计算机科学 ›› 2022, Vol. 49 ›› Issue (12): 118-124.doi: 10.11896/jsjkx.211200029
迟宇宁, 郭云飞, 王亚文, 扈红超
CHI Yu-ning, GUO Yun-fei, WANG Ya-wen, HU Hong-chao
摘要: 针对现有软件多样性评估方法普遍采用单一特征,无法准确表征软件特性进而导致评估准确度较低的问题,提出了一种基于多粒度特征的软件多样性评估方法。该方法从程序的指令、函数、基本块、二进制文件4个粒度进行分析,首先通过小素数乘积法、动态权重分配等算法获取不同粒度的差异度特征,然后根据差异度分析该粒度的多样性,进而探讨多样化技术的有效性。实验部分采用GNU 核心程序集,对指令替换、控制流平坦、伪控制流、NOP插入等7种软件多样化方法进行了综合评估,分析了不同软件多样化方法对不同粒度的特征带来的差异程度和多样性,验证了评估算法的适用性。实验结果表明,该评估方法能够从纵向和横向两个方向对软件多样化方法的有效性进行准确评估,对后续多样化技术的研究具有参考价值。
中图分类号:
[1]LITCHFIELD D.Buffer Underruns,DEP,ASLR and improving the Exploitation Prevention Mechanisms(XPMs) on the Windows platform[J].Next Generation Security Software,2005.https://www.nccgroup.com/globalassets/our-research/uk/whit-epapers/xpms.pdf. [2]LIVSHITS V B,LAM M S.Finding Security Vulnerabilities in Java Applications with Static Analysis[C]//USENIX Security Symposium.2005,14:18-18. [3]YAO D,ZHANG Z,ZHANG G F,et al.A Survey on Multi-Variant Execution Security Defense Technology[J].Journal of Information Security,2020,5(5):77-94. [4]DULLIEN T,ROLLES R.Graph-based comparison of executable objects(english version)[J].SSTIC,2005,5(1):3. [5]CRISTIANO G,ANTON K,ANDREW S T.Enhanced opera-ting system security through efficient and fine-grained address space randomization[C]//Proceedings of the 21st USENIX Security Symposium.2012:475-490. [6]HERNANDEZ-CASTRO J,ROSSMAN J.Measuring soft- ware diversity,with applications to security[EB/OL].[2020-04-13].https://arxiv.org/abs/1310.3307vl. [7]SHANNON C E.A mathematical theory of communication[J].Bell System Technical Journal,1948,27(3):379-423. [8]COHEN F B.Operating system protection through programevolution[J].Computers & Security,1993,12(6):565-584. [9]SEBASTIAN B,CHRISTIAN C,VIJAY G,et al.Code Obfuscation Against Symbolic Execution Attacks[C]//Proceedings of the 32nd Annual Conference on Computer Security Applications(ACSAC ’16).2016:189-200. [10]SEBASTIAN B,CHRISTIAN C,ALEXANDER P.Predictingthe resilience of obfuscated code against symbolic execution attacks via machine learning[C]//Proceedings of the 26th USENIX Security Symposium.2017:661-678 [11]COFFMAN J,CHAKRAVARTY A,RUSSO J A,et al.Quantifying the Effectiveness of Software Diversity using Near-Duplicate Detection Algorithms[C]//Proceedings of the 5th ACM Workshop on Moving Target Defense.2018:1-10 [12]LIU Z W,SUI R,ZHANG Z,et al.Software Diversity Evaluation Based on Information Entropy and Software Complexity [J].Journal of Information Engineering University,2020,21(2):207-213. [13]GEARHART A S,HAMILTON P A,COFFMAN J.An Analysis of Automated Software Diversity Using Unstructured Text Analytics[C]//2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops(DSN-W).IEEE,2018. [14]DULLIEN T,ROLLES R.Graph-based comparison of executable objects(english version)[J/OL].SSTIC,2005.https://www.docin.com/p-1472608287.html. [15]DONG Q H,WANG Y G.Partition-based binary file similarity comparison method[J].Journal of Computer Applications,2015,35(10):2896-2900. [16]HOMESCU A,NEISIUS S,LARSEN P,et al.Profile-guidedautomated software diversity[C]//Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization(CGO).IEEE,2013:1-11. [17]JUNO D P,RINALDINI J,WEHRLI J,et al.Obfuscator-LLVM-Software Protection for the Masses[C]//2015 IEEE/ACM 1st International Workshop on Software Protection(SPRO).ACM,2015:3-9. [18]LARSEN P,HOMESCU A,BRUNTHALER S,et al.SoK:Automated Software Diversity[C]//2014 IEEE Symposium on Security and Privacy.2014:276-291. [19]LÁSZLÓ T,KISS Á.Obfuscating C++ programs via control flow flattening[J].Annales Universitatis Scientarum Budapestinensis de Rolando Eötvös Nominatae,Sectio Computatorica,2009,30(1):3-19. [20]COLLBERG C,THOMBORSON C,LOW D.ManufacturingCheap,Resilient,and Stealthy Opaque Constructs[C]//Procee-dings of the 25th ACM SIGPLAN-SIGACT Symposium on Prin-ciples of Programming Languages.1998:184-196. |
[1] | 张源, 康乐, 宫朝辉, 张志鸿. 基于Bi-LSTM的期货市场关联交易行为检测方法 Related Transaction Behavior Detection in Futures Market Based on Bi-LSTM 计算机科学, 2022, 49(7): 31-39. https://doi.org/10.11896/jsjkx.210400304 |
[2] | 王栋, 周大可, 黄有达, 杨欣. 基于多尺度多粒度特征的行人重识别 Multi-scale Multi-granularity Feature for Pedestrian Re-identification 计算机科学, 2021, 48(7): 238-244. https://doi.org/10.11896/jsjkx.200600043 |
[3] | 张宇嘉,庞建民,张铮,邬江兴. 基于软件多样化的拟态安全防御策略 Mimic Security Defence Strategy Based on Software Diversity 计算机科学, 2018, 45(2): 215-221. https://doi.org/10.11896/j.issn.1002-137X.2018.02.037 |
[4] | 谢 鑫,刘粉林,芦 斌,巩道福. 基于多层次属性加权的代码混淆有效性量化评估 Quantitative Evaluation for Effectiveness of Code Obfuscation Based on Multi-level Weighted Attributes 计算机科学, 2015, 42(3): 167-173. https://doi.org/10.11896/j.issn.1002-137X.2015.03.035 |
[5] | 汪渊,齐善明,杨槐. 基于数据融合模型的网络安全量化评估系统设计与实现 Construction and Research of Networ(} Security Qualification Evaluation System 计算机科学, 2010, 37(10): 127-129. |
[6] | 夏阳 陆余良. 计算机主机及网络脆弱性量化评估研究 计算机科学, 2007, 34(10): 74-79. |
[7] | 夏阳 蒋凡 等. 网络安全量化评估系统的研究与应用 计算机科学, 2003, 30(2): 100-104. |
|