基于符号表达式的未知协议格式分析及漏洞挖掘

doi:10.7523/j.issn.1002-1175.2013.02.021

中国科学院大学学报 ›› 2013, Vol. 30 ›› Issue (2): 278-284.DOI: 10.7523/j.issn.1002-1175.2013.02.021

基于符号表达式的未知协议格式分析及漏洞挖掘

罗成, 张玉清, 王龙, 刘奇旭

中国科学院研究生院国家计算机网络入侵防范中心, 北京 100049

收稿日期:2011-12-01 修回日期:2012-04-13 发布日期:2013-03-15
通讯作者: 罗成
基金资助:
国家自然科学基金(61272481)和中国博士后科学基金(2011M500416,2012T50152)资助

Automatic network protocol analysis and vulnerability discovery based on symbolic expression

LUO Cheng, ZHANG Yu-Qing, WANG Long, LIU Qi-Xu

National Computer Network Intrusion Protection Center, Graduate University, Chinese Academy of Sciences, Beijing 100049, China

Received:2011-12-01 Revised:2012-04-13 Published:2013-03-15

摘要/Abstract

摘要：

针对网络通讯软件的Fuzzing技术受限于协议格式,尤其是未知协议难以保证测试效果,提出了基于符号表达式的协议分析方法.将数据包关键处理代码翻译为符号表达式,利用符号表达式的丰富含义加快未知协议格式分析,并依此开发了协议格式分析及漏洞挖掘框架PAVD.通过对亿邮客户端的漏洞测试,验证了PAVD能有效提升协议分析效率,为网络通讯软件Fuzzing测试提供良好的支持.

关键词: 未知协议, Fuzzing, 符号表达式, 漏洞挖掘

Abstract:

Fuzzing is an efficient method for ensuring software security. However, when one tests network-based software using this method, one may obtain unsatisfied results because of lacking the protocol format. To solve this problem, we propose a new protocol analysis technique based on symbolic expression. We use this technique to translate the crucial code into symbolic expressions and accelerate protocol analysis. In addition, we develop a translation framework which contains the function of automatic protocol format analysis and could export the protocol format to Peach platform. Finally, we apply our framework to analyze one target (eyou client) and obtain good results.

Key words: unknown protocol, Fuzzing, symbolic expression, vulnerability discovery

中图分类号:

TP393

罗成, 张玉清, 王龙, 刘奇旭. 基于符号表达式的未知协议格式分析及漏洞挖掘[J]. 中国科学院大学学报, 2013, 30(2): 278-284.

LUO Cheng, ZHANG Yu-Qing, WANG Long, LIU Qi-Xu. Automatic network protocol analysis and vulnerability discovery based on symbolic expression[J]. , 2013, 30(2): 278-284.

参考文献

[1] Liu Q X, Zhang Y Q. TFTP vulnerability finding technique based on fuzzing[J]. Computer Communications, 2008, 31(14): 3420-3426.

[2] Beddoe M. The protocol informatics project automating network protocol analysis[EB/OL]. San Diego:Toorcon, 2004[2011-08-11]. http://www.4tphi.net/~awalters/PI/PI_Toorcon.pdf.

[3] Li W M, Zhang A F, Liu J C, et al. An automatic network protocol Fuzz testing and vulnerability discovering method[J]. Chinese Journal of Computers, 2011, 34(2): 242-255(in Chinese).李伟明,张爱芳,刘建财,等.网络协议的自动化模糊测试漏洞挖掘方法[J].计算机学报,2011,34(2):242-255.

[4] Cui W, Kannan J, Wang H J. Discoverer: automatic protocol reverse engineering from network traces[C]//Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium. Boston, MA, USENIX Association, 2007:1-14.

[5] He Y J, Shu H, Xiong X B. Network protocol reverse parsing based on dynamic binary analysis[J]. Computer Engineering, 2010, 36(9): 268-270(in Chinese).何永君, 舒辉, 熊小兵. 基于动态二进制分析的网络协议逆向解析[J]. 计算机工程, 2010, 36(9): 268-270.

[6] Wang Z, Jiang X, Cui W, et al. ReFormat: automatic reverse engineering of encrypted messages[C]//Proceedings of the 14th European Conference on Research in Computer Security.Saint-Malo,France,Springer-Verlag,2009:200-215.

[7] Caballero J, Yin H, Liang Z, et al. Polyglot: automatic extraction of protocol message format using dynamic binary analysis[C]//14th ACM Conference on Computer and Communications Security.Virginia,USA,ACM,2007:317-329.

[8] Comparetti P M, Wondracek G, Kruegel C, et al. prospex: protocol specification extraction[C]//Security and Privacy, 2009 30th IEEE Symposium on. 2009:110-125.

[9] Wondracek G, Comparetti P M, Kruegel C, et al. Automatic Network Protocol Analysis[C]//15th Annual Network and Distributed System Security Symposium. San Diego, 2008:1-18.

[10] Lin Z, Jiang X, Xu D, et al. Automatic protocol format reverse engineering through context-aware monitored execution[C]//15th Annual Network and Distributed System Security Symposium (NDSS 2008). San Diego, 2008:1-17.

[11] Wang L. The design of a network protocol analysis tools[D]. Xi'an:XiDian University, 2011(in Chinese).王龙. 网络协议分析工具的设计与实现[D]. 西安:西安电子科技大学, 2011.

[12] Eddington M. Peach[EB/OL]. Seattle:Deja Vu Security, (2004)[2011-09-12]. http://peachfuzzer.com/.

[13] Amini P. PAIMEI[EB/OL]. USA:OpenRCE.org, 2007[2011-09-23]. http://pedram.redhive.com/PyDbg/docs/.

[14] Needleman S B, Wunsch C D. A general method applicable to the search for similarities in the amino acid sequence of two proteins[J]. Journal of Molecular Biology, 1970, 48(3): 443-496.

基于符号表达式的未知协议格式分析及漏洞挖掘

Automatic network protocol analysis and vulnerability discovery based on symbolic expression

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 2

编辑推荐

Metrics

本文评价

访问统计

联系我们

[1]	王凯, 刘奇旭, 张玉清. 基于Fuzzing的Android应用通信过程漏洞挖掘技术[J]. 中国科学院大学学报, 2014, 31(6): 827-835.
[2]	陈景峰, 王一丁, 张玉清, 刘奇旭. 存储型XSS攻击向量自动化生成技术[J]. 中国科学院大学学报, 2012, (6): 815-820.