Computer Science

Computer Science ›› 2024, Vol. 51 ›› Issue (6): 85-94.doi: 10.11896/jsjkx.221100194

• Computer Software • Previous Articles     Next Articles

Software Diversity Composition Based on Multi-objective Optimization Algorithm NSGA-II

XIE Genlin, CHENG Guozhen, LIANG Hao, WANG Qingfeng   

  1. People’s Liberation Army Strategic Support Force Information Engineering University,Zhengzhou 450001,China
  • Received:2022-11-23 Revised:2023-03-22 Online:2024-06-15 Published:2024-06-05
  • About author:XIE Genlin,born in 1999,postgraduate.His main research interests include cyber security and software diversity.
    CHENG Guozhen,born in 1986,assistant professor.His main research intere-sts include cyber security and software diversity.
  • Supported by:
    National Key R & D Program of China(2021YFB1006200,2021YFB1006201) and National Natural Science Foundation of China(62072467,62002383).

PDF (PC)

567

Abstract: Software diversity is widely used in scenarios such as software development because it effectively improves system resilience and the cost of malicious binary analysis.How to collaboratively deploy the existing diversity techniques to obtain higher security gains while ensuring lower performance overhead is one key issue of software diversity research.The search algorithm of the existing software diversity composition methods is inefficient,the search space is small,and the security evaluation metric is not comprehensive,so it is difficult to comprehensively reflect the impact of software diversity on various attacks.To solve these problems,a software diversity composition method based on multi-objective optimization algorithm is proposed.The software diversity composition problem is constructed as a multi-objective optimization model that comprehensively considers TLSH simila-rity,gadget quality and CPU clock cycles.A solution algorithm based on NSGA-II including chromosome encoding,adaptive crossover and mutation operators,and validation algorithm for composition scheme is designed for the model.Experimental results show that the proposed method can effectively generate software diversity composition with high security gain and low performance overhead.

Key words: Software diversity, Multi-objective optimization, NSGA-II algorithm, Diversity technique composition, Quantitative evaluation

CLC Number: 

  • TP309
[1]BIRMAN K P,SCHNEIDER F B.The monoculture risk put into context[J].IEEE Security & Privacy,2009,7(1):14-17.
[2]SHACHAM H.The geometry of innocent flesh on the bone:Return-into-libc without function calls(on the x86)[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security.2007:552-561.
[3]BRUMLEY D,POOSANKAM P,SONG D,et al.Automatic patch-based exploit generation is possible:Techniques and implications[C]//2008 IEEE Symposium on Security and Privacy(sp 2008).IEEE,2008:143-157.
[4] LARSEN P,HOMESCU A,BRUNTHALER S,et al.SoK:Automated software diversity[C]//2014 IEEE Symposium on Security and Privacy.2014:276-291.
[5]COPPENS B,DE SUTTER B,MAEBE J.Feedback-driven binary code diversification[J].ACM Transactions on Architecture and Code Optimization(TACO),2013,9(4):1-26.
[6]WANG S,WANG P,WU D.Composite software diversification[C]//2017 IEEE International Conference on Software Maintenance and Evolution(ICSME).IEEE,2017:284-294.
[7]LIU H,SUN C,SU Z,et al.Stochastic optimization of program obfuscation[C]//2017 IEEE/ACM 39th International Confe-rence on Software Engineering(ICSE).IEEE,2017:221-231.
[8]MARTINEZ S.Source code obfuscation by mean of evolutionary algorithms[J/OL].https://www.researchgate.net/profile/Sebastien-Martinez/publication/265661516_source_code_obfuscation_by_mean_of_evolutionary_algorithms/links/594f89a3aca27248ae438170/source-code-obfuscation-by-mean-of-evolutionary-algorithms.pdf.
[9]BERTHOLON B,VARRETTE S,BOUVRY P.Jshadobf:Ajavascript obfuscator based on multi-objective optimization algorithms[C]//International Conference on Network and System Security.Berlin,Heidelberg:Springer,2013:336-349.
[10]SU Q,LIN H,XIE G B,et al.A Research on Multi-object Code Obfuscation Model Based on NSGA-II[J].Industrial Enginee-ring Journal,2019,22(5):10-18.
[11]WANG H,WANG S,XU D,et al.Generating effective software obfuscation sequences with reinforcement learning[J].IEEE Transactions on Dependable and Secure Computing,2020,19(3):1900-1917.
[12]MA Y,LI Y,ZHANG Z,et al.A Classic Multi-method Collaborative Obfuscation Strategy[C]//International Conference on Data Mining and Big Data.Singapore:Springer,2021:90-97.
[13]REYES D,ACOSTA J C,DE LA TORRE A E,et al.A System for Analyzing Diversified Software Binaries[C]//2019 IEEE Military Communications Conference(MILCOM 2019).IEEE,2019:1-6.
[14]HOMESCU A,NEISIUS S,LARSEN P,et al.Profile-guidedautomated software diversity[C]//Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization(CGO).2013:1-11.
[15]OLIVER J,CHENG C,CHEN Y.TLSH-a locality sensitivehash[C]//2013 Fourth Cybercrime and Trustworthy Computing Workshop.IEEE,2013:7-13.
[16]COFFMAN J,CHAKRAVARTY A,RUSSO J A,et al.Quantifying the effectiveness of software diversity using near-duplicate detection algorithms[C]//Proceedings of the 5th ACM Workshop on Moving Target Defense.2018:1-10.
[17]CARLINI N,WAGNER D.ROP is still dangerous:Breakingmodern defenses[C]//23rd USENIX Security Symposium(USENIX Security 14).2014:385-399.
[18]CHECKOWAY S,SHACHAM H.Escape from return-oriented programming:Return-oriented programming without returns(on the x86)[M].San Diego:University of California,2010.
[19]SNOW K Z,MONROSE F,DAVI L,et al.Just-in-time code reuse:On the effectiveness of fine-grained address space layout randomization[C]//2013 IEEE Symposium on Security and Privacy.2013:574-588.
[20]FOLLNER A,BARTEL A,BODDEN E.Analyzing the gadgets[C]//International Symposium on Engineering Secure Software and Systems.2016:155-172.
[21]YEH C T.An improved NSGA2 to solve a bi-objective optimi-zation problem of multi-state electronic transaction network[J].Reliability Engineering & System Safety,2019,191:106578.
[22]JANG J W,VERBEEK F,RAVINDRAN B.Verification ofFunctional Correctness of Code Diversification Techniques[C]//NASA Formal Methods Symposium.Cham:Springer,2021:160-179.
[23]WANG S,WANG P,WU D.Reassembleable disassembling[C]//24th USENIX Security Symposium(USENIX Security 15).2015:627-642.
[24]JUNOD P,RINALDINI J,WEHRLI J,et al.Obfuscator-LLVM-software protection for the masses[C]//2015 IEEE/ACM 1st International Workshop on Software Protection.2015:3-9.
[25]CRANE S,LIEBCHEN C,HOMESCU A,et al.Readactor:Practical code randomization resilient to memory disclosure[C]//2015 IEEE Symposium on Security and Privacy.2015:763-780.
[1] ZHU Wei, YANG Shibo, TENG Fan, HE Defeng. Study on Unmanned Vehicle Trajectory Planning in Unstructured Scenarios [J]. Computer Science, 2024, 51(4): 334-343.
[2] WANG Zhihong, WANG Gaocai, ZHAO Qifei. Multi-objective Optimization of D2D Collaborative MEC Based on Improved NSGA-III [J]. Computer Science, 2024, 51(3): 280-288.
[3] GENG Huantong, SONG Feifei, ZHOU Zhengli, XU Xiaohan. Improved NSGA-III Based on Kriging Model for Expensive Many-objective Optimization Problems [J]. Computer Science, 2023, 50(7): 194-206.
[4] ZHONG Jialin, WU Yahui, DENG Su, ZHOU Haohao, MA Wubin. Multi-objective Federated Learning Evolutionary Algorithm Based on Improved NSGA-III [J]. Computer Science, 2023, 50(4): 333-342.
[5] LI Jinliang, LIN Bing, CHEN Xing. Reliability Constraint-oriented Workflow Scheduling Strategy in Cloud Environment [J]. Computer Science, 2023, 50(10): 291-298.
[6] SUN Gang, WU Jiang-jiang, CHEN Hao, LI Jun, XU Shi-yuan. Hidden Preference-based Multi-objective Evolutionary Algorithm Based on Chebyshev Distance [J]. Computer Science, 2022, 49(6): 297-304.
[7] LI Hao-dong, HU Jie, FAN Qin-qin. Multimodal Multi-objective Optimization Based on Parallel Zoning Search and Its Application [J]. Computer Science, 2022, 49(5): 212-220.
[8] PENG Dong-yang, WANG Rui, HU Gu-yu, ZU Jia-chen, WANG Tian-feng. Fair Joint Optimization of QoE and Energy Efficiency in Caching Strategy for Videos [J]. Computer Science, 2022, 49(4): 312-320.
[9] CHI Yu-ning, GUO Yun-fei, WANG Ya-wen, HU Hong-chao. Software Diversity Evaluation Method Based on Multi-granularity Features [J]. Computer Science, 2022, 49(12): 118-124.
[10] LIU Fang-zheng, MA Bo-wen, LYU Bo-feng, HUANG Ji-wei. UAV Base Station Deployment Method for Mobile Edge Computing [J]. Computer Science, 2022, 49(11A): 220200089-7.
[11] GUO Ya-lin, LI Xiao-chen, REN Zhi-lei, JIANG He. Study on Effectiveness of Quality Objectives and Non-quality Objectives for Automated Software Refactoring [J]. Computer Science, 2022, 49(11): 55-64.
[12] GUAN Zheng, DENG Yang-lin, NIE Ren-can. Non-negative Matrix Factorization Based on Spectral Reconstruction Constraint for Hyperspectral and Panchromatic Image Fusion [J]. Computer Science, 2021, 48(9): 153-159.
[13] WANG Ke, QU Hua, ZHAO Ji-hong. Multi-objective Optimization Method Based on Reinforcement Learning in Multi-domain SFC Deployment [J]. Computer Science, 2021, 48(12): 324-330.
[14] CUI Guo-nan, WANG Li-song, KANG Jie-xiang, GAO Zhong-jie, WANG Hui, YIN Wei. Fuzzy Clustering Validity Index Combined with Multi-objective Optimization Algorithm and Its Application [J]. Computer Science, 2021, 48(10): 197-203.
[15] ZHU Han-qing, MA Wu-bin, ZHOU Hao-hao, WU Ya-hui, HUANG Hong-bin. Microservices User Requests Allocation Strategy Based on Improved Multi-objective Evolutionary Algorithms [J]. Computer Science, 2021, 48(10): 343-350.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.