection method and system based on Petri net

A vulnerability detection and password technology, applied in the field of network information security, can solve the problems of analysis, direct conclusions, difficult batch samples, etc., achieve good versatility and scalability, improve detection efficiency, and high recognition rate.

Active Publication Date: 2018-06-05
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF2 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, the two detection methods for password misuse vulnerabilities have problems to a certain extent: 1) For reverse analysis methods, although there are many reverse analysis tools available for analysts, these tools themselves cannot provide information about The direct conclusion of vulnerability detection needs to rely on manual analysis of the reverse results of each target sample and finally draw a conclusion. The correctness of the conclusion depends heavily on the skills and experience of the analyst, and it takes a lot of time and energy. It is difficult to batch sample for analysis
2) For the vulnerability mining method, although the degree of automation is high, it can realize the automatic analysis of batch samples, but because the general method of software vulnerability mining usually seldom considers the unique rules and characteristics of cryptography vulnerabilities, so in the case of password errors Lack of pertinence in the use of vulnerability detection, the effect is often not ideal

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Password misuse vulnerability detection method and system based on Petri net
  • Password misuse vulnerability detection method and system based on Petri net
  • Password misuse vulnerability detection method and system based on Petri net

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] In order to make the purpose, technical solution and advantages of the present invention more clear and understandable, the present invention will be further described in detail below in conjunction with the accompanying drawings and technical solutions.

[0033] In view of the fact that the reverse analysis method in the prior art cannot provide direct conclusions about vulnerability detection, it needs to manually analyze the reverse results of each target sample and finally draw a conclusion. The correctness of the conclusion depends heavily on the skills and experience of the analyst , and it takes a lot of time and energy, it is difficult to analyze batch samples; and in the vulnerability mining method, because the general method of software vulnerability mining usually seldom considers the unique rules and characteristics of cryptography vulnerabilities, so in the case of password misuse vulnerabilities The detection aspect lacks pertinence, and the effect is often...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of network information security, and in particular relates to a password misuse vulnerability detection method and system based on a Petri net. The methodcomprises the following contents: generating a key security vulnerability detection model based on a known key security vulnerability, and establishing a detection rule library for storing vulnerability detection rules; extracting API running information in an encrypted application program; performing taint analysis on a password API sequence to generate a colored Petri net description file; and performing password misuse vulnerability detection by combining the vulnerability detection rules with the colored Petri net description file. According to the password misuse vulnerability detection method and system provided by the invention, on the basis of analysis of a password API function calling method, automatic tracking, monitoring and recording of the runtime information of an API related function can be achieved by means of a dynamic binary pile insertion method, a parameter incidence relation between different password functions is identified based on binary analysis, the detectionefficiency is greatly improved, the pertinence is high, the identification rate is high, and it is of important guiding significance for the network information security technology.

Description

technical field [0001] The invention belongs to the technical field of network information security, in particular to a Petri net-based password misuse vulnerability detection method and system. Background technique [0002] With the development of information security and encryption technology, more and more applications use encryption to protect data security. Although the original design of the cryptographic algorithm usually undergoes professional analysis and testing, and its own security is guaranteed to a certain extent, in the actual application and implementation of the cryptographic algorithm, developers need to choose appropriate parameters, configurations, strategies, and consider Performance optimization, and errors in any link in these implementation steps may destroy the security protection provided by the cryptographic algorithm itself, thereby causing corresponding loopholes. MIT's statistical research on 269 password-related vulnerabilities in the CVE vuln...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/0807H04L63/083H04L63/1433
Inventor 康绯光焱舒辉熊小兵林昊徐旭吴昊杜三
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com