Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Deserialization vulnerability detection method and device

A vulnerability detection and deserialization technology, applied in the field of information security, can solve problems such as consumption of large computing resources, lack of versatility, and inability to perform active learning and detection.

Active Publication Date: 2020-11-13
INDUSTRIAL AND COMMERCIAL BANK OF CHINA
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the prior art, the deserialization vulnerability detection method has the following three deficiencies: First, the detection method mainly uses the existing discovered call chain to perform verification on all related applications involved in sequence. Once many applications are involved, execute Verification will inevitably consume a large amount of computing resources, resulting in lower detection efficiency; second, most of the existing methods and tools for detecting deserialization vulnerabilities are aimed at a certain type of application framework, which is not universal and cannot be applied to other application frameworks; 3. Most of the existing methods for detecting deserialization vulnerabilities are manually detected using published call chains, and active learning and detection cannot be performed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Deserialization vulnerability detection method and device
  • Deserialization vulnerability detection method and device
  • Deserialization vulnerability detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0054] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention more clear, the embodiments of the present invention will be further described in detail below in conjunction with the accompanying drawings. Here, the exemplary embodiments and descriptions of the present invention are used to explain the present invention, but not to limit the present invention. It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined arbitrarily with each other.

[0055] figure 1 It is a schematic structural diagram of a deserialization vulnerability detection system provided by an embodiment of the present invention, such as figure 1 As shown, the deserialization vulnerability detection system provided by the embodiment of the present invention includes a vulnerability detection terminal 1, a vulnerability detection edge node 2 and a vulnerability dete...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a deserialization vulnerability detection method and device, and relates to the technical field of information safety. The method comprises the following steps: receiving a deserialized vulnerability detection request sent by a vulnerability detection terminal; if it is judged that the application program corresponding to the application identifier and the version number isnot detected, preprocessing the program data to obtain directed graph data corresponding to the program data; uploading the directed graph data corresponding to the program data to a vulnerability detection cloud, so that the vulnerability detection cloud obtains a deserialized vulnerability detection strategy based on the directed graph data corresponding to the program data and the deserializedvulnerability model; receiving a deserialized vulnerability detection strategy issued by the vulnerability detection cloud, and generating a detection script; running the detection script to obtain adetection result; and returning a detection result to the vulnerability detection terminal. The device is used for executing the method. According to the deserialization vulnerability detection methodand device provided by the embodiment of the invention, the detection efficiency of the deserialization vulnerability is improved.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a deserialization vulnerability detection method and device. Background technique [0002] With the development of high-level language and the maturity of development technology, many enterprises develop diversified applications based on the JAVA programming language or the framework implemented by this language. In the application development process, serialization and deserialization technologies are widely used in order to solve the problem of data persistence and object transfer between processes. [0003] At present, with the widespread use of serialization and deserialization technology, criminals have maliciously used the loopholes of deserialization technology to perform malicious acts, steal user data, and damage computer systems in recent years. Therefore, how to detect deserialization vulnerabilities and improve security is a problem that every enterprise...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06N3/08
CPCG06F21/577G06N3/08G06F2221/033
Inventor 樊旭东蒋家堂卓越李帅宇
Owner INDUSTRIAL AND COMMERCIAL BANK OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com