计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (6): 85-94.doi: 10.11896/jsjkx.221100194

• 计算机软件 • 上一篇    下一篇

基于多目标优化算法NSGA-II的软件多样化组合方法

谢根琳, 程国振, 梁浩, 王庆丰   

  1. 解放军战略支援部队信息工程大学 郑州 450001
  • 收稿日期:2022-11-23 修回日期:2023-03-22 出版日期:2024-06-15 发布日期:2024-06-05
  • 通讯作者: 程国振(guozhencheng@hotmail.com)
  • 作者简介:(xie_genlin@163.com)
  • 基金资助:
    国家重点研发计划(2021YFB1006200,2021YFB1006201);国家自然科学基金(62072467,62002383)

Software Diversity Composition Based on Multi-objective Optimization Algorithm NSGA-II

XIE Genlin, CHENG Guozhen, LIANG Hao, WANG Qingfeng   

  1. People’s Liberation Army Strategic Support Force Information Engineering University,Zhengzhou 450001,China
  • Received:2022-11-23 Revised:2023-03-22 Online:2024-06-15 Published:2024-06-05
  • About author:XIE Genlin,born in 1999,postgraduate.His main research interests include cyber security and software diversity.
    CHENG Guozhen,born in 1986,assistant professor.His main research intere-sts include cyber security and software diversity.
  • Supported by:
    National Key R & D Program of China(2021YFB1006200,2021YFB1006201) and National Natural Science Foundation of China(62072467,62002383).

PDF (PC)

590

摘要: 软件多样化因能有效提升系统弹性、增加恶意二进制分析的成本而被广泛应用于软件开发等场景中。而如何对现有软件多样化技术进行组合部署,以在获得更高安全增益的同时保持较低的性能开销,是当前软件多样化研究的核心问题之一。针对现有软件多样化组合方法中搜索算法效率低、搜索空间小、安全性评估指标不全面、难以综合考量软件多样化对各类攻击的影响等问题,提出了一种基于多目标优化算法的软件多样化组合方法,将软件多样化组合问题构建为综合考量TLSH相似度、gadget质量分数和CPU时钟周期数指标的多目标优化模型,并设计了包括染色体编码、自适应交叉和变异算子,以及针对组合方案的有效性验证算法等在内的NSGA-II求解算法。最后,在GNU核心工具组数据集上进行实验,结果表明,该组合方法可有效生成高安全增益、低性能开销的软件多样化组合方案。

关键词: 软件多样化, 多目标优化, NSGA-II算法, 多样化技术组合, 量化评估

Abstract: Software diversity is widely used in scenarios such as software development because it effectively improves system resilience and the cost of malicious binary analysis.How to collaboratively deploy the existing diversity techniques to obtain higher security gains while ensuring lower performance overhead is one key issue of software diversity research.The search algorithm of the existing software diversity composition methods is inefficient,the search space is small,and the security evaluation metric is not comprehensive,so it is difficult to comprehensively reflect the impact of software diversity on various attacks.To solve these problems,a software diversity composition method based on multi-objective optimization algorithm is proposed.The software diversity composition problem is constructed as a multi-objective optimization model that comprehensively considers TLSH simila-rity,gadget quality and CPU clock cycles.A solution algorithm based on NSGA-II including chromosome encoding,adaptive crossover and mutation operators,and validation algorithm for composition scheme is designed for the model.Experimental results show that the proposed method can effectively generate software diversity composition with high security gain and low performance overhead.

Key words: Software diversity, Multi-objective optimization, NSGA-II algorithm, Diversity technique composition, Quantitative evaluation

中图分类号: 

  • TP309
[1]BIRMAN K P,SCHNEIDER F B.The monoculture risk put into context[J].IEEE Security & Privacy,2009,7(1):14-17.
[2]SHACHAM H.The geometry of innocent flesh on the bone:Return-into-libc without function calls(on the x86)[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security.2007:552-561.
[3]BRUMLEY D,POOSANKAM P,SONG D,et al.Automatic patch-based exploit generation is possible:Techniques and implications[C]//2008 IEEE Symposium on Security and Privacy(sp 2008).IEEE,2008:143-157.
[4] LARSEN P,HOMESCU A,BRUNTHALER S,et al.SoK:Automated software diversity[C]//2014 IEEE Symposium on Security and Privacy.2014:276-291.
[5]COPPENS B,DE SUTTER B,MAEBE J.Feedback-driven binary code diversification[J].ACM Transactions on Architecture and Code Optimization(TACO),2013,9(4):1-26.
[6]WANG S,WANG P,WU D.Composite software diversification[C]//2017 IEEE International Conference on Software Maintenance and Evolution(ICSME).IEEE,2017:284-294.
[7]LIU H,SUN C,SU Z,et al.Stochastic optimization of program obfuscation[C]//2017 IEEE/ACM 39th International Confe-rence on Software Engineering(ICSE).IEEE,2017:221-231.
[8]MARTINEZ S.Source code obfuscation by mean of evolutionary algorithms[J/OL].https://www.researchgate.net/profile/Sebastien-Martinez/publication/265661516_source_code_obfuscation_by_mean_of_evolutionary_algorithms/links/594f89a3aca27248ae438170/source-code-obfuscation-by-mean-of-evolutionary-algorithms.pdf.
[9]BERTHOLON B,VARRETTE S,BOUVRY P.Jshadobf:Ajavascript obfuscator based on multi-objective optimization algorithms[C]//International Conference on Network and System Security.Berlin,Heidelberg:Springer,2013:336-349.
[10]SU Q,LIN H,XIE G B,et al.A Research on Multi-object Code Obfuscation Model Based on NSGA-II[J].Industrial Enginee-ring Journal,2019,22(5):10-18.
[11]WANG H,WANG S,XU D,et al.Generating effective software obfuscation sequences with reinforcement learning[J].IEEE Transactions on Dependable and Secure Computing,2020,19(3):1900-1917.
[12]MA Y,LI Y,ZHANG Z,et al.A Classic Multi-method Collaborative Obfuscation Strategy[C]//International Conference on Data Mining and Big Data.Singapore:Springer,2021:90-97.
[13]REYES D,ACOSTA J C,DE LA TORRE A E,et al.A System for Analyzing Diversified Software Binaries[C]//2019 IEEE Military Communications Conference(MILCOM 2019).IEEE,2019:1-6.
[14]HOMESCU A,NEISIUS S,LARSEN P,et al.Profile-guidedautomated software diversity[C]//Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization(CGO).2013:1-11.
[15]OLIVER J,CHENG C,CHEN Y.TLSH-a locality sensitivehash[C]//2013 Fourth Cybercrime and Trustworthy Computing Workshop.IEEE,2013:7-13.
[16]COFFMAN J,CHAKRAVARTY A,RUSSO J A,et al.Quantifying the effectiveness of software diversity using near-duplicate detection algorithms[C]//Proceedings of the 5th ACM Workshop on Moving Target Defense.2018:1-10.
[17]CARLINI N,WAGNER D.ROP is still dangerous:Breakingmodern defenses[C]//23rd USENIX Security Symposium(USENIX Security 14).2014:385-399.
[18]CHECKOWAY S,SHACHAM H.Escape from return-oriented programming:Return-oriented programming without returns(on the x86)[M].San Diego:University of California,2010.
[19]SNOW K Z,MONROSE F,DAVI L,et al.Just-in-time code reuse:On the effectiveness of fine-grained address space layout randomization[C]//2013 IEEE Symposium on Security and Privacy.2013:574-588.
[20]FOLLNER A,BARTEL A,BODDEN E.Analyzing the gadgets[C]//International Symposium on Engineering Secure Software and Systems.2016:155-172.
[21]YEH C T.An improved NSGA2 to solve a bi-objective optimi-zation problem of multi-state electronic transaction network[J].Reliability Engineering & System Safety,2019,191:106578.
[22]JANG J W,VERBEEK F,RAVINDRAN B.Verification ofFunctional Correctness of Code Diversification Techniques[C]//NASA Formal Methods Symposium.Cham:Springer,2021:160-179.
[23]WANG S,WANG P,WU D.Reassembleable disassembling[C]//24th USENIX Security Symposium(USENIX Security 15).2015:627-642.
[24]JUNOD P,RINALDINI J,WEHRLI J,et al.Obfuscator-LLVM-software protection for the masses[C]//2015 IEEE/ACM 1st International Workshop on Software Protection.2015:3-9.
[25]CRANE S,LIEBCHEN C,HOMESCU A,et al.Readactor:Practical code randomization resilient to memory disclosure[C]//2015 IEEE Symposium on Security and Privacy.2015:763-780.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发