基于符号执行的Python攻击脚本分析平台

doi:10.3969/j.issn.1000-3428.2016.11.023

计算机工程

基于符号执行的Python攻击脚本分析平台

邱洋,王轶骏,薛质

(上海交通大学信息安全工程学院,上海 200240)

收稿日期:2015-10-15 出版日期:2016-11-15 发布日期:2016-11-15
作者简介:邱洋(1991—),女,硕士研究生,主研方向为网络安全;王轶骏,讲师、博士;薛质,教授、博士生导师。
基金资助:
中国信息安全评测中心科研项目(CNITSEC-KY-2013-009/2)。

Python Attack Script Analysis Platform Based on Symbolic Execution

QIU Yang,WANG Yijun,XUE Zhi

(College of Information Security,Shanghai Jiaotong University,Shanghai 200240,China)

Received:2015-10-15 Online:2016-11-15 Published:2016-11-15

摘要/Abstract

摘要：

传统的静态分析方法大多不能准确处理脚本与网络交互的过程,且会引入不可达路径,动态分析则需要搭建实验环境和手工分析。针对上述问题,提出一种基于符号执行的Python攻击脚本分析平台PyExZ3+。通过对Python脚本的动态符号执行及路径探索,可以获得触发攻击的输入流量及相应的输出攻击载荷,以此实现对Python攻击脚本的自动化分析。采用循环识别及运行时解析等优化策略,使程序更快进入目标代码。实验结果表明,PyExZ3+相比CHEF,PyExZ3等符号执行工具,具有更高的路径覆盖率和执行效率,同时PyExZ3+能够对目标脚本程序进行动态检测,实现高效、可行的自动化分析。

关键词: 符号执行, Python语言, 动态分析;测试数据生成;攻击脚本;路径探索

Abstract: The traditional static analysis method cannot handle the interaction between the script and the network,and it introduces inaccessible path.The dynamic analysis needs to set up the experimental environment and needs manual analysis.To solve these problems,this paper proposes a Python attack script analysis platform called PyExZ3+ based on symbolic execution.Through the dynamic symbol execution and path exploration of Python script,it can get the input traffic and the corresponding output attack payload,which can realize the automatic analysis of Python attack script.PyExZ3+ uses loop identification and run time solver optimization strategy to improve the path coverage and the efficiency of symbolic execution.Experimental results show that PyExZ3+ has a higher path coverage and execution efficiency compared with the existing symbolic execution tools,such as CHEF and PyExZ3.Besides,PyExZ3+ can dynamically detect the target script’s payload and perform feasible automated analysis efficiently.

Key words: symbolic execution, Python language, dynamic analysis, test data generation, attack script, path exploration

中图分类号:

TP309

邱洋,王轶骏,薛质. 基于符号执行的Python攻击脚本分析平台[J]. 计算机工程, doi: 10.3969/j.issn.1000-3428.2016.11.023.

QIU Yang,WANG Yijun,XUE Zhi. Python Attack Script Analysis Platform Based on Symbolic Execution[J]. Computer Engineering, doi: 10.3969/j.issn.1000-3428.2016.11.023.

http://www.ecice06.com/CN/Y2016/V42/I11/139

参考文献

参考文献［1］李舟军,张俊贤,廖湘科,等.软件安全漏洞检测技术［J］.计算机学报,2015,38(4):717-732. ［2］Saxena P,Akhawe D,Hanna S,et al.A Symbolic Execution Framework for Javascript［C］//Proceedings of 2010 IEEE Symposium on Security and Privacy.Washington D.C.,USA:IEEE Press,2010:513-528. ［3］Artzi S,Kiezun A,Dolby J,et al.Finding Bugs in Dynamic Web Applications［C］//Proceedings of 2008 International Symposium on Software Testing and Analysis.New York,USA:ACM Press,2008:261-272. ［4］Wang Ruowen,Ning Peng,Xie Tao,et al.Meta Symploit:Day-one Defense Against Script-based Attacks with Security-enhanced Symbolic Analysis［C］//Proceedings of USENIX Conference on Security.Washington D.C.,USA:IEEE Press,2013:65-80. ［5］Metasploit L L C.The Metasploit Framework［EB/OL］. (2007-10-21).http://www.metasploit.com/. ［6］Song D,Brumley D,Yin H,et al.BitBlaze:A New Approach to Computer Security via Binary Analysis［C］//Proceedings of the 4th International Conference on Information Systems Security.Berlin,Germany:Springer,2008:1-25. ［7］Chipounov V,Kuznetsov V,Candea G.S2E:A Platform for In-vivo Multi-path Analysis of Software Systems［M］.New York,USA:ACM Press,2012. ［8］Cadar C,Dunbar D,Engler D R.KLEE:Unassisted and Automatic Generation of High-coverage Tests for Complex Systems Programs［C］//Proceedings of OSDI’08.Washington D.C.,USA:IEEE Press,2008:209-224. ［9］Thomas B,Daniel J.Deconstructing Dynamic Symbolic Execution［C］//Proceedings of Marktoberdorf Summer School on Dependable Software Systems Engineering.Washington D.C.,USA:IEEE Press,2014:202-210. ［10］Bucur S,Kinder J,Candea G.Prototyping Symbolic Execution Engines for Interpreted Languages［J］.ACM SIGARCH Computer Architecture News,2014,42(1):239-254. ［11］de Moura L,Bjrner N.Z3:An Efficient SMT Solver［C］//Proceedings of Conference on Tools and Algorithms for the Construction and Analysis of Systems.Berlin,Germany:Springer,2008:337-340. ［12］Godefroid P,Klarlund N,Sen K.DART:Directed Automated Random Testing［J］.ACM SIGPLAN Notices,2005,40(6):213-223. ［13］Godefroid P,Luchaup D.Automatic Partial Loop Summari-zation in Dynamic Test Generation［C］//Proceedings of 2011 International Symposium on Software Testing and Analysis.New York,USA:ACM Press,2011:23-33. ［14］刘春宏,徐立华,颜婷,等.基于混合测试和动态分析的分段代码测试［J］.计算机工程,2015,41(2):63-69. 编辑索书志

[1]	张利群, 潘祖烈, 黄晖, 王瑞鹏, 李阳. 基于符号执行的Tcache Poisoning堆漏洞自动验证方法研究[J]. 计算机工程, 2023, 49(6): 24-33.
[2]	戴渭, 陆余良, 朱凯龙. 结合混合符号执行的导向式灰盒模糊测试技术[J]. 计算机工程, 2020, 46(8): 190-196.
[3]	张超, 潘祖烈, 樊靖. 基于符号执行的堆溢出fastbin攻击检测方法[J]. 计算机工程, 2020, 46(10): 151-158.
[4]	陈政,方勇,刘亮,左政. 基于动态符号执行的勒索软件检测方法[J]. 计算机工程, 2018, 44(6): 104-110.
[5]	刘杰, 王嘉捷, 欧阳永基, 王清贤. 基于污点指针的二进制代码缺陷检测[J]. 计算机工程, 2012, 38(24): 46-49.
[6]	刘杰, 曹琰, 魏强, 彭建山. 符号执行中的循环依赖分析方法[J]. 计算机工程, 2012, 38(22): 24-27.
[7]	李爱宁, 唐勇, 孙晓晖. 多级Agent系统安全体系设计与实现[J]. 计算机工程, 2012, 38(11): 126-129.
[8]	娄坚波, 刘久富, 李金奎, 王伟. 基于条件值的C/C++预处理测试算法[J]. 计算机工程, 2011, 37(14): 68-69.
[9]	林锦滨;蒋凡. 执行路径建模进程化代码分析[J]. 计算机工程, 2010, 36(9): 68-69,7.
[10]	吴鑫;宫亮;杨煜普. OPC跨平台通信的实现方法[J]. 计算机工程, 2009, 35(13): 240-242.
[11]	吴芳;赵知劲;叶学义. 基于智能体的动态网络监测[J]. 计算机工程, 2009, 35(13): 75-77.

选择文件类型/文献管理软件名称

选择包含的内容

基于符号执行的Python攻击脚本分析平台

Python Attack Script Analysis Platform Based on Symbolic Execution

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 11

编辑推荐

Metrics

本文评价

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

基于符号执行的Python攻击脚本分析平台

Python Attack Script Analysis Platform Based on Symbolic Execution

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 11

编辑推荐

Metrics

本文评价