计算机科学 ›› 2022, Vol. 49 ›› Issue (12): 118-124.doi: 10.11896/jsjkx.211200029

• 计算机软件 • 上一篇    下一篇

一种基于多粒度特征的软件多样性评估方法

迟宇宁, 郭云飞, 王亚文, 扈红超   

  1. 解放军战略支援部队信息工程大学信息技术研究所 郑州450001
  • 收稿日期:2021-12-02 修回日期:2022-05-16 发布日期:2022-12-14
  • 通讯作者: 王亚文(wyw@ndsc.com.cn)
  • 作者简介:(cyn_091981@163.com)
  • 基金资助:
    国家重点研发计划(2021YFB1006200,2021YFB1006201);国家自然科学基金(62072467)

Software Diversity Evaluation Method Based on Multi-granularity Features

CHI Yu-ning, GUO Yun-fei, WANG Ya-wen, HU Hong-chao   

  1. Institution of Scientific and Technical Information,People’s Liberation Army Strategic Support Force Information Engineering University,Zhengzhou 450001,China
  • Received:2021-12-02 Revised:2022-05-16 Published:2022-12-14
  • About author:CHI Yu-ning,born in 1995,postgra-duate.Her main research interests include software diversification and mi-micry defense.WANG Ya-wen,born in 1991,Ph.D.His main research interests include cloud computing security and scientific workflow security.
  • Supported by:
    National Key Research and Development Program of China(2021YFB1006200,2021YFB1006201) and National Natural Science Foundation of China(62072467).

摘要: 针对现有软件多样性评估方法普遍采用单一特征,无法准确表征软件特性进而导致评估准确度较低的问题,提出了一种基于多粒度特征的软件多样性评估方法。该方法从程序的指令、函数、基本块、二进制文件4个粒度进行分析,首先通过小素数乘积法、动态权重分配等算法获取不同粒度的差异度特征,然后根据差异度分析该粒度的多样性,进而探讨多样化技术的有效性。实验部分采用GNU 核心程序集,对指令替换、控制流平坦、伪控制流、NOP插入等7种软件多样化方法进行了综合评估,分析了不同软件多样化方法对不同粒度的特征带来的差异程度和多样性,验证了评估算法的适用性。实验结果表明,该评估方法能够从纵向和横向两个方向对软件多样化方法的有效性进行准确评估,对后续多样化技术的研究具有参考价值。

关键词: 软件多样化, 多粒度特征, 多样性分析, 小素数乘积法, 量化评估

Abstract: Aiming at the problem that existing software diversity evaluation methods generally adopt single feature,a software diversity evaluation method based on multi-granularity feature is proposed.This method analyzes four granularity of program:instruction,function,basic block and binary file.First,different granularity are obtained by small prime product method and dyna-mic weight distribution algorithm.Then,the granularity is analyzed according to the effectiveness of diversification technology.In the experimental part,GNU coreutils is used to comprehensively evaluate 7 software diversification methods.The result is analyzed to verify the applicability of the evaluation algorithm.Experimental results show that this evaluation method can accurately evaluate the effectiveness of software diversification methods from both vertical and horizontal directions,which has reference value for the research direction of subsequent diversification technology.

Key words: Software diversity, Multi-granularity feature, Diversity analysis, Prime product method, Quantitative evaluation

中图分类号: 

  • TP393
[1]LITCHFIELD D.Buffer Underruns,DEP,ASLR and improving the Exploitation Prevention Mechanisms(XPMs) on the Windows platform[J].Next Generation Security Software,2005.https://www.nccgroup.com/globalassets/our-research/uk/whit-epapers/xpms.pdf.
[2]LIVSHITS V B,LAM M S.Finding Security Vulnerabilities in Java Applications with Static Analysis[C]//USENIX Security Symposium.2005,14:18-18.
[3]YAO D,ZHANG Z,ZHANG G F,et al.A Survey on Multi-Variant Execution Security Defense Technology[J].Journal of Information Security,2020,5(5):77-94.
[4]DULLIEN T,ROLLES R.Graph-based comparison of executable objects(english version)[J].SSTIC,2005,5(1):3.
[5]CRISTIANO G,ANTON K,ANDREW S T.Enhanced opera-ting system security through efficient and fine-grained address space randomization[C]//Proceedings of the 21st USENIX Security Symposium.2012:475-490.
[6]HERNANDEZ-CASTRO J,ROSSMAN J.Measuring soft- ware diversity,with applications to security[EB/OL].[2020-04-13].https://arxiv.org/abs/1310.3307vl.
[7]SHANNON C E.A mathematical theory of communication[J].Bell System Technical Journal,1948,27(3):379-423.
[8]COHEN F B.Operating system protection through programevolution[J].Computers & Security,1993,12(6):565-584.
[9]SEBASTIAN B,CHRISTIAN C,VIJAY G,et al.Code Obfuscation Against Symbolic Execution Attacks[C]//Proceedings of the 32nd Annual Conference on Computer Security Applications(ACSAC ’16).2016:189-200.
[10]SEBASTIAN B,CHRISTIAN C,ALEXANDER P.Predictingthe resilience of obfuscated code against symbolic execution attacks via machine learning[C]//Proceedings of the 26th USENIX Security Symposium.2017:661-678
[11]COFFMAN J,CHAKRAVARTY A,RUSSO J A,et al.Quantifying the Effectiveness of Software Diversity using Near-Duplicate Detection Algorithms[C]//Proceedings of the 5th ACM Workshop on Moving Target Defense.2018:1-10
[12]LIU Z W,SUI R,ZHANG Z,et al.Software Diversity Evaluation Based on Information Entropy and Software Complexity [J].Journal of Information Engineering University,2020,21(2):207-213.
[13]GEARHART A S,HAMILTON P A,COFFMAN J.An Analysis of Automated Software Diversity Using Unstructured Text Analytics[C]//2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops(DSN-W).IEEE,2018.
[14]DULLIEN T,ROLLES R.Graph-based comparison of executable objects(english version)[J/OL].SSTIC,2005.https://www.docin.com/p-1472608287.html.
[15]DONG Q H,WANG Y G.Partition-based binary file similarity comparison method[J].Journal of Computer Applications,2015,35(10):2896-2900.
[16]HOMESCU A,NEISIUS S,LARSEN P,et al.Profile-guidedautomated software diversity[C]//Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization(CGO).IEEE,2013:1-11.
[17]JUNO D P,RINALDINI J,WEHRLI J,et al.Obfuscator-LLVM-Software Protection for the Masses[C]//2015 IEEE/ACM 1st International Workshop on Software Protection(SPRO).ACM,2015:3-9.
[18]LARSEN P,HOMESCU A,BRUNTHALER S,et al.SoK:Automated Software Diversity[C]//2014 IEEE Symposium on Security and Privacy.2014:276-291.
[19]LÁSZLÓ T,KISS Á.Obfuscating C++ programs via control flow flattening[J].Annales Universitatis Scientarum Budapestinensis de Rolando Eötvös Nominatae,Sectio Computatorica,2009,30(1):3-19.
[20]COLLBERG C,THOMBORSON C,LOW D.ManufacturingCheap,Resilient,and Stealthy Opaque Constructs[C]//Procee-dings of the 25th ACM SIGPLAN-SIGACT Symposium on Prin-ciples of Programming Languages.1998:184-196.
[1] 张源, 康乐, 宫朝辉, 张志鸿.
基于Bi-LSTM的期货市场关联交易行为检测方法
Related Transaction Behavior Detection in Futures Market Based on Bi-LSTM
计算机科学, 2022, 49(7): 31-39. https://doi.org/10.11896/jsjkx.210400304
[2] 王栋, 周大可, 黄有达, 杨欣.
基于多尺度多粒度特征的行人重识别
Multi-scale Multi-granularity Feature for Pedestrian Re-identification
计算机科学, 2021, 48(7): 238-244. https://doi.org/10.11896/jsjkx.200600043
[3] 张宇嘉,庞建民,张铮,邬江兴.
基于软件多样化的拟态安全防御策略
Mimic Security Defence Strategy Based on Software Diversity
计算机科学, 2018, 45(2): 215-221. https://doi.org/10.11896/j.issn.1002-137X.2018.02.037
[4] 谢 鑫,刘粉林,芦 斌,巩道福.
基于多层次属性加权的代码混淆有效性量化评估
Quantitative Evaluation for Effectiveness of Code Obfuscation Based on Multi-level Weighted Attributes
计算机科学, 2015, 42(3): 167-173. https://doi.org/10.11896/j.issn.1002-137X.2015.03.035
[5] 汪渊,齐善明,杨槐.
基于数据融合模型的网络安全量化评估系统设计与实现
Construction and Research of Networ(} Security Qualification Evaluation System
计算机科学, 2010, 37(10): 127-129.
[6] 夏阳 陆余良.
计算机主机及网络脆弱性量化评估研究

计算机科学, 2007, 34(10): 74-79.
[7] 夏阳 蒋凡 等.
网络安全量化评估系统的研究与应用

计算机科学, 2003, 30(2): 100-104.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!